1. Valid legal process required
We disclose Customer Data to a government or law-enforcement body only when compelled by valid legal process applicable to us, or where strictly necessary to protect safety or our rights.
2. We scrutinize and narrow
We review each request for validity and scope and push back on overbroad or improper requests; we provide only what is legally required.
3. Customer notice
Where we are legally permitted, we notify the affected customer before disclosure so they can seek to limit or challenge it.
4. No bulk or direct access
We do not give any authority direct, bulk, or back-door access to Customer Data.
5. Data location
Customer Data resides in Canada; cross-border requests are handled with applicable safeguards.
6. Transparency
We aim to report, in aggregate, the volume of requests received where lawful to do so.