政府がユーザーデータをリクエストする場合、私たちが行うこと。

We follow the law, we resist overreach, and we tell users when we can. In short: we require valid UAE legal process before disclosing anything; we challenge overbroad requests; we notify the user where legally permitted; and we publish a transparency report.

いかに丁寧であっても、いかに高い地位のリクエストであっても、非公式なリクエストに応じてユーザーデータを開示することはありません。開示には、当社に適用される法律に基づいてPrismに発行された有効な法的文書が必要です：

·A court order, subpoena, or equivalent issued by a court of competent jurisdiction in the United Arab Emirates.

·An order from a UAE regulatory or law-enforcement authority with statutory authority to compel production.

·A mutual legal assistance treaty (MLAT) request or equivalent inter-governmental request properly executed under UAE law.

·For emergency disclosure: a good-faith belief, documented, that disclosure is necessary to prevent imminent death or serious bodily harm (and then only the minimum data necessary).

外国の法執行機関（米国、英国、EU、またはその他）からのリクエストは、UAE当局を通じてルーティングする必要があります。外国の裁判所が発行した召喚状には直接対応しません。

·Overbroad requests — requests that cover more users or more data than the investigating purpose justifies.

·Gag orders without a stated expiry — we will ask for a specific expiry date.

·Requests unsupported by the stated legal basis — we will ask for a written authority.

·Requests that violate the user’s constitutional or statutory privacy rights.

·Requests that seek content we cannot lawfully produce under UAE data protection law (PDPL Federal Decree-Law No. 45 of 2021).

法的文書の範囲に従って：

·Basic account data — email address, signup date, subscription status, last login — in response to a UAE court order or regulator.

·Server logs for the specified time window.

·Entry content, Mirrors, behavioural-model records — only on a more specific order that demonstrates particular necessity and proportionality, given the sensitive-personal-data nature of this content under PDPL.

·Real-time interception — we do not provide this capability. Prism is not a telecommunications or surveillance provider.

We will notify the affected user of a government request for their data, unless we are legally prohibited from doing so (e.g. a valid gag order, ongoing investigation where notification would cause evidence destruction).

When we’re legally prohibited, we will notify the user as soon as the prohibition expires.

差し迫った死亡または重大な人身傷害のリスクを伴う緊急事態の場合、正式な法的文書の発行を待つことなく、法執行機関に必要最小限の情報を開示することがあります。そのような開示はすべて、社内の法執行機関ログに記録され、合法的な場合は、その後影響を受けたユーザーに報告されます。

·Journal-entry audio. Audio is streamed to OpenAI Whisper for transcription and immediately discarded; we never have a copy.

·AI model outputs from deleted entries. If the entry and the derived signals have been deleted, they are gone from our primary database; backup copies roll off on our standard cycle.

·Decrypted data without the user’s credentials. Prism does not hold user passwords in plaintext; if asked to produce a decrypted export of entries, we will produce what is decryptable on our infrastructure and explain what isn’t.

事業開始後初年度の終了から、Prismは最低限以下を含む年次透明性レポートを公開します：

·The number of government requests received, broken down by requesting country / authority.

·The number of users affected by those requests.

·The number of requests complied with, partially complied with, and rejected.

·The number of requests for which we challenged scope or legality.

·The number of emergency disclosures.

カテゴリの公開が法律で禁止されている場合は、レポートにその旨を記載します。

·Legal process: legal@prismlens.net

·General privacy questions: privacy@prismlens.net

·DPO: dpo@prismlens.net