Law Enforcement Request Policy

Effective Date: 2026-05-27 Last Updated: May 25, 2026

---

Quick Summary

• We require valid legal process — subpoena, court order, search warrant, or other legally enforceable demand — before disclosing user information to law enforcement.
• We tell users when law enforcement asks for their information, unless a court order or law prohibits us from doing so.
• We don't give law enforcement bulk access to user data. Each request is narrowly evaluated and responded to with the minimum information legally required.
• We don't have backdoors. We don't maintain decryption capabilities for our customers' end-to-end encrypted communications (we don't operate any), and we don't pre-position user data for law enforcement access.
• We publish a transparency report annually showing how many requests we received and how we responded.
• In an emergency involving risk to life, we may disclose limited information without legal process. See Section 6.

---

1. Scope and Purpose

This Policy describes how Arctuva, Inc. ("Arctuva," "we," "us," or "our") responds to requests from law enforcement, government agencies, civil litigants, and other parties for information about users of the Arctuva platform.

This Policy applies to requests for information held by Arctuva. Information held by research institutions, even if originally sourced from Arctuva, is in the custody of those institutions and is subject to their own legal process response procedures.

This Policy is informational. It does not create contractual rights for any user, requester, or third party, and we may take any action we determine to be required by law or appropriate to protect our users, our company, or third parties.

2. Types of Requests We Receive

Criminal legal process issued in connection with criminal investigations or prosecutions:

• Subpoenas (grand jury, administrative, or trial)
• Court orders under 18 U.S.C. § 2703(d) or analogous state statutes
• Search warrants
• Wiretap orders and pen register/trap-and-trace orders

Civil legal process issued in connection with civil litigation:

• Civil subpoenas
• Discovery requests
• Court orders for production of records

Government agency requests from regulatory or administrative agencies, including the Food and Drug Administration, the Office for Human Research Protections, state attorneys general, and state regulatory bodies.

Foreign government requests — handled only when transmitted through the U.S. Department of Justice under a Mutual Legal Assistance Treaty, by a U.S. court order recognizing the foreign request, or as otherwise required by U.S. law.

Emergency requests in situations involving imminent risk of death or serious physical injury. See Section 6.

National security process under the Foreign Intelligence Surveillance Act, including FISA orders and National Security Letters. We comply with the gag and non-disclosure provisions that apply to such process. Subject to those provisions, we report the existence and aggregate volume of such process in our Transparency Report (Section 9) to the extent permitted by law.

3. What We Require

3.1 Valid Legal Process

We require legally valid process before disclosing non-public user information. "Legally valid" means process that:

(a) is issued by a court or government body with jurisdiction over Arctuva or the requested information; (b) is properly served on Arctuva in accordance with applicable procedural rules; and (c) is specific enough to identify the information sought and the user whose information is sought.

3.2 Service of Process

Legal process should be served on Arctuva's registered agent in Delaware:

[REGISTERED AGENT NAME AND ADDRESS — TBD]

Courtesy copies, advance notice of process, and informal inquiries may be sent to:

Arctuva, Inc. Attn: Legal — Law Enforcement Requests 1301 N Broadway STE 61913 Los Angeles, CA 90012 legal@arctuva.com

Service of process at the courtesy address does not constitute formal service. Service by email is not accepted except where authorized by a court or by separate written agreement.

3.3 Specificity

Each request must:

(a) identify the user or users whose information is sought, by Arctuva account email, phone number, or other identifier; (b) identify the categories of information sought (such as account information, application history, or communications); and (c) specify the time period of interest, if applicable.

Overbroad requests will be challenged or narrowed, as described in Section 5.3.

3.4 Federal Stored Communications Act Compliance

For requests covered by the Stored Communications Act (18 U.S.C. § 2701 et seq.) or analogous state statutes, we apply the SCA's tiered framework:

• Basic subscriber information (account name, email, phone, account dates) — disclosed under subpoena, court order, or search warrant.
• Non-content records (login records, IP logs, transaction logs) — disclosed only under a court order issued under § 2703(d), a search warrant, or with user consent.
• Content of communications — disclosed only under a search warrant supported by probable cause, or with user consent.

Most of the information Arctuva holds is subscriber information and non-content records under this framework. We do not host user-to-user communications.

