Law Enforcement Guidelines

Version 1.1 | Last Updated: 22 April 2026

For law enforcement, regulators, and legal professionals. This page explains how to make lawful requests for data to SocialGryd. Users and members of the public: for normal account, privacy, and safety queries please use privacy@socialgryd.com, support@socialgryd.com, or report@socialgryd.com.

1. About SocialGryd

SocialGryd is operated by SocialGryd Limited, a company incorporated in Estonia with registered office at Narva mnt 5, Kesklinna linnaosa, Tallinn, Harju maakond 10117, Estonia. We are the data controller for Platform personal data and are subject to direct supervision by the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

2. How to Contact Us

Legal and law enforcement requests: legal@socialgryd.com
Emergency disclosure requests (imminent risk to life or serious bodily injury): legal@socialgryd.com with subject line starting "EMERGENCY DISCLOSURE REQUEST"
Child safety / CSAE reports: report@socialgryd.com
Postal address: SocialGryd Limited, Narva mnt 5, Kesklinna linnaosa, Tallinn, Harju maakond 10117, Estonia

We do not accept service of process by social-media message, in-app support channels, or comments on posts.

3. What Data We Typically Hold

Depending on the user and their Platform activity, we may hold: account registration data (name, email, phone, date of birth), authentication metadata (IP addresses, device identifiers, sign-in times), profile data, content (posts, comments, stories, messages), event activity, location data (where the user has granted location permission), engagement signals, and moderation history. The specific categories retained are described in the Privacy Policy.

We do not store:

The plaintext contents of user passwords (we store only cryptographic hashes)
Full payment-card numbers (processed by Stripe, Apple, or Google)
Government identification documents unless voluntarily provided for a specific compliance matter

4. Legal Process We Accept

As a company established in Estonia (EU), SocialGryd primarily responds to Estonian and EU legal process. For requests from other jurisdictions, we generally require process served through:

An Estonian court or prosecutor (for Estonian law enforcement)
A European Investigation Order or European Production Order (for EU Member State requests)
A Mutual Legal Assistance Treaty (MLAT) request to Estonian authorities (for non-EU requests)
A letter rogatory or equivalent international judicial assistance instrument
A valid preservation request under Article 35 of the Budapest Convention on Cybercrime (for 90-day data preservation pending legal process)
A UK court order served through appropriate channels (for UK requests relating to UK users, where applicable)

We may, in our sole discretion and where permitted by law, accept requests made pursuant to valid non-EU process that is sufficiently compatible with Estonian and EU law (including the CLOUD Act Executive Agreement framework where applicable between the US and the EU).

5. What Your Request Must Include

All law enforcement requests must include:

The name and official contact details of the requesting authority and investigating officer (with agency email, phone, and badge / credential number)
A clear identification of the user account (SocialGryd username, email used for registration, user ID, or a URL to the relevant profile/post)
The specific legal authority for the request (statute, section, case number)
The specific categories of data sought — be as narrow and specific as possible
The date range for the data sought
Confirmation that disclosure will not breach the user's rights under the GDPR, EU Charter of Fundamental Rights, or the ECHR in a way that is not justified by the legal authority cited

Overly broad requests will be rejected or narrowed.

6. Emergency Disclosure Requests

Where there is an imminent threat to life, or a risk of serious bodily injury to a minor or an adult, we may, on a case-by-case basis, voluntarily disclose limited information to the relevant law enforcement agency under GDPR Article 6(1)(d) (vital interests) or Article 9(2)(c). Your Emergency Disclosure Request must include:

A description of the emergency, specifying the imminent threat and why access to user data is necessary
The user's identifying information (username, email, URL)
The officer's name, rank, agency, agency email, and phone
A statement that normal legal process cannot be obtained within the time available

We respond to verified emergencies as quickly as practicable, typically within a few hours to 24 hours.

7. Preservation Requests

We will, on receipt of a preservation request from a law enforcement agency authorised to make one under the Budapest Convention or applicable national law, preserve the specified data for 90 days, renewable once on written request. Preservation does not constitute disclosure; a separate legal process is needed for disclosure. Preservation requests should be sent to legal@socialgryd.com.

8. Notice to Users

Our policy is to notify a user when their data is the subject of a legal request, unless:

The request is accompanied by a valid non-disclosure order or gag order
The request is part of an investigation into CSAE, terrorism, imminent risk to life, or a grave public-safety matter where notification would undermine the investigation
Notification is prohibited by applicable law

We review each non-disclosure element on its merits and may challenge overbroad gag orders in court where appropriate.

