Law Enforcement Response Policy

Last Updated: 2026-04-24 · Effective: 2026-04-24

Where to send legal process

All subpoenas, warrants, court orders, civil discovery, and preservation requests should be sent to:

• Email: help@stackitsmart.com (subject: “Legal Process”)
• Service of process: Process directed at the StackItSmart trade name should be addressed to the operator at the email above. We will respond within 10 business days for non-emergency requests and within 24 hours for genuine emergencies.

Authority required for user data

We require specific legal process for each category of data consistent with the U.S. Stored Communications Act, 18 U.S.C. §2701–§2712, and analogous state and international law. We do not voluntarily disclose user data to law enforcement.

Emergency disclosure (18 U.S.C. §2702(b)(8))

We may voluntarily disclose information without legal process where we have a good-faith belief that an emergency involving danger of death or serious physical injury requires it. Submit emergency disclosure requests to the contact email above with the subject line “EMERGENCY DISCLOSURE REQUEST” and include the agency, the requesting officer's name, badge, sworn declaration of the emergency, and a callback number.

User notification

Our default is to notify the affected user of any legal process seeking their data before we comply, unless we are legally prohibited from doing so by a non-disclosure order, gag order, or 18 U.S.C. §2705(b) court order. If a non-disclosure order expires, we will notify the user retroactively unless renewed.

Resisting overbroad requests

We will object to and, where appropriate, move to quash any request that we believe is:

• Overbroad in scope (e.g., bulk requests for every user who built a particular cycle, or geographic fishing-expedition warrants)
• Unduly burdensome relative to the value of the data sought
• Improperly served (wrong jurisdiction, wrong entity name, missing required certifications)
• Lacking required factual specificity for the category of data sought (e.g., a subpoena for content)

Data retention

Account data is retained until the user deletes their account. Hosting-provider request logs are retained per the relevant provider's policy (typically 7–90 days). Adverse-event submission IPs are retained transiently for abuse prevention. We do not retain prior backups beyond 30 days.

International requests

We are a U.S.-operated service. We respond to non-U.S. legal process only where the requesting agency has obtained a U.S. domesticated order via mutual legal assistance treaty (MLAT) or the Clarifying Lawful Overseas Use of Data (CLOUD) Act, or where we are otherwise obligated under applicable law.

Civil litigants

Civil subpoenas should be served the same way as law-enforcement requests. We will assert applicable user privacy rights and may require notice to and standing-to-object windows for the user before producing content.

Reimbursement

We may seek reimbursement for the reasonable cost of complying with legal process at our standard hourly rate, consistent with 18 U.S.C. §2706.

Transparency

We aim to publish an annual transparency report summarizing the number and type of legal-process requests received, granted, objected to, and quashed. Aggregate counts only — no individually identifying information.