4. What We Disclose

When we respond to a valid legal request, we disclose:

(a) the minimum information necessary to comply with the request; (b) only the categories of information specifically identified in the request, or the narrower set that the legal process actually authorizes; (c) only for the time period specifically identified in the request; and (d) only after we have completed the user notification process described in Section 7, unless prohibited by the request or by law.

We do not disclose:

(a) information beyond the scope of the request; (b) information about users not named in the request, even if technically present in records responsive to the request (we redact such information); (c) information protected by attorney-client privilege, work product doctrine, or other applicable privileges, except as required by law; or (d) source code, security architecture details, or other information that would compromise the security of the Services.

5. How We Evaluate Requests

5.1 Initial Review

Every request is reviewed by Arctuva's legal team or outside counsel for:

(a) facial validity of the legal process; (b) proper jurisdiction and service; (c) appropriate scope and specificity; (d) whether the request seeks information protected by applicable privilege, including the Fifth Amendment if compliance would compel self-incrimination by Arctuva personnel; (e) whether the request implicates First Amendment, associational, or other constitutional concerns that may warrant a challenge; and (f) whether the user has indicated a desire to receive notice of legal process (default: yes; see Section 7).

5.2 Standard of Cooperation

We aim to cooperate with valid legal process. We are not, and do not act as, an investigative arm of any government agency.

5.3 Challenges to Requests

We may, at our discretion or at the request of an affected user, challenge legal process that we believe is:

(a) facially invalid; (b) overbroad relative to a stated investigative purpose; (c) issued without proper jurisdiction; (d) seeking information that should be sought from a more appropriate party (such as the user directly); (e) seeking information that requires a higher level of process than what was issued (such as a subpoena seeking content that requires a warrant); (f) seeking information whose disclosure would violate user constitutional or statutory rights; or (g) inconsistent with this Policy.

We may move to quash, modify, or narrow the request through the issuing court, request that the requester withdraw or narrow the request, or otherwise raise objections through ordinary legal channels.

5.4 Costs

We may seek reimbursement of reasonable costs incurred in responding to legal process, as permitted by law (such as 18 U.S.C. § 2706 for SCA-covered requests).

6. Emergency Disclosures

In situations involving an emergency where we believe in good faith that disclosure without delay is necessary to prevent imminent death or serious physical injury to any person, we may disclose limited information to law enforcement without legal process.

6.1 Emergency Request Process

Law enforcement officers may submit emergency disclosure requests by:

• Email to emergency@arctuva.com (monitored during business hours; not a substitute for 911 or local emergency services), or
• Phone call to Arctuva's emergency line, requested by emailing the address above for the current number.

The request must include:

(a) the requesting agency and officer's name, badge number, and contact information; (b) a description of the emergency, including the nature of the imminent harm and the basis for believing harm is imminent; (c) the specific user or users for whom information is sought; and (d) the specific information sought.

6.2 Our Evaluation

We evaluate emergency requests in good faith based on the information provided. We may:

(a) disclose the requested information, if we believe disclosure is necessary to prevent imminent harm; (b) decline to disclose, if we are unable to verify the emergency or determine that the request does not meet the standard; or (c) disclose less than what was requested, providing only the information necessary to address the emergency.

After an emergency disclosure, we ordinarily require the requester to follow up with legal process documenting the request, and we record the emergency disclosure in our internal records and Transparency Report.

6.3 Risk to Arctuva Users

If Arctuva learns through its systems that a user may be in imminent danger of death or serious physical injury, we may, in consultation with appropriate parties, notify law enforcement on our own initiative. This is rare and occurs only where the risk is concrete and immediate.

7. User Notification

7.1 Default Practice

Our default practice is to notify a user before disclosing their information in response to legal process, with enough advance time for the user to seek to quash the request or otherwise respond. Default notification includes:

(a) a copy of the legal process (with sensitive elements redacted as appropriate); (b) the name of the requesting agency or party; (c) the categories of information sought; (d) the deadline for Arctuva's response; and (e) information about how the user may seek to quash or limit the request.

