Skip to main content
Genie9

Transparency Report - Nygma.ai

Last Updated: March 18, 2025

This Transparency Report provides information about government requests for user data received by Genie9 LTD ("Genie9", "we", "us", or "our"), a company registered in England and Wales with company registration number 08669198, in connection with the Nygma.ai service ("Service").

1. Introduction

1.1 Purpose of This Report

  • • To provide transparency about government requests for user data
  • • To explain how our zero-knowledge architecture affects our responses
  • • To outline our policies and procedures for handling such requests

1.2 Commitment to User Privacy

  • • We design our systems to protect user privacy through technical means
  • • We limit the data we collect to what is necessary to provide the Service
  • • We implement zero-knowledge encryption to ensure we cannot access user content

1.3 Scope and Frequency

  • • This report covers the period from service launch to March 18, 2025
  • • We will update this report annually
  • • Future reports will include quantitative data on requests received

2. Types of Requests

2.1 Legal Process Types

Subpoenas:

Legal orders that don't typically require judicial review

  • • Seeking basic account information
  • • Limited to non-content data we can access

Court Orders:

Issued by a judge or magistrate

  • • May seek broader categories of data
  • • Still limited by our technical capabilities

Search Warrants:

Require judicial review and probable cause

  • • Highest standard of legal process
  • • Cannot compel production of data we cannot access

National Security Requests:

Including National Security Letters (NSLs) and FISA orders

  • • Subject to special legal and procedural requirements
  • • Limited by zero-knowledge architecture

Emergency Requests:

Requests related to imminent harm

  • • Processed on expedited basis where legally appropriate
  • • Still subject to technical limitations

2.2 Jurisdictional Considerations

  • • We are primarily subject to UK and EU legal jurisdictions
  • • We evaluate requests from other jurisdictions based on international legal principles
  • • We may challenge requests that do not follow appropriate legal channels

3. Zero-Knowledge Limitations

3.1 Technical Impossibility

Due to our zero-knowledge encryption architecture:

  • • We cannot access the content of user files
  • • We cannot decrypt user data even when legally compelled
  • • We cannot provide plaintext versions of encrypted content

3.2 Data We Can Provide

We can potentially provide the following information in response to valid legal process:

  • • Account creation information (email address, creation date)
  • • Subscription and billing information
  • • Login logs and IP addresses
  • • Usage statistics (storage used, bandwidth consumed)
  • • Encrypted metadata (file names, sizes, timestamps when not encrypted by user)

3.3 Data We Cannot Provide

We cannot provide:

  • • Content of encrypted files
  • • Decrypted file names (when name encryption is enabled)
  • • Passwords or encryption keys
  • • Plaintext versions of any encrypted data

4. Legal Standards and Procedures

4.1 Validity Requirements

We require legal requests to meet the following standards:

  • • Proper legal authority and jurisdiction
  • • Specific identification of the account or data sought
  • • Compliance with applicable legal procedures
  • • Proportionality between the request and the alleged crime or legal matter

4.2 Review Process

All government requests undergo review by:

  • • Legal counsel familiar with privacy and cybersecurity law
  • • Technical staff to assess what data can be provided
  • • Senior management for policy compliance

4.3 Challenge Procedures

We may challenge requests that:

  • • Lack proper legal authority
  • • Are overly broad or lack specificity
  • • Seek data we cannot technically provide
  • • Violate user privacy rights under applicable law

5. User Notification

5.1 Notification Policy

We notify users of government requests for their data unless:

  • • Notification is prohibited by law (e.g., gag orders)
  • • Notification would compromise an ongoing investigation
  • • Emergency circumstances prevent timely notification

5.2 Delayed Notification

When immediate notification is not possible:

  • • We seek to minimize the delay period
  • • We challenge overly broad gag orders
  • • We notify users as soon as legally permissible

5.3 Notification Content

User notifications include:

  • • General nature of the request (without compromising investigations)
  • • Categories of data requested
  • • Our response to the request
  • • User's options for legal challenge

6. Statistics (Reporting Period: Service Launch to March 18, 2025)

6.1 Government Requests Received

Total Requests: 0

  • • Subpoenas: 0
  • • Court Orders: 0
  • • Search Warrants: 0
  • • National Security Requests: 0
  • • Emergency Requests: 0

0

Total Requests

6.2 Requests by Jurisdiction

  • • United Kingdom: 0
  • • United States: 0
  • • European Union: 0
  • • Other jurisdictions: 0

6.3 Request Outcomes

  • • Complied in full: 0
  • • Complied in part: 0
  • • Rejected/Challenged: 0
  • • Withdrawn by requesting authority: 0

6.4 User Accounts Affected

  • • Total accounts subject to requests: 0
  • • Users notified of requests: 0
  • • Delayed notifications pending: 0

7. Content Removal Requests

7.1 Government Content Removal Requests

Total Requests: 0

  • • Court orders for content removal: 0
  • • Administrative requests: 0
  • • Terrorism-related removal requests: 0

7.2 Zero-Knowledge Limitations

  • • We cannot remove content from encrypted private storage
  • • Removal limited to publicly shared links
  • • Users maintain control over their encrypted data

8. Emergency Disclosures

8.1 Emergency Procedures

We may disclose user information without legal process in genuine emergencies involving:

  • • Imminent threat to life or safety
  • • Child exploitation or abuse
  • • Terrorism or national security threats

8.2 Emergency Standards

Emergency disclosures require:

  • • Clear and specific threat identification
  • • Good faith belief in the emergency nature
  • • Proportional response to the threat level
  • • Documentation of emergency circumstances

8.3 Emergency Statistics

Reporting Period: Service launch to March 18, 2025

  • • Emergency disclosure requests: 0
  • • Emergency disclosures made: 0

9. International Cooperation

9.1 Mutual Legal Assistance Treaties (MLATs)

  • • We respond to properly channeled MLAT requests
  • • Requests must meet UK legal standards
  • • Technical limitations still apply

9.2 International Law Enforcement

  • • Cooperation limited to what is technically possible
  • • Adherence to proper legal channels required
  • • Protection of user rights under applicable law

10. Policy Changes and Improvements

10.1 Policy Reviews

  • • Annual review of government request procedures
  • • Updates based on legal developments
  • • User input considered in policy development

10.2 Technical Improvements

  • • Ongoing enhancement of zero-knowledge architecture
  • • Reduction of metadata collection where possible
  • • Improved user control over data sharing

10.3 Legal Advocacy

  • • Support for strong encryption and user privacy rights
  • • Participation in relevant legal and policy discussions
  • • Opposition to encryption backdoors and weakening

11. Accountability and Oversight

11.1 Internal Oversight

  • • Regular audit of government request procedures
  • • Training for staff handling legal requests
  • • Documentation and record-keeping requirements

11.2 External Oversight

  • • Independent security audits include review of data access procedures
  • • Legal counsel review of policies and procedures
  • • Transparency in reporting and public accountability

12. Contact Information

For questions about this Transparency Report or government requests:

Legal Department:

Email: legal@genie9.com

Government Relations:

Email: government-relations@genie9.com

General Contact:

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

12.1 Legal Process Service

Legal process should be served at:

12.2 Emergency Contact

For genuine emergency situations:

This Transparency Report covers the period from service launch through March 18, 2025. Our next transparency report will be published by March 18, 2026. We are committed to protecting user privacy while complying with applicable legal obligations.

← Back to Nygma Legal Center
AI Built