Requests from Government Agencies/Law Enforcement
Except in emergencies (see more below), DigitalOcean turns over protected user information only upon receipt of a valid subpoena, ECPA US court order, or search warrant. Additionally, we will notify affected users about any requests for their account information, unless prohibited from doing so by law or court order (see more below).
Upon receipt of a valid subpoena, if these pieces of information are available, we can provide user registration information such as the first and last names, phone number, email address, the date/time stamped IP address from which a site was created, the physical address, and the PayPal / Stripe transaction information.
Upon receipt of a valid ECPA court order, if these pieces of information are available, we can provide access logs which might reveal a user’s movements over a period of time, account or private repository settings (for example, which users use certain services, etc.), security access logs other than account creation or for a specific time and date.
Upon receipt of a valid search warrant, if these pieces of information are available, we can disclose content of customer virtual machines, the content of user communications with customer support, or other forms of content data.
For legal requests from government agencies/law enforcement outside of the United States, we require that the request be served via (1) a United States court, (2) an enforcement agency under the procedures of an applicable mutual legal assistance treaty (MLAT), or (3) an order from a foreign government that is subject to an executive agreement that the Attorney General of the United States has determined and certified to Congress satisfies the requirements of 18 U.S.C. 2523.