Data Request Policy

How does Kutano handle requests from government and law enforcement?

Kutano is an online workplace productivity platform as described in our Privacy Policy and Terms of Service. If we receive valid legal process from a government or law enforcement entity, we may have an obligation to produce user data in accordance with applicable laws. Our Data Request Policy outlines our requirements with respect to these requests, and our Transparency Report shows the type and volume of requests from government and law enforcement entities that we receive each year.

Where should I send legal process?

All requests by law enforcement and government entities (including international government and law enforcement entities) may be sent to our legal process email alias: legal@kutano.com

What information does Kutano need to process my request?

In addition to all requisite and applicable legal requirements, all legal process requests should include the following information: (a) the government entity or law enforcement agency, (b) the relevant criminal or civil matter, and (c) identifying information about the Kutano workspace, including the relevant Customer and User names, date range, and the type of data sought. The request must also come from a government issued email account and include full contact information for the requesting officer.

What happens when Kutano receives a law enforcement request?

We carefully review all requests for legal sufficiency and with an eye toward user privacy. Kutano may reject or challenge any requests that are unclear, overbroad or inappropriate.

Do you assist law enforcement and government authorities in conducting surveillance of communications?

Kutano does not conduct real-time surveillance of customers, nor do we voluntarily provide governments with access to any data about users for surveillance purposes.

How does Kutano protect data in motion and data at rest?

Kutano employs a range of technical and organizational measures to defeat efforts to intercept, surveil, or otherwise access without authorization data in transit. For instance, Kutano encrypts all transfers of data to prevent the acquisition of such data by third parties, such as governmental authorities who may gain physical access to the transmission mechanisms while the data is in transmission. Kutano only utilizes secure data transport via TLS 1.2 over HTTPS. This feature is always enabled to limit any third parties from tampering with or tapping into the data transfers between the two end-points (Kutano and our customers).

What kind of data might be disclosed in response to legal process from law enforcement or government entities?

Content data includes user generated data, for example status update text,and files. Kutano requires a search warrant to produce such data to law enforcement.

Non-content data is basic account information (such as name and email address, profile information, registration information, login history and billing information) and other non-content metadata (such as the date, time, and originator of status update text or files). Depending on the type of data requested, Kutano may require a compulsory subpoena or a court order to produce this data.

Do you give Customers notice before producing data to a governmental or law enforcement entity?

Unless Kutano is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm, Kutano will notify the Customer, typically by emailing the Workspace Owner, before disclosing data so that the Customer may promptly seek legal remedies.