Law Enforcement Response Policy
Last Updated: 2026-04-24 · Effective: 2026-04-24
Where to send legal process
All subpoenas, warrants, court orders, civil discovery, and preservation requests should be sent to:
- Email: help@stackitsmart.com (subject: “Legal Process”)
- Service of process: Process directed at the StackItSmart trade name should be addressed to the operator at the email above. We will respond within 10 business days for non-emergency requests and within 24 hours for genuine emergencies.
Authority required for user data
We require specific legal process for each category of data consistent with the U.S. Stored Communications Act, 18 U.S.C. §2701–§2712, and analogous state and international law. We do not voluntarily disclose user data to law enforcement.
| Data category | Required process (US) |
|---|---|
| Basic subscriber information (email, signup IP, signup timestamp) | Subpoena (18 U.S.C. §2703(c)(2)) |
| Account-level metadata (login IPs, session timestamps) | 2703(d) order or warrant |
| Content (cycle protocols, journal entries, chat messages, lab uploads, AI conversation history) | Search warrant supported by probable cause (18 U.S.C. §2703(a)) |
| Real-time interception of communications | Wiretap order (18 U.S.C. §2518) — we are not equipped to deliver this |
| Adverse-event reports | Submitted pseudonymously; we do not retain a binding to user account. We can produce report content under subpoena but cannot reliably attribute it to an individual. |
Emergency disclosure (18 U.S.C. §2702(b)(8))
We may voluntarily disclose information without legal process where we have a good-faith belief that an emergency involving danger of death or serious physical injury requires it. Submit emergency disclosure requests to the contact email above with the subject line “EMERGENCY DISCLOSURE REQUEST” and include the agency, the requesting officer's name, badge, sworn declaration of the emergency, and a callback number.
User notification
Our default is to notify the affected user of any legal process seeking their data before we comply, unless we are legally prohibited from doing so by a non-disclosure order, gag order, or 18 U.S.C. §2705(b) court order. If a non-disclosure order expires, we will notify the user retroactively unless renewed.
Resisting overbroad requests
We will object to and, where appropriate, move to quash any request that we believe is:
- Overbroad in scope (e.g., bulk requests for every user who built a particular cycle, or geographic fishing-expedition warrants)
- Unduly burdensome relative to the value of the data sought
- Improperly served (wrong jurisdiction, wrong entity name, missing required certifications)
- Lacking required factual specificity for the category of data sought (e.g., a subpoena for content)
Data retention
Account data is retained until the user deletes their account. Hosting-provider request logs are retained per the relevant provider's policy (typically 7–90 days). Adverse-event submission IPs are retained transiently for abuse prevention. We do not retain prior backups beyond 30 days.
International requests
We are a U.S.-operated service. We respond to non-U.S. legal process only where the requesting agency has obtained a U.S. domesticated order via mutual legal assistance treaty (MLAT) or the Clarifying Lawful Overseas Use of Data (CLOUD) Act, or where we are otherwise obligated under applicable law.
Civil litigants
Civil subpoenas should be served the same way as law-enforcement requests. We will assert applicable user privacy rights and may require notice to and standing-to-object windows for the user before producing content.
Reimbursement
We may seek reimbursement for the reasonable cost of complying with legal process at our standard hourly rate, consistent with 18 U.S.C. §2706.
Transparency
We aim to publish an annual transparency report summarizing the number and type of legal-process requests received, granted, objected to, and quashed. Aggregate counts only — no individually identifying information.