Law Enforcement Guidelines
Last updated: May 31, 2026
Document owner: General Counsel and Security Incident Manager
Review cadence: Semiannual; immediate revision for legal/regulatory process changes
Effective date: 2026-05-31
Legal entity: EthicPages, Inc.
Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Request intake contact: ethicpages+contact@invictosoft.com
1. Purpose
These Law Enforcement Guidelines explain how EthicPages, Inc. ("EthicPages," "we," "us," or "our") receives, verifies, evaluates, and responds to lawful requests from government entities, law enforcement agencies, courts, and other competent authorities for customer or account-related information.
The document is intended to provide transparency for customers, procurement teams, and regulators while preserving legal process integrity and customer privacy rights. It should be read with our Privacy Policy, Security Overview, Data Processing Agreement, and Subprocessors.
2. Scope and legal posture
EthicPages is a B2B SaaS provider. Requests are handled in accordance with:
- Applicable law and jurisdictional authority.
- Contractual commitments to customers.
- Data protection, human rights, and due process principles where applicable.
- Internal security and legal review procedures.
We do not provide voluntary bulk access to customer data and do not maintain "backdoor" access methods for authorities.
3. Request types we may receive
EthicPages may receive a range of lawful process requests from authorities.
| Request type | Typical source | Typical legal instrument | Handling summary |
|---|---|---|---|
| Preservation request | Law enforcement / regulator | Preservation letter | Limited hold on specific data pending valid compulsory process. |
| Subscriber information request | Court-authorized agency | Subpoena or court order | Reviewed for validity, scope, and jurisdiction before response. |
| Content disclosure request | Court / competent authority | Warrant, production order, or equivalent | Requires heightened legal review and strict scope validation. |
| Emergency disclosure request | Emergency response authority | Emergency legal process or certified exigency declaration | Evaluated under emergency standard and necessity proportionality test. |
| Civil authority request | Government agency / regulator | Statutory notice or administrative order | Evaluated for authority, legal basis, and customer rights impact. |
EthicPages may reject, narrow, or challenge requests that are invalid, overbroad, or inconsistent with applicable law.
4. Verification requirements before any disclosure
EthicPages verifies all requests prior to disclosure of customer information. We do not process requests sent through informal channels without required legal process and identity validation.
Required verification controls
| Verification check | Requirement | Why it is required |
|---|---|---|
| Authority authentication | Requestor identity must be verified via official agency channels. | Prevents fraud and impersonation attacks. |
| Jurisdiction validity | Request must be issued by an authority with recognized legal jurisdiction. | Protects against unlawful extraterritorial access. |
| Legal instrument quality | Instrument must be complete, signed, and legally enforceable where required. | Ensures due process and enforceability. |
| Scope specificity | Request must identify target account/data categories/time range with sufficient specificity. | Minimizes excessive data disclosure. |
| Necessity and proportionality | Requested data must be reasonably necessary for stated lawful purpose. | Preserves privacy and legal proportionality. |
Requests failing verification are rejected or returned for correction.
5. Data categories potentially available
EthicPages discloses only data lawfully required and reasonably available in our systems at the time of request.
| Data category | Examples | Disclosure standard |
|---|---|---|
| Basic account metadata | Account email, workspace identifier, signup timestamps | Usually requires valid legal process (for example subpoena or equivalent). |
| Billing metadata | Subscription status, invoice references, payment processor IDs | Disclosed only where legally compelled and available. |
| Usage/security logs | Login timestamps, IP addresses, access event records | Requires legal process and strict relevance review. |
| Customer-generated content | Hosted policy text and workspace documents | Requires higher-threshold compulsory process (for example warrant/order). |
| Deleted/expired data | Data already purged per retention policy | Generally unavailable for disclosure. |
EthicPages does not control all downstream third-party subprocessor records. Authorities may need to serve lawful process directly on relevant providers where legally appropriate.
6. Customer notification policy
EthicPages seeks to notify affected customers before disclosing their data, unless legally prohibited, operationally impossible, or where notification could create imminent risk of harm or evidence destruction.
Notification decision framework
| Condition | Notification approach |
|---|---|
| No legal prohibition + feasible notice | Provide customer notice with request summary and response timeline where possible. |
| Legal gag/non-disclosure order | Delay notification until prohibition expires or is lifted. |
| Emergency risk of serious harm | Notification may be delayed where immediate disclosure is lawfully required to prevent harm. |
| Customer cannot be reliably contacted | Attempt notice via available channels; record failed attempts. |
Where notice is delayed, EthicPages may provide deferred notice when legally permitted.
7. Emergency disclosure process
EthicPages may process emergency disclosure requests when we reasonably believe there is an imminent threat of death, serious physical injury, or similarly grave harm requiring urgent action.
Emergency request requirements
Authorities should provide:
- Agency identity and callback verification details.
- Clear statement of emergency basis and urgency.
- Specific account identifiers and narrowly tailored data scope.
- Legal authority basis and, where possible, supporting process.
