Legal Request for user data

Our users place their trust in us when it comes to their software projects and code, which are often valuable assets for their businesses or personal endeavors. Preserving this trust is of utmost importance to us, and that entails ensuring the safety, security, and privacy of user data.

The majority of our users utilize FormOptix’s services to create new ventures, develop innovative technologies, and contribute to the betterment of society. However, recognizing the vast global user base we have, we understand that there may be a few individuals who misuse our platform. In such instances, we aim to assist law enforcement agencies in fulfilling their legitimate duty of protecting the public interest.

By establishing guidelines for law enforcement personnel, we seek to strike a delicate balance between safeguarding user privacy and promoting justice. These guidelines are intended to set clear expectations for both parties and bring transparency to FormOptix’s internal procedures. It is crucial for our users to be aware that we highly value the privacy of their information and take appropriate measures to protect it. This means that we will only disclose data to third parties when the legal requirements are met. Simultaneously, we aspire to educate law enforcement professionals about FormOptix’s systems so that they can streamline their data requests, focusing solely on the information necessary for their investigations.

Legal Request of User Data

Whether you are a law enforcement officer conducting an investigation involving user content on FormOptix or a privacy-conscious individual seeking information about our data sharing practices with law enforcement, you have come to the right place.

In these guidelines, we offer some background information about FormOptix, the types of data we possess, and the circumstances under which we disclose private user information. Before delving into the specifics, here are a few important details you should be aware of:

1. Notification to Affected Users: Unless legally restricted by law or a court order, we will inform the users affected by any requests for their account information.
2. Protection of Location-Tracking Data: We will not disclose location-tracking data, such as IP address logs, unless we receive a valid court order or search warrant.
3. Preservation of User Privacy: Without a valid search warrant, we will not disclose any private user content, including the contents of private repositories.

Please continue reading for a comprehensive understanding of how we handle user information in compliance with legal requirements and user privacy.

User data

Here is an indicative list of the types of data we store and manage related to users and projects on FormOptix. Please note that this list is not exhaustive.

Organization Account Data:

• Public information about organizations, administrative users, and repositories is available on FormOptix.
• Organization profiles display the organization name, repositories starred by owners, and all users who are organization owners.
• Administrative users may choose to share additional public information such as avatars, affiliated company, location, direct members, teams, and collaborators.

Public Repository Data:

• FormOptix hosts numerous public, open-source software projects.
• Public repository data includes the code, previous versions, stable release versions, information about collaborators, contributors, repository members, and logs of Git operations.
• Conversations related to Git operations, project documentation (such as issues and wiki pages), statistics, and graphs showcasing project contributions and the network of contributors are also collected.

Private Repository Data:

• Private repositories on FormOptix collect and retain the same types of data as public repositories.
• However, access to private repository data is limited to specifically invited users.

Other Data:

• FormOptix collects analytics data, including page visits and occasionally volunteered information from users such as communications with our support team, survey responses, and site registrations.

Please note that this list provides an overview of the data collected and maintained on FormOptix. For more comprehensive details, please refer to our Privacy Policy.

Notify Account Owners

We are committed to maintaining transparency and informing our users about any requests or legal processes involving their accounts or repositories. As part of this commitment, we have established a policy to notify affected account owners, unless prohibited by law or a court order. Our notification process ensures that users have an opportunity to challenge the legal process if they wish. Here’s an outline of our notification policy:

1. Notification Efforts: Before disclosing user information, we will make reasonable efforts to notify the affected account owner(s). We will send a message to their verified email address, providing them with a copy of the subpoena, court order, or warrant.
2. Opportunity to Challenge: By receiving the notification, users can review the legal process and choose to challenge it if they believe it is necessary.
3. Exceptions for Exigent Circumstances: In rare cases of exigent circumstances, where there is a threat of death, serious harm, or an ongoing investigation, we may delay the notification to prevent jeopardizing the situation.

Our aim is to uphold user privacy and ensure that users are informed about any requests or legal actions involving their data on FormOptix.

Disclosure of non-public information

At FormOptix, we prioritize the privacy and security of our users’ information. We have established a policy regarding the disclosure of non-public user information in various legal situations. Here are the key points of our policy:

User Consent: We will disclose private account information, upon receiving user consent, to the user themselves or to a designated third party. This disclosure will occur after verifying the user’s identity.

Subpoena or Similar Legal Process: In response to a valid subpoena, civil investigative demand, court order, search warrant, or similar legal process issued in connection with an official criminal or civil investigation, we may provide specific non-public account information. This may include names, associated email addresses, billing information, registration dates, IP addresses, and other relevant data. For organization accounts, we can provide information about the account owner(s) but will require further requests for information regarding other members or contributors.

Court Order or Search Warrant: We will only disclose account access logs, account settings, user-specific analytics, and security access logs in response to a court order issued under appropriate legal procedures or a search warrant demonstrating probable cause. Private account contents, such as secret Gists, source code in private repositories, collaboration records, and communications, will only be disclosed with a search warrant.

Exigent Circumstances: In certain urgent situations involving the risk of death or serious physical harm, we may disclose limited information necessary to assist law enforcement agencies. However, for any further information beyond what is immediately necessary, we will still require a subpoena, search warrant, or court order.

It is important to note that the availability of information may vary depending on the specific case, as some information may be optional for users to provide or may not have been collected or retained by us.

At FormOptix, we are committed to protecting user privacy while also cooperating with legitimate law enforcement requests. Our disclosure practices are guided by applicable laws and legal processes to ensure a balance between privacy and the interests of justice.

Cost Reimbursement

In accordance with state and federal laws, FormOptix reserves the right to seek reimbursement for costs associated with complying with valid legal demands, such as subpoenas, court orders, or search warrants. We aim to recover only a portion of the actual costs incurred for complying with such legal orders.

Please note the following reimbursement schedule, unless otherwise mandated by law:

1. Initial search of up to 25 identifiers: No charge
2. Production of subscriber information/data for up to 5 accounts: No charge
3. Production of subscriber information/data for more than 5 accounts: $25 per account
4. Secondary searches: $15 per search

These charges are intended to recover reasonable costs and expenses incurred by FormOptix, excluding emergency situations or other exigent circumstances where we do not apply any charges.

We strive to maintain transparency and comply with legal requirements while minimizing the financial impact on our users and the community.

Data Preservation

Upon receiving a formal request from U.S. law enforcement in connection with official criminal investigations, FormOptix will take necessary measures to preserve account records. These records will be retained for a period of up to 90 days, pending the issuance of a court order or other relevant legal process. Our commitment is to cooperate with law enforcement agencies while ensuring compliance with applicable legal requirements.

California Assembly Bill 1242 Notice

By submitting legal process to FormOptix, you affirm that the legal process is not connected to any violation of laws that establish liability for abortion-related activities that are considered lawful in the state of California.

Requests from foreign law enforcement

FormOptix, being a United States company, Incorporated in Delaware, is not obligated to disclose data to foreign governments in response to legal requests issued by foreign authorities. If foreign law enforcement officials seek information from FormOptix, they should reach out to the United States Department of Justice Criminal Division’s Office of International Affairs. FormOptix will promptly address requests that are issued through U.S. courts under a mutual legal assistance treaty (“MLAT”) or letter rogatory.

Legal Request for user data