7.2 When We Do Not Notify

We will delay or withhold notification when:

(a) a court has ordered us not to disclose the existence of the request (such as under 18 U.S.C. § 2705(b) or 18 U.S.C. § 3123); (b) the request includes a non-disclosure obligation imposed by statute (such as National Security Letters under 18 U.S.C. § 2709); (c) we determine in good faith that notification would be likely to result in danger of life or physical safety, flight from prosecution, destruction of evidence, intimidation of witnesses, or serious jeopardy to an investigation; or (d) the request is an emergency disclosure under Section 6.

When a non-disclosure obligation expires or is lifted, we notify the affected user as soon as practical thereafter, except where doing so would create new harm.

7.3 Methods of Notification

We notify users by email to the address on file with their account, or by the most reliable contact method available if the email is undeliverable. If we are unable to contact the user, we make reasonable efforts before responding to the request.

7.4 No Notification for Public Records

We do not notify users about requests for information that is already public (such as court filings that name the user) or for information that does not identify a specific user (such as aggregate statistics about platform usage).

8. Civil Subpoenas and Litigation Discovery

We respond to civil subpoenas using the same framework as criminal subpoenas, with these additional considerations:

(a) civil subpoenas often involve disputes in which the user is a party, in which case the user typically already has knowledge of the proceeding; (b) we generally do not move to quash civil subpoenas at our own expense — affected users may file their own motions to quash; and (c) we honor protective orders and stipulated confidentiality agreements when properly entered.

Civil subpoenas should be served at the address in Section 3.2.

9. Transparency Report

We publish an annual Transparency Report at arctuva.com/transparency-report showing:

• Total number of legal process requests received, by category (criminal subpoena, court order, search warrant, civil subpoena, government agency request, foreign government request, emergency request)
• Total number of user accounts affected
• Number of requests responded to with disclosure
• Number of requests challenged, withdrawn, or narrowed
• Number of users notified before disclosure
• Aggregate national security process figures, to the extent disclosure is permitted under applicable law

The first Transparency Report will cover the period from public launch through December 31 of that year, and will be published in the first quarter of the following year.

10. Preservation Requests

Law enforcement and litigants may, under applicable law (such as 18 U.S.C. § 2703(f)), request that we preserve specified records pending issuance of legal process. We honor valid preservation requests for an initial period of 90 days, renewable for an additional 90 days on written request, consistent with 18 U.S.C. § 2703(f)(2).

Preservation does not result in disclosure. We disclose preserved records only on subsequent valid legal process.

11. International Requests

Requests from non-U.S. law enforcement must be transmitted through:

(a) a Mutual Legal Assistance Treaty request submitted via the U.S. Department of Justice; (b) a CLOUD Act executive agreement, where the requesting country has entered such an agreement with the United States; (c) letters rogatory recognized by a U.S. court; (d) a U.S. court order; or (e) other process recognized under U.S. law.

We do not respond to direct requests from foreign law enforcement absent such process, except in emergency situations meeting the standard in Section 6.

12. Data Minimization and Retention

We retain information about users only for the periods described in our Privacy Policy. We do not extend retention of user information in anticipation of legal process, except in response to a valid preservation request under Section 10.

This means that information requested by law enforcement may already have been deleted in the ordinary course of our retention practices by the time we receive the request, and in such cases we will respond that the information is not available.

13. No Backdoors; No Pre-Positioning

We do not maintain mechanisms to bypass our own security controls for the benefit of law enforcement. We do not pre-position user data, build hidden access mechanisms, or assist any government in obtaining access to user information outside of the legal process described in this Policy.

If a government demands that we create such mechanisms, we will resist the demand through every available legal channel, and we will disclose the existence of the demand to the extent legally permitted.

14. Health-Adjacent Sensitivity

We recognize that information about users' research participation, health conditions, and medications is particularly sensitive. We apply heightened scrutiny to requests seeking these categories of information, and we are more likely to challenge requests that we view as overbroad or insufficiently justified when they implicate health-adjacent information.

This does not override our legal obligations to comply with valid process, but it informs how we evaluate requests under Section 5.3.

15. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and announce the change on the Services. The version in effect at the time we receive a request is the version that applies to that request.

16. Contact

For questions about this Policy or to discuss a specific request (non-emergency):

Email: legal@arctuva.com

Mail: Arctuva, Inc. Attn: Legal — Law Enforcement Requests 1301 N Broadway STE 61913 Los Angeles, CA 90012

For emergency disclosure requests only:

Email: emergency@arctuva.com

---

End of Policy