Legal Process Guidelines
Smartago LLC complies with valid, binding legal process issued under applicable law. This page explains how to serve process for zukka accounts, what categories of data exist on our systems, and — equally important — what categories of data do not exist and can never be produced, regardless of the legal instrument used.
1. How to serve legal process
- Service channel: legal@zukka.app (official intake for Smartago LLC / zukka). We do not accept service through other channels.
- Requests must: identify the requesting agency and authorized agent; cite the legal authority; identify the target account by nickname (we cannot locate accounts by name, email address or phone number — we do not collect them); and describe the specific records sought with a reasonable date range.
- Overbroad or unsigned requests, and requests not legally binding on a US company, will be returned.
2. What exists on our systems
| Category | Contents | Notes |
|---|---|---|
| Basic subscriber record | nickname, account creation date, country code | no name, no email, no phone number — these are never collected |
| Session records | device model and OS, login timestamps, country code, connection IP | raw IPs are automatically deleted after 30 days; only the country code is retained thereafter |
| Invites | invite codes, status, timestamps | |
| Stored content | messages, attachments and contact data as ciphertext | encrypted with keys that derive from the user's passphrase and never exist complete on our systems; we hold no means of decryption |
3. What each instrument can obtain (US process — 18 U.S.C. §2701 et seq.)
- Subpoena: basic subscriber record (above).
- Court order under §2703(d): session records and other non-content records described in section 2.
- Search warrant: stored content — which on our systems exists only as ciphertext we cannot decrypt. We will produce the ciphertext as stored.
We have no technical capability to intercept communications in real time or to produce content in readable form. Smartago LLC is not a telecommunications carrier subject to CALEA capability mandates; and even the CALEA decryption rule (47 U.S.C. §1002(b)(3)) — which can require a carrier that itself encrypts to assist in decryption — does not reach us, because the complete keys do not exist on our systems.
4. Preservation requests
Upon a request under 18 U.S.C. §2703(f), we will preserve the then-existing records described in section 2 for 90 days, renewable once for an additional 90 days. Preservation does not suspend the automated 30-day IP deletion for periods before the request was received — data already deleted cannot be preserved.
Separately, where we file a report with the NCMEC CyberTipline under 18 U.S.C. §2258A, we preserve the contents of that report for one year as §2258A(h) requires. We are under no obligation to monitor, screen or affirmatively scan communications (§2258A(f)), and have no technical means to do so.
5. Emergency disclosure
Under 18 U.S.C. §2702(b)(8), where we have a good-faith belief that an emergency involving danger of death or serious physical injury requires disclosure without delay, we may disclose the available records described in section 2. Mark such requests "EMERGENCY" in the subject line to legal@zukka.app and include the facts establishing the emergency, the specific account, and the requesting officer's verifiable credentials.
6. Non-US authorities
Smartago LLC is a US company and responds to process binding under US law. Non-US authorities should proceed through a Mutual Legal Assistance Treaty (MLAT) request or letters rogatory via the US Department of Justice, or through mechanisms available under executive agreements where applicable. We do not act on foreign orders served directly.
7. User notice
Our policy is to notify the affected user before producing records, unless we are legally prohibited from doing so (for example by a non-disclosure order under 18 U.S.C. §2705(b)). Where notice is delayed by such an order, we provide it once the prohibition lapses.
8. Costs
We may seek reimbursement for costs incurred in responding to legal process, as permitted by 18 U.S.C. §2706.
9. Transparency
Requests received and their outcomes are reported, in permitted form, in our biannual Transparency Report.
10. National security process
National security demands — National Security Letters under 18 U.S.C. §2709 and orders under the Foreign Intelligence Surveillance Act (FISA) — are handled in accordance with applicable law, including any non-disclosure obligations they carry. To the extent the law permits, the numbers are reported in approved bands in our Transparency Report. As with all process, what can exist to be produced is limited to the categories in section 2; no readable content or keys exist on our systems.
11. Child safety and mandatory reporting
Smartago LLC has zero tolerance for child sexual abuse and exploitation. When we obtain actual knowledge of an apparent violation we report it to the NCMEC CyberTipline as required by 18 U.S.C. §2258A and cooperate with valid legal process, including emergency disclosure where a child is in danger. Our full standards, mandatory-reporting duties and child-safety point of contact are set out in our Child Safety Standards.
12. Authentication of requests
Fraudulent law-enforcement requests are a known threat — including forged process and "emergency" requests sent from compromised or spoofed official email accounts — so we authenticate before we act. We accept requests only through the official channel above and only from verifiable official sources, and we never rely on contact details supplied inside a request itself. We may independently verify the requesting agency and officer through a channel we source ourselves (for example the agency's publicly listed telephone number), require official credentials and proper signatures, and decline or delay any request we cannot verify. Genuine officers should expect a brief verification step: it protects users from impersonators and does not obstruct lawful process.