Skip to content

Legal

Government & Law-Enforcement Data Requests

Effective 2026-07-13·Last updated 2026-07-13·HEOSSI (Pte.) Ltd.

This policy explains how HEOSSI responds when a government agency, law-enforcement authority, or court seeks user or customer data. The short version: we disclose only what we are legally compelled to disclose, through valid legal process, at the narrowest scope we can lawfully achieve, and we tell the affected customer unless the law forbids us from doing so.

1. Principles

  • Disclosure only under valid, binding legal process — never on an informal request.
  • Narrowest scope: we produce the minimum data responsive to the demand and challenge overbroad or improper requests.
  • Customer notice by default, before disclosure where possible.
  • The same policy applies regardless of which government makes the request.

2. What we require

  • HEOSSI is a Singapore-incorporated company. Singapore authorities must use valid legal process under Singapore law (e.g. a production order or equivalent).
  • Foreign authorities must proceed through channels that create a binding obligation on us — a mutual legal assistance treaty (MLAT), letters rogatory, or other process recognised under Singapore law. A foreign subpoena or warrant does not, by itself, bind us.
  • Requests must be in writing, identify the requesting authority and its legal basis, and describe the data sought with specificity.

3. Customer notice

We notify the affected account owner before disclosing their data, unless we are legally prohibited from doing so (for example by a non-disclosure order) or notice would create a demonstrable risk of serious harm. Where notice is delayed by a legal prohibition, we provide it as soon as the prohibition lapses.

4. Emergency requests

Where a requesting authority asserts an emergency involving imminent danger of death or serious physical injury, we may disclose narrowly-scoped data without prior process. Emergency requests must be documented in writing, are reviewed by senior management, and are recorded internally.

5. What we can and cannot produce

  • We can only produce data we actually hold — see the Privacy Policy's retention schedule. Data that has been deleted per that schedule cannot be produced.
  • Customer content is encrypted at rest. Where a separately contracted Enclave deployment places root-key control exclusively with the customer, our ability to produce plaintext is limited by that architecture. Self-service shared-cloud plans use Bee-managed per-tenant keys and do not provide this limitation.

6. Contact

Authorities: bee-legal@heossi.com (include the legal basis and requesting-officer identification). Customers with questions about this policy: same address.

Questions about this document? Contact bee-legal@heossi.com. Service of process: bee-legal@heossi.com (HEOSSI (Pte.) Ltd., Singapore).

Counter-signed copies on request. The text on this page is the canonical published version. For procurement teams that need a counter-signed copy of the Terms, DPA, or Order Form, email bee-legal@heossi.com. Where there is conflict between this page and an executed counter-signed agreement, the counter-signed agreement controls.

HEOSSI (Pte.) Ltd. · Singapore · heossi.comSee evidence index →