Law-Enforcement & Government Data Requests

LAST UPDATED: 20 JUNE 2026 · VERSION 1.0

This policy explains how CruiseCtrl (Relay Labs Limited) handles requests from law-enforcement agencies, courts and other public authorities for our users' personal data. We take our users' privacy and safety extremely seriously — many of our users belong to communities that face heightened risk — and we disclose data only where we are legally required to do so.

1. We require valid legal process

We disclose user data to a public authority only on the basis of a valid legal instrument that is appropriate to the data sought — for example a court order, warrant, or other binding legal demand issued under the laws of Ireland or the European Union, or, for requests from outside the EU/EEA, a request made through a recognised channel such as a Mutual Legal Assistance Treaty (MLAT) or other valid international legal-cooperation mechanism. We do not provide bulk or direct access to our systems and we do not build "back doors".

2. Legality review

Every request is reviewed before any data is disclosed. We check that the request: comes from a legitimate, identified authority; cites a valid legal basis; is appropriately scoped; relates to identifiable account(s); and is consistent with the GDPR, the e-Privacy rules and applicable fundamental-rights protections (including the EU Charter). Requests that do not meet these criteria are not actioned as submitted.

3. We will challenge unlawful or overbroad requests

Where a request appears to us to be unlawful, defective, disproportionate or overbroad, we will seek clarification or narrowing, take legal advice, and where appropriate refuse or formally challenge the request through the available legal channels before disclosing anything.

4. Data minimisation

If we are required to disclose, we disclose only the minimum data the request actually compels — never more than is strictly necessary, and never an entire account record where a narrower set will satisfy a lawful, specific request.

5. Documentation

We keep records of the government and law-enforcement requests we receive, including the requesting authority, the legal basis cited, our assessment and legal reasoning, the people involved in handling it, and our response (including any refusal or challenge). These records support accountability and any future transparency reporting.

6. Emergency requests

In genuine emergencies involving an imminent risk of death or serious physical harm, we may disclose limited information to the relevant authority on an expedited basis, in line with the GDPR's vital-interests and legal-obligation bases. We assess such requests carefully and document them as above.

7. Notifying users

Where we are legally permitted to do so, and unless doing so would be counterproductive (for example, would create a risk to life, an investigation, or child-safety), we aim to notify a user before disclosing their data so they have an opportunity to seek their own legal remedy.

8. Child-safety & serious crime

Separately from authority requests, we proactively report child sexual abuse material and credible threats to life to the appropriate authorities and hotlines (for example An Garda Síochána, hotline.ie, and, where relevant, NCMEC), consistent with our legal obligations and Article 18 of the Digital Services Act. See our Community Guidelines.

9. How authorities can contact us

Law-enforcement and public-authority requests should be sent to legal@cruisectrl.eu, addressed to Relay Labs Limited, 35 Lower Sherrard Street, Dublin 1, Ireland. Requests should identify the requesting authority and officer, the legal basis, the specific account(s) and data sought, and a deadline. We do not accept service of legal process by other channels.