9. Cost Recovery

In compliance with applicable law, we may recover from requesting authorities reasonable costs of compiling data in response to legal process, except for requests relating to emergencies, CSAE investigations, or where recovery is prohibited by law.

10. Transparency Reporting

We publish aggregate data on law-enforcement requests, content removal orders (including DSA Article 9), content moderation actions (DSA Article 15), and trusted-flagger activity (DSA Article 22) in our Transparency Report. The first report will cover the calendar period beginning 1 January 2026 and will be published at least annually.

11. DSA-Specific Orders and Article 11 Declaration

Under the EU Digital Services Act (Regulation (EU) 2022/2065):

Orders to act against illegal content (Article 9): send to legal@socialgryd.com. We respond without undue delay, notify the issuing authority and the Commission / Digital Services Coordinator of establishment, and — unless the order prohibits it — inform the affected user through a Statement of Reasons.
Orders to provide information (Article 10): send to legal@socialgryd.com. We respond in the language and format required by the order.
Article 11 — Single Point of Contact for Authorities. SocialGryd Limited hereby designates legal@socialgryd.com as its single electronic contact point for Member State authorities, the European Commission, the European Board for Digital Services, and other bodies empowered to communicate with online intermediaries under the DSA. Communications may be sent in English or in Estonian. Our postal contact is SocialGryd Limited, Narva mnt 5, Kesklinna linnaosa, Tallinn, Harju maakond 10117, Estonia. This designation is effective from 22 April 2026 and will be maintained as our operational scope requires.
Article 12 — Single Point of Contact for Recipients of the Service. Recipients (users, content providers, creators, partners, brands, event hosts) may contact us through support@socialgryd.com for general support, report@socialgryd.com for safety reports, or privacy@socialgryd.com for privacy rights. This channel is communicated to users on signup, in the in-app Help Centre, and on our website.
Article 13 — Legal Representative. As SocialGryd is established in Estonia (an EU Member State), no additional Article 13 legal representative is required. Our registered office above serves as the point of establishment for Union-law compliance.
Trusted Flaggers (Article 22). We accept priority reports from Trusted Flaggers awarded that status by the relevant Digital Services Coordinator. Applicable Trusted Flaggers should route reports through legal@socialgryd.com with the subject line "Trusted Flagger".
Out-of-Court Dispute Settlement (Article 21). Users may refer moderation disputes to an out-of-court dispute-settlement body certified by the Digital Services Coordinator of the relevant Member State. We commit to engaging in good faith with any such body in accordance with Article 21 and will publish the name of any body we routinely refer users to as and when operational volumes justify.
Statements of Reasons. Every restriction of visibility, removal of content, suspension, or termination is accompanied by a Statement of Reasons (Article 17) and, where applicable, submitted to the DSA Transparency Database.

11a. Terrorist Content Online (EU Regulation 2021/784)

Our Article 15 TCO point of contact is legal@socialgryd.com. Removal orders from a competent authority of an EU Member State are actioned within one hour of receipt under Article 3 TCO Regulation, subject to the exceptions at Article 3(7)–(9). Full procedure is set out in our Acceptable Use Policy Section 9.

12. Authentication of Requests

We verify the authenticity of every request. Requests must be sent from a verifiable official domain of the requesting authority and include credentials that we can independently verify. Where authenticity is unclear, we may pause response until verification is complete.

13. Minors and CSAE

For matters relating to child sexual abuse material (CSAM), online child sexual exploitation (CSE), or imminent risk to a minor, please contact report@socialgryd.com. We cooperate with the National Center for Missing and Exploited Children (NCMEC), Europol EC3, INHOPE, and national child-protection authorities, subject to applicable data-protection law. As an Estonian-established provider, our primary mandatory reporting channels are the Estonian Police and Border Guard Board and the INHOPE-affiliated national hotline of the jurisdiction concerned; we also make voluntary reports to NCMEC's CyberTipline where the facts require or permit such referral. When the integration described in our Child Safety Standards §3 is live, known-hash matches will be preserved and referred through these channels.

14. User Rights and Judicial Oversight

Users whose data has been disclosed retain all rights under GDPR, the EU Charter of Fundamental Rights, and the ECHR, including the right to effective judicial remedy and to complain to the Estonian Data Protection Inspectorate. These Guidelines do not reduce or waive any of those rights.

15. Contact

Legal / law enforcement: legal@socialgryd.com
Emergency: legal@socialgryd.com (subject line "EMERGENCY DISCLOSURE REQUEST")
Child safety: report@socialgryd.com
DPO: dpo@socialgryd.com