Transparency report

Reporting period: since launch — 24 April 2026.

This page reports, at a quarterly cadence, what legal demands we have received for user data and what we produced in response. The figures are cumulative from launch.

subpoenas

search warrants

court orders

national security letters

DMCA notices acted on

accounts disclosed

What we would disclose if compelled

Per our Privacy Policy, the total data we hold on a subscriber is:

email address;
Stripe customer ID;
subscription tier and expiry date;
active WireGuard public keys and the internal VPN IPs assigned to them.

We do not log connection times, source IPs, destination IPs, DNS queries, or traffic. A compelled disclosure produces one row and nothing more. This is the architecture we chose specifically so that legal demands can't extract what we never had.

Our policy on legal demands

We require demands to be valid legal process from a jurisdiction with authority over us or the operator. We do not accept informal requests.
We push back where we believe the demand is overbroad, improperly served, or constitutes a fishing expedition.
We notify the affected user unless we are legally prohibited from doing so. Where we are gagged, our warrant canary will reflect it.
The single category we will always cooperate with law enforcement on is material that sexually exploits minors. No privacy argument overrides this.

Next update

We update this page quarterly, on the first business day of January, April, July, and October. The first update after launch will post on 1 July 2026. If we receive a legal demand before the next quarterly update, we will post the disclosure within 30 days of responding to it (or of the gag expiring, if applicable).