Nothing hidden. Nothing to hide.
This page is updated on a rolling basis. It covers our warrant canary, government data request policy, and every legal demand we have received since KeyVault Edge began operation.
Warrant canary
A warrant canary is a statement that is true until it is silently removed. If any of the statements below disappear in a future version of this page, that is your signal that we have received a secret government order we are legally prohibited from disclosing. We update this section quarterly. If the date below goes more than 90 days without updating, treat that as a canary failure.
As of 2026-05-01, KeyVault Edge affirms the following:
- We have not received any National Security Letters.
- We have not received any FISA court orders or directives.
- We have not received any gag orders that prevent us from disclosing a legal demand to a user.
- We have not been required to modify our systems to allow government surveillance.
- We have not received any secret government orders of any kind.
- We have not been the subject of any classified requests for user data.
This canary is not a legal guarantee. We will make commercially reasonable efforts to continue publishing it. If we are served with a secret order that legally prevents us from disclosing its existence, we will remove these statements rather than make a false certification. We will not add any statement that is untrue.
Government data request policy
How we respond when law enforcement, regulators, or government bodies request customer data — published in advance so you can hold us to it.
We require a valid legal process
We will not voluntarily disclose customer data to any government body without a valid subpoena, court order, or equivalent legal instrument issued under applicable law. Informal requests, letters, or phone calls are declined.
We notify users before disclosure where legally permitted
If we receive a legally valid request for your data, we will notify you by email before complying — unless we are legally prohibited from doing so (e.g., by a gag order). We will give you reasonable time to seek legal relief if you wish.
We only disclose what is required
We will produce the minimum data required to satisfy a valid legal order. We will not proactively expand disclosure beyond what is specifically compelled.
We cannot produce what we do not have
We do not store your plaintext API keys — only AES-256-GCM ciphertext, wrapped DEKs, and metadata. Even under a valid court order, we cannot produce keys we do not hold. See the Security Architecture page for the full encryption model.
We push back on overbroad requests
Where we have a good-faith legal basis to challenge a request (scope, jurisdiction, proportionality), we will do so. We do not treat legal demands as automatically valid.
Emergency disclosures
We may disclose data without a court order in circumstances where we have a good-faith belief that disclosure is necessary to prevent imminent death or serious bodily harm. We will document any such disclosure and include it in this report.
Request log
All government data requests, data subject access requests (DSARs), and content removal demands received since KeyVault Edge began operation. Updated within 30 days of each reporting period end.
| Period | Law enforcement |
|---|---|
| Jan 2026 — present | 0 |
National security request counts may be rounded or delayed in publication per applicable legal requirements (e.g., 18 U.S.C. § 2702(d)). A count of zero is exact. We will include any rounding notation if it ever applies.
Annual reports
Starting in 2027 (our first full calendar year of operation), we will publish an annual transparency report covering: government requests, DSAR volume, infrastructure incidents, uptime, and policy changes.
First annual report: Q1 2027 (covering calendar year 2026).
Have a question about a specific request or this policy?