Law enforcement disclosure policy

1.  The Exclaimer group

Exclaimer operates as a group of three legal entities. Requests must be directed to the entity responsible for the relevant region.

Entity

Responsibility

Registered address

Jurisdiction

How to serve

Exclaimer Limited

UK and ROW

250 Fowler Avenue, Farnborough, Hampshire, GU14 7JP, United Kingdom

England & Wales

Post to registered address or email [email protected]

Exclaimer LLC

Americas

Floor 33, 100 Federal Street, Boston, MA 02110, United States

State of Delaware, United States

Post to registered address or email [email protected]

Exclaimer Europe B.V.

EEA

Schiphol Boulevard 127, 1118BG, Schiphol, Netherlands

Netherlands

Post to registered address or email [email protected]

2.  Exclaimer’s role — processor first

Exclaimer is a B2B SaaS company. The data held in our subscription services belongs to our customers. We process that data on their behalf; our customers are the data controllers.

If your request concerns data that an Exclaimer customer controls, our position will be to redirect you to that customer directly.  We will assist with a redirect where legally permissible and will provide you with information to identify and contact the relevant customer.

3.  Submitting a valid request

All requests must be submitted in writing and accompanied by valid legal process. We will not respond to informal requests for data, including telephone calls, unverified emails, or requests without legal authority.

To be accepted, your request must include:

•       the name and contact details of the requesting authority and the individual officer or agent responsible for the request.

•       the legal basis for the request — for example, a court order, search warrant, production order, or equivalent instrument under the applicable jurisdiction’s law.

•       a clear description of the data sought, including the relevant account, domain, or individual identifiers.

•       the time period covered by the request.

•       a secure return address or email for our response.

4.  How Exclaimer assesses requests

We review every request carefully before responding. Our approach is to:

•       verify that the request is legally valid and comes from a recognised authority with jurisdiction over the matter.

•       check that the request is sufficiently specific. We push back on requests that are overbroad, vague, or that lack adequate legal basis, and we may require greater specificity before complying.

•       respond as narrowly as possible — we produce only the data specifically required by your request, nothing more.

•       not give law enforcement agencies ongoing or bulk access to customer data.

•       comply with applicable data protection law in our jurisdiction(s) when responding. 

5.  Notifying our customers

We believe our customers have the right to know when a request has been made for their data. Unless we are legally prohibited from doing so we will notify the affected customer before or promptly after complying with a request.

We will honour valid legal hold or data preservation requests from law enforcement authorities where they are technically possible and supported by appropriate legal process. A preservation request asks us to retain specific data that might otherwise be subject to deletion under our standard retention schedules but does not in itself authorise disclosure. A separate, valid disclosure request with appropriate legal process is required before we produce any preserved data.