Law Enforcement Data Request Guidelines

Last Updated: October 3, 2022

These guidelines are intended to provide law enforcement authorities with information regarding the process for requesting records from FrontApp, Inc. (“Front” or “We”). So that we can ensure compliance with our SaaS Services Agreement (“Agreement”) and Privacy Notice, we respond only to law enforcement requests that adhere to established legal process and applicable law.

  1. U.S. Legal Process Requirements. We disclose user information solely in accordance with our Agreement and applicable U.S. law, including the federal Stored Communications Act (“SCA”), 18 U.S.C. Sections 2701-2712. In accordance with U.S. law:

    1. A jurisdictionally valid subpoena, issued in connection with an official criminal investigation, is required to compel the disclosure of basic user records, which may include name, length of service, credit card information (including billing address), email address(es), and an IP address, if available.

    2. A court order is required to compel the disclosure of certain records or other information related to a user account (not including contents of communications), which may include message headers and IP addresses, in addition to the basic user records identified above.

    3. A search warrant properly issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures, based on a showing of probable cause, is required to compel the disclosure of the stored contents of any account, which may include messages, attachments, or other content of communications within a user’s account.

  2. International Legal Requirements. A Mutual Legal Assistance Treaty (MLAT) request or letter rogatory may be required to compel the disclosure of the contents of a customer account in the case of requests from law enforcement outside of the U.S.

  3. Account Preservation Requests. We will take reasonable steps to preserve account records in connection with official criminal investigations for a period of ninety (90) days pending our receipt of a formal legal request for user data. You may request the preservation of records via email, fax or mail as indicated below.

  4. Information Required in Connection With Your Request.
    1. Your Contact Information.

      1. Requesting Agency’s name

      2. Requesting Agent’s name

      3. Requesting Agent’s badge/identification number

      4. Requesting Agent’s Agency-issued Email address

      5. Requesting Agent’s telephone number, including extension

      6. Requesting Agent’s mailing address (PO Box not acceptable)

      7. Requested response date (please allow at least 3 weeks for processing)

    2. Data Request Information

      1. Full (first and last) name of the Front User

      2. Email address(es) associated with the Front User’s account

      3. A clear and specific description of the data being requested (we will be unable to process overly broad or vague requests)

  5. Data Availability. We will search for and disclose data that is specified with particularity in an appropriate form of legal process and which we are reasonably able to locate and retrieve.

  6. User Notification. Front’s policy is to notify users of requests for their information, which includes a copy of the request, prior to disclosure so that they may have an opportunity to challenge such request unless (i) we are prohibited from doing so by law or court order; (ii) there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors; or (iii) prior notice would be counterproductive (for example, if we believe that the account in question has been hijacked). Law enforcement officials who believe that notification would jeopardize an investigation should obtain a proper court order or other appropriate process establishing that notice is prohibited. Please note that officer authored affidavits, cover letters or similar statements are not sufficient to preclude notice to our users. Please note that in situations where a data request draws attention to an ongoing violation of our Agreement we may, in order to protect our services and its users, take action to prevent any further abuse, including actions that could notify the user(s) who are the subject of your data request that we are aware of their misconduct.

  7. Submitting Your Request. A data request may be served by certified mail, express courier, or in person at our corporate headquarters at the following address: FrontApp, Inc., 1455 Market Street, Floor 19, San Francisco, CA 94103.

For questions about these or any Front policies, email us at [email protected].