정부가 사용자 데이터를 요청할 때 우리가 하는 일.

We follow the law, we resist overreach, and we tell users when we can. In short: we require valid UAE legal process before disclosing anything; we challenge overbroad requests; we notify the user where legally permitted; and we publish a transparency report.

우리는 비공식 요청, 아무리 정중하더라도, 아무리 높은 직급의 요청자라 하더라도 사용자 데이터를 공개하지 않습니다. 공개는 우리에게 적용되는 법률에 따라 Prism에 발부된 유효한 법적 절차가 필요합니다:

·A court order, subpoena, or equivalent issued by a court of competent jurisdiction in the United Arab Emirates.

·An order from a UAE regulatory or law-enforcement authority with statutory authority to compel production.

·A mutual legal assistance treaty (MLAT) request or equivalent inter-governmental request properly executed under UAE law.

·For emergency disclosure: a good-faith belief, documented, that disclosure is necessary to prevent imminent death or serious bodily harm (and then only the minimum data necessary).

외국 법 집행 기관(미국, 영국, EU 또는 기타)은 UAE 당국을 통해 요청을 전달해야 합니다. 우리는 외국 법원이 발부한 소장에 직접 응하지 않습니다.

·Overbroad requests — requests that cover more users or more data than the investigating purpose justifies.

·Gag orders without a stated expiry — we will ask for a specific expiry date.

·Requests unsupported by the stated legal basis — we will ask for a written authority.

·Requests that violate the user’s constitutional or statutory privacy rights.

·Requests that seek content we cannot lawfully produce under UAE data protection law (PDPL Federal Decree-Law No. 45 of 2021).

법적 절차의 범위를 고려하여:

·Basic account data — email address, signup date, subscription status, last login — in response to a UAE court order or regulator.

·Server logs for the specified time window.

·Entry content, Mirrors, behavioural-model records — only on a more specific order that demonstrates particular necessity and proportionality, given the sensitive-personal-data nature of this content under PDPL.

·Real-time interception — we do not provide this capability. Prism is not a telecommunications or surveillance provider.

We will notify the affected user of a government request for their data, unless we are legally prohibited from doing so (e.g. a valid gag order, ongoing investigation where notification would cause evidence destruction).

When we’re legally prohibited, we will notify the user as soon as the prohibition expires.

임박한 사망 또는 심각한 신체 손상의 위험을 포함하는 긴급한 상황에서 우리는 정식 법적 절차를 기다리지 않고 법 집행 기관에 필요한 최소 정보를 공개할 수 있습니다. 그러한 공개는 우리의 내부 법 집행 기록에 기록되며, 합법적인 경우 나중에 영향을 받는 사용자에게 보고됩니다.

·Journal-entry audio. Audio is streamed to OpenAI Whisper for transcription and immediately discarded; we never have a copy.

·AI model outputs from deleted entries. If the entry and the derived signals have been deleted, they are gone from our primary database; backup copies roll off on our standard cycle.

·Decrypted data without the user’s credentials. Prism does not hold user passwords in plaintext; if asked to produce a decrypted export of entries, we will produce what is decryptable on our infrastructure and explain what isn’t.

운영의 첫 전체 연도부터 Prism은 최소한 다음을 포함하는 연간 투명성 보고서를 발표합니다:

·The number of government requests received, broken down by requesting country / authority.

·The number of users affected by those requests.

·The number of requests complied with, partially complied with, and rejected.

·The number of requests for which we challenged scope or legality.

·The number of emergency disclosures.

어떤 범주의 공개가 법률에 의해 금지된 경우, 우리는 보고서에 그 사실을 명시합니다.

·Legal process: legal@prismlens.net

·General privacy questions: privacy@prismlens.net

·DPO: dpo@prismlens.net