当政府要求用户数据时，我们会做什么。

We follow the law, we resist overreach, and we tell users when we can. In short: we require valid UAE legal process before disclosing anything; we challenge overbroad requests; we notify the user where legally permitted; and we publish a transparency report.

我们不会响应非正式请求而披露用户数据，无论请求多么礼貌，提出请求的人官位多高。披露需要对 Prism 签发的有效法律程序，且该程序受适用于我们的法律管辖：

·A court order, subpoena, or equivalent issued by a court of competent jurisdiction in the United Arab Emirates.

·An order from a UAE regulatory or law-enforcement authority with statutory authority to compel production.

·A mutual legal assistance treaty (MLAT) request or equivalent inter-governmental request properly executed under UAE law.

·For emergency disclosure: a good-faith belief, documented, that disclosure is necessary to prevent imminent death or serious bodily harm (and then only the minimum data necessary).

外国执法机构（美国、英国、欧盟或其他）必须通过阿联酋当局途径提出请求。我们不会直接响应外国法院签发的传票。

·Overbroad requests — requests that cover more users or more data than the investigating purpose justifies.

·Gag orders without a stated expiry — we will ask for a specific expiry date.

·Requests unsupported by the stated legal basis — we will ask for a written authority.

·Requests that violate the user’s constitutional or statutory privacy rights.

·Requests that seek content we cannot lawfully produce under UAE data protection law (PDPL Federal Decree-Law No. 45 of 2021).

受法律程序范围的约束：

·Basic account data — email address, signup date, subscription status, last login — in response to a UAE court order or regulator.

·Server logs for the specified time window.

·Entry content, Mirrors, behavioural-model records — only on a more specific order that demonstrates particular necessity and proportionality, given the sensitive-personal-data nature of this content under PDPL.

·Real-time interception — we do not provide this capability. Prism is not a telecommunications or surveillance provider.

We will notify the affected user of a government request for their data, unless we are legally prohibited from doing so (e.g. a valid gag order, ongoing investigation where notification would cause evidence destruction).

When we’re legally prohibited, we will notify the user as soon as the prohibition expires.

在涉及迫在眉睫的死亡或严重身体伤害风险的紧急情况下，我们可能会向执法部门披露最少必要信息，而无需等待正式法律程序。任何此类披露都记录在我们的内部执法日志中，并在可合法的情况下，事后向受影响的用户报告。

·Journal-entry audio. Audio is streamed to OpenAI Whisper for transcription and immediately discarded; we never have a copy.

·AI model outputs from deleted entries. If the entry and the derived signals have been deleted, they are gone from our primary database; backup copies roll off on our standard cycle.

·Decrypted data without the user’s credentials. Prism does not hold user passwords in plaintext; if asked to produce a decrypted export of entries, we will produce what is decryptable on our infrastructure and explain what isn’t.

从运营的第一个完整年度开始，Prism 将发布年度透明度报告，其中至少包含：

·The number of government requests received, broken down by requesting country / authority.

·The number of users affected by those requests.

·The number of requests complied with, partially complied with, and rejected.

·The number of requests for which we challenged scope or legality.

·The number of emergency disclosures.

如果任何类别的发布被法律禁止，我们将在报告中说明这一点。

·Legal process: legal@prismlens.net

·General privacy questions: privacy@prismlens.net

·DPO: dpo@prismlens.net