1. Executive Summary
Reporting Period: July 1, 2025 – December 31, 2025
Last Updated: February 6, 2026
At Trustname, our mission is to provide a "sovereign" alternative to Big Tech. This report details the number of legal requests we received for user data, as well as our responses. We aim to be the most transparent registrar in the European Union and worldwide.
Trustname operates under the strict legal jurisdiction of the Republic of Estonia and the European Union, meaning we do not recognize or comply with direct data requests from foreign law enforcement agencies, including those issued under the U.S. CLOUD Act. For any non-EU authority to request information, they must utilize the Mutual Legal Assistance Treaty (MLAT) process, which requires the request to be audited by the Estonian Ministry of Justice and approved by a local court.
This framework provides our users with three critical layers of protection: it allows us to reject 100% of informal or extra-territorial demands, it enforces the "Dual Criminality" rule (ensuring data is only shared if the act is also a crime in Estonia), and it provides a judicial "cool-down" period of several months, preventing bulk or instantaneous surveillance and ensuring every request is subject to the highest standards of European human rights and privacy law.
Learn more about the Mutual Legal Assistance Treaty (MLAT) and how it protects you.
2. Our Legal Framework (The "Shield")
As an Estonian entity (Fewmoretaps OÜ), we operate under the strict privacy laws of the European Union (GDPR).
Our Policy: We do not disclose user data unless presented with a valid, legally binding order from a court of competent jurisdiction within the EU.
Non-EU Requests: Requests from foreign governments (e.g., US, UK) must follow the Mutual Legal Assistance Treaty (MLAT) process to be considered.
3. Law Enforcement & Data Requests
In the table below, we disclose the volume of requests handled during this reporting period.
Law Enforcement Requests by Country
| Country / Region | Number of Requests | Rejected | Data Disclosed |
| European Union | 5 | 5 | 0 |
| United Kingdom (UK) | 7 | 7 | 0 |
| Australia | 2 | 2 | 0 |
| United States | 153 | 153 | 0 |
| India | 4 | 3 | 1 |
| Others | 1 | 1 | 0 |
| Total | 172 | 171 | 1 (1%) |
Data Requests by Authority & Rejection Analysis
| Country | Law Enforcement Agency | Outcome & Most Common Reason for Rejection |
| European Union | Europol | |
Federal Criminal Police Office (Bundeskriminalamt - BKA) | ||
State Police (Landespolizei) | Rejected: Procedural Defects | |
| Withdrawn | ||
| Estonia | Challenged | |
United Kingdom | ||
| Redirected | ||
| Rejected: Lack of User Notice | ||
| Rejected: Exempt Data (Professional Privilege) | ||
United States | Rejected: Invalid Jurisdiction | |
| Rejected: Manifestly Unfounded | ||
Australia | Rejected: Overly Broad | |
| Rejected: Future-Dated | ||
| Rejected: Incorrect Legal Entity | ||
India | Rejected: Procedural Defects | |
| Rejected: Insufficient Legal Standard |
4. Content Takedowns & Abuse Reports
We take the security of the internet seriously. This section covers reports regarding phishing, malware, and illegal content.
Total Abuse Reports Received: 72
Action Taken (Suspensions): 1
Declined (Protected Speech/No Proof): 71
5. Privacy Safeguards
WHOIS Privacy: We provided redaction for 100% of eligible domain registrations.
Third-Party Sharing: Trustname shared data with 0 third-party advertisers or data brokers.
- Data Encryption: Technical privacy infrastructure, as explained below.
To minimize our data footprint and ensure that user information cannot be compromised even in the event of hardware seizure, Trustname employs the following technical safeguards:
A. RAM-Only Logging (Volatile Storage)
What it is: Our primary access and application logs are stored exclusively in volatile memory (RAM) rather than on permanent hard drives (SSD/HDD).
The Privacy Benefit: Because RAM requires power to retain data, all logs are automatically and permanently wiped upon any server reboot or power loss. This ensures that no long-term "trail" of user activity exists on our physical hardware.
Status: Enabled/Active across all European nodes.
B. Encrypted Database Backups (AES-256)
What it is: While active user data is strictly protected, our backup archives are encrypted using the Advanced Encryption Standard with 256-bit keys (AES-256).
The Privacy Benefit: Even if a backup file were intercepted during off-site transit, it remains cryptographically impossible to read without the master private keys, which are stored in a geographically separate, hardened Key Management System (KMS).
Status: 100% Encryption Coverage for all redundant data stores.
6. Warrant Canary
Status: ACTIVE
As of February 6, 2026, Trustname (Fewmoretaps OÜ) has received
- ZERO National Security Letters
- ZERO Gag Orders
- ZERO secret warrants from any government agency.
We have NOT been required to build "backdoors" into our systems.
7. Analysis of Trends
In the last year, we have seen a 5% increase in invalid data requests. This confirms that our stance on European Data Sovereignty is effectively shielding our users from overreaching global surveillance.
Definitions:
Challenged: We went to court to fight the warrant or narrow its scope.
Withdrawn: Law enforcement took back the request after we asked for clarification or pointed out legal errors.
Redirected: We informed the authorities that they must seek the data directly from the user or the relevant enterprise customer.
Rejected: A request is classified as "Rejected" when Trustname (Fewmoretaps OÜ) receives a formal legal demand but refuses to provide any user data or take the requested action. This occurs after our legal team conducts a manual review and determines the request fails to meet our required standards.
A request is rejected if it falls into one of these three categories:
1. Facial Invalidity
- The request is not signed by a judge or authorized official.
- The request contains material errors (wrong dates, incorrect legal entity name, or non-existent account identifiers).
- The request was not properly served (e.g., sent via an informal social media message rather than a formal legal channel).
2. Legal Deficiency
- Invalid Jurisdiction: The request originated from a non-EU authority without the necessary Mutual Legal Assistance Treaty (MLAT) or a valid Estonian court validation.
- Procedural Defects: Law enforcement attempted to obtain private content using a low-level subpoena when a high-level probable-cause search warrant is legally required.
- Dual Criminality: The alleged act is not considered a crime under Estonian or EU law (e.g., certain forms of protected political expression).
3. Substantive Overreach:
- Overly Broad: The request is a "fishing expedition" that lacks specific selectors and asks for data on an entire group of users.
- Manifestly Unfounded: The request appears to be an abuse of power or intended for harassment rather than a legitimate criminal investigation.