LogMeIn Government Request Policy

protecting-data-png

At LogMeIn, we value the privacy and security of our customers and their data. Therefore, we have taken precautions designed to ensure that we are safeguarding the information entrusted to us by our users from any unlawful access or intrusions. This policy was created to provide greater transparency regarding the guidelines used by LogMeIn to determine how and when we will process demands received from law enforcement, national security, and other regulatory bodies (“Government”) for information about our customers, their employees, and/or their users (“Customer Information”).

In addition, it is important to note that while this policy is not specifically intended to address requests for Customer Information arising from private or commercial disputes, LogMeIn will, to the extent applicable, take the same precautions specified herein for such requests.

 

Safeguarding Customer Information

Upon receipt of a Government request for Customer Information, LogMeIn takes the following steps into consideration before responding:

  • Subject. Wherever possible, LogMeIn believes that the Government should first seek to obtain the information that they are seeking directly from the customer or end user who is the subject of the investigation before requesting such Information from LogMeIn.
  • Authority. LogMeIn will only provide Customer Information if the Government has appropriate authority under applicable law to request such information. Absent a valid warrant, subpoena, court order, equivalent legal process, or emergency situation, it is LogMeIn’s position not to provide Customer Information to the Government.
  • Scope. Wherever possible, LogMeIn will seek to ensure that any request for Customer Information is limited to a clear and reasonable scope about a specific customer account, request additional context if the nature of the investigation is not clear, and may push back on the request for other reasons. In the event LogMeIn does provide information, it will be the minimum amount of information required to comply with the demand.
  • Notice. Except in circumstances where LogMeIn has been advised by the Government not to notify, is prohibited from doing so, or there is a clear indication of illegal conduct or risk of harm, LogMeIn will notify the customer of a request before disclosing any Customer Information so that the customer may seek available legal remedies.

Information We Can Provide

The vast majority of requests we receive are for basic customer account-level information in connection with a Government investigation of potential fraud, a violation of law, or suspected bad actors who may be using our services in violation of our Terms of Service.

The categories of Customer Information that may be hosted and retained by LogMeIn depend on which LogMeIn services are used. We strongly encourage Government officials to review our service offerings before preparing and submitting any warrant, subpoena, court order, or equivalent legal request.

Information Governments Must Provide

Government officials are asked to ensure that any requests for Customer Information be reasonable in scope and narrowly tailored to request only the information needed to complete their investigation. To help us respond in an effective and timely manner, please provide as much of the following information as possible:

  • Customer email address. Most Customer Information is identified by using the Master Account Holder email address. Therefore, the email address associated with the account is very helpful.
  • Billing address and/or credit card information. In some instances, we will be able to identify an account based on the last four digits of the credit or debit card used to purchase the services and the date of the transaction. Please note that LogMeIn does not possess any credit or debit card information beyond the last four digits.
  • LogMeIn service. Please identify the LogMeIn service offering to which the request relates. In addition, wherever possible, please provide information related to use of the service offering such as session ID, IP address, telephone number, meeting ID, username, master account holder, etc.

Each request must also include contact information for the authorized Government official, including:

  • Agency name
  • Agent name and badge/identification number
  • Agent employer-issued email address
  • Agent phone number, including any extension
  • Agent mailing address
  • Requested response date

Where to Submit a Request

LogMeIn accepts Government requests via email at lmisubpoenas@logmein.com or for Grasshopper at grasshoppersubpoenas@logmein.com.

While we agree to accept requests by this method, neither LogMeIn nor our customers waive any legal rights based on this accommodation. Additionally, e-mail requests must be made from an official Government e-mail address.

International Requests

All Government requests must be issued pursuant to applicable laws and made through official channels (e.g., executed order, Government e-mail address, etc.). In addition, requests must be made under appropriate legal basis, and a Mutual Legal Assistance Treaty request, a request from a country meeting the obligations under the U.S. CLOUD Act, letter rogatory, or other form of domestication may be required to establish the legal basis of the request.

We will review all international Government requests on a country-by-country and case-by-case basis in order to consider and balance our local legal obligations against our commitments to promote users’ safety and privacy. We may choose to respond differently to requests from different countries where these commitments conflict with local law.