Subpoenas, court orders, and how we answer.

This Policy applies to all legal process directed at Verdict, including subpoenas, court orders, search warrants, civil investigative demands, preservation letters, civil discovery, and government requests, whether U.S. or foreign.

Verdict Systems Inc.
Attn: Legal — Government & Litigation Requests
Email: legal@verdict.systems
Mail: Houston, Texas, USA

Requests must be served on Verdict directly. Service on subprocessors, hosting providers, or third-party vendors is not service on Verdict and will not result in production.

For accepted-encryption channels (PGP) for sensitive requests, contact the legal alias above and we will provide a current PGP fingerprint on a verified channel.

For us to evaluate and respond, a request should include:

• Issuing authority and case caption (court, agency, jurisdiction, case or docket number).
• The specific legal authority on which the request is based.
• Identification of the user, account, evidence batch, or other target with reasonable precision (account email, organization ID, batch identifier, or other locator). Vague requests for "all data" relating to a person without a defined account are insufficient.
• The data categories sought, with the narrowest formulation that meets the issuer's need.
• The time window for which records are sought.
• Contact information for the issuing officer or counsel, including a return email and phone.
• Any non-disclosure order that limits Verdict's ability to notify the user, with the specific statutory basis.

Verdict's architecture is minimum-data by design. For most requests, the practical universe of producible data is:

• Account and billing records (identity of the account, billing address, payment last-4, transaction history).
• Login and session metadata (timestamps, source IPs, user-agent).
• API and MCP request logs (timestamps, endpoints called, response codes, throughput metrics — within retention windows).
• Evidence-Record metadata: batch IDs, Merkle roots, Rekor entry IDs, timestamps, signing-key identifier, retention status.
• Customer Content payloads only within the configured retention window and only where the Customer has not used hash-preserving redaction to remove them.

For Evidence Records that have been redacted, Verdict retains the SHA-256 hash and Merkle proof but no longer holds the underlying payload. We cannot produce a payload we no longer have. We can produce metadata and Rekor verification artifacts that demonstrate the record existed.

We construe requests narrowly. If a request appears overbroad, we will (a) seek narrowing in writing from the issuing authority, (b) where appropriate, move to quash or modify, and (c) inform the issuer of the integrity-preserving redaction mechanism and its effect on what we can produce. We do not produce data outside the documented scope of a request.

6.1 Default. Where lawful and operationally feasible, Verdict notifies the affected user before disclosing information in response to legal process, and gives the user an opportunity to seek a protective order or otherwise respond.

6.2 Exceptions. We will delay or forgo user notice where (a) a valid non-disclosure order prohibits notice, (b) the matter involves a credible threat to life or safety (see § 7), (c) we believe in good faith that notice would materially obstruct an investigation of serious crime (e.g., child exploitation), or (d) notice would clearly be counter-productive (e.g., notice to an account known to be operated by the requesting agency under an undercover authority).

6.3 Delayed notice. Where notice is delayed under a sealing order, we will provide notice promptly after the order expires, is lifted, or otherwise permits.

In an emergency involving danger of death or serious physical injury to any person, Verdict may disclose information without legal process where it has a good-faith belief that disclosure is necessary to prevent the harm. Emergency requests must come from a law-enforcement officer on official channels and must describe the emergency, the person at risk, the data sought, and how the data will help prevent the harm. We may decline requests that do not meet this standard or that appear to use the emergency channel for routine investigative purposes.

On receipt of a written preservation request from a law-enforcement officer that identifies the account or records with reasonable precision, we will preserve existing records for 90 days, renewable once for an additional 90 days on written request (18 U.S.C. § 2703(f)). Preservation does not produce the data; production requires appropriate legal process. Preservation does not extend retention beyond what we already have at the moment of preservation.

Verdict is a U.S. entity. We require foreign-government requests for user content data to be issued through Mutual Legal Assistance Treaties (MLATs), letters rogatory, the U.S. CLOUD Act process, or other applicable cross-border mechanism. We will respond to non-content requests (e.g., basic subscriber information) issued under valid local process where U.S. law permits us to do so. We will decline or contest requests that conflict with U.S. law.

For civil-discovery subpoenas directed at user content, we generally require either (a) the user's consent or (b) a court order specifically directing the disclosure. Service of a civil subpoena alone, without consent or a court order, may be insufficient under the Stored Communications Act to compel content. We notify the affected user where lawful and give them an opportunity to seek a protective order or move to quash.

Verdict reserves the right to seek reimbursement for the reasonable costs of producing records in response to legal process, as permitted by law (e.g., under 18 U.S.C. § 2706 for stored-communications requests and Rule 45 for civil subpoenas). Reimbursement is generally not sought from law-enforcement requests in life-threatening emergencies.

Beginning in the first full reporting year after material request volume, Verdict will publish an annual transparency report describing the categories and counts of legal requests received, the categories complied with in whole or in part, and the categories contested or rejected. The first report will be published at https://verdict.systems/transparency.

Once an evidence batch has been anchored to Sigstore Rekor, the public log entry exists outside Verdict's control and cannot be deleted or redacted by Verdict — that immutability is the point. Legal process directed at Verdict cannot compel us to remove a Rekor entry. The Rekor entry contains no Customer Content or Personal Data (it is the 32-byte Merkle root, public key, and timestamp). See Privacy § 6 and Terms § 9.