- Confirmation that standard legal process is pending or impracticable due to urgency.
| Emergency review element | Standard applied |
|---|---|
| Imminence | Is serious harm likely without urgent disclosure? |
| Specificity | Is request narrowly scoped to identifiable accounts/data? |
| Necessity | Is requested data necessary to address the emergency? |
| Proportionality | Is disclosure limited to what emergency circumstances require? |
Emergency disclosures are logged, reviewed, and, when lawful, followed by required legal process validation.
8. International and cross-border requests
EthicPages evaluates international requests carefully. We generally require requests to proceed through valid legal cooperation channels (for example treaty-based mechanisms, local court recognition, or other lawful transfer procedures) unless direct compliance is clearly required by applicable law.
Cross-border handling principles
| Principle | Application |
|---|---|
| Lawful channel requirement | Prefer recognized international legal process mechanisms. |
| Conflict-of-law review | Assess conflicts between requesting jurisdiction law and data protection obligations. |
| Data minimization | Disclose only data legally required and within validated scope. |
| Rights impact awareness | Consider customer privacy and due process implications. |
EthicPages may seek to narrow or challenge requests that conflict with applicable legal obligations.
9. Preservation requests
Upon receiving a valid preservation request, EthicPages may preserve specified records for a limited period pending service of compulsory legal process. Preservation does not guarantee data existence, completeness, or admissibility and does not create an obligation to disclose absent valid legal process.
| Preservation topic | EthicPages approach |
|---|---|
| Initial hold period | Time-limited preservation based on request validity and legal context. |
| Extension requests | Considered where legally justified and operationally feasible. |
| Scope limits | Preservation scoped to identified accounts/timeframes when possible. |
| Post-expiry handling | Retention returns to normal policy absent renewed legal basis. |
10. Technical and procedural response process
EthicPages routes government and law enforcement requests through legal and security review channels. We do not accept requests for direct engineer-side release outside approved process.
Standard processing stages
- Intake and authenticity verification.
- Legal sufficiency review.
- Scope minimization and data mapping.
- Approval and controlled extraction.
- Secure response transmission.
- Documentation, logging, and retention of request artifacts.
| Stage | Primary owner | Control objective |
|---|---|---|
| Intake | Legal operations | Ensure chain-of-custody and request traceability. |
| Review | Counsel + Security | Confirm legality and narrowest sufficient scope. |
| Collection | Authorized operations personnel | Extract only approved data fields. |
| Transmission | Legal operations | Use secure and verifiable delivery path. |
| Recordkeeping | Legal operations | Support auditability and post-response review. |
11. Rejection and challenge policy
EthicPages may reject, seek clarification, or challenge requests where:
- Legal process is invalid, incomplete, or unauthorized.
- Scope is overbroad, unclear, or disproportionate.
- Request conflicts with applicable law, customer rights, or contractual commitments.
- Authority identity cannot be adequately verified.
- Requested data is unavailable due to retention, deletion, or system limits.
We may request narrowing language or revised legal process before any response.
12. Confidentiality and internal access restrictions
Request information and resulting disclosures are handled as sensitive legal/security records. Internal access is limited to personnel with defined legal, security, and operational responsibilities.
| Control | Description |
|---|---|
| Need-to-know access | Access to request artifacts restricted to designated teams. |
| Secure record storage | Legal process records stored with controlled permissions. |
| Audit logging | Material handling actions are recorded for accountability. |
| Retention controls | Request artifacts retained per legal and operational obligations. |
13. Transparency and reporting approach
Where legally and operationally feasible, EthicPages may publish high-level transparency information about request volumes and categories. We do not publish customer-identifying details in transparency disclosures.
Transparency reporting, if provided, may include:
- Number of requests received by category.
- Percentage resulting in disclosure, partial disclosure, or rejection.
- Generalized jurisdiction breakdown.
- Number of emergency requests.
14. Interplay with privacy and security obligations
Law enforcement response procedures are integrated with broader privacy and security obligations:
- Privacy Policy governs personal data handling principles.
- Security Overview describes technical and organizational safeguards.
- Data Processing Agreement governs processor-role obligations for customer data.
- Subprocessors identifies third-party providers that may process relevant data.
Where required by law, EthicPages coordinates legal process handling with incident response and customer-notification processes.
15. Request submission instructions
Authorities should submit requests to:
- Email: ethicpages+contact@invictosoft.com
- Company: EthicPages, Inc.
- Postal: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Required intake information
Please include:
- Agency name, badge/identifier, and official contact details.
- Signed legal process document (if applicable).
- Specific account identifiers (email/workspace/domain).
- Requested data categories and date range.
- Legal basis and jurisdiction.
- Response deadline and urgency rationale.
Incomplete requests may be delayed or rejected.
16. Changes to these guidelines
EthicPages may update these guidelines to reflect legal developments, operational controls, and customer commitments. The "Last updated" date indicates current version control.
Related policies:
For additional legal process coordination, contact ethicpages+contact@invictosoft.com.