How we handle legal requests
Our policies for responding to government and legal demands for user data.
What we can and cannot provide
Our encryption architecture limits what we can disclose, even when legally compelled.
What we can provide
- Account email address
The email used to create the account
- Account creation date
When the account was first registered
- Last login timestamp
When the account was last accessed
- Device information
Basic device identifiers used for sync
- Encrypted data blobs
The encrypted content we store (unreadable without keys)
What we cannot provide
- Decrypted journal entries
We do not have the encryption keys
- Plaintext vault entries or encrypted notes
Journal vault content and encrypted notes are end-to-end encrypted with keys we do not possess
- AI conversation transcripts
Processing is ephemeral, not stored
- Decrypted emotional reflections
Your raw words in the vault are encrypted and inaccessible to us
Our process for legal requests
We take every legal request seriously and follow a careful process to protect your rights.
Verify validity
We verify that any legal request is valid, properly served, and legally enforceable in our jurisdiction.
Evaluate scope
We push back on overly broad requests and work to narrow the scope to what is legally required.
Notify user
Unless legally prohibited, we notify affected users before disclosing any information so they can seek legal counsel.
Provide minimum required
We provide only what is legally compelled, nothing more. Due to encryption, this is often limited to metadata.
Transparency reporting
We believe in accountability. Here is what we commit to publishing.
Annual reports
Published yearly with total number of requests received
Request types
Breakdown by type: subpoenas, court orders, national security
Compliance rate
How many requests we complied with, challenged, or rejected
Warrant Canary
As of January 17, 2026, we have not received any National Security Letters, FISA court orders, gag orders preventing disclosure of legal requests, or any request to insert backdoors into our encryption.
This statement is updated with each transparency report. If this statement is removed or not updated, users should assume we may have received such a request.
Our vault encryption is not a policy. It is mathematics.
We could not decrypt your vault entries or encrypted notes even under court order. AI-generated summaries and structured metrics could theoretically be provided if legally compelled.
Your own protection
While we protect your data on our end, here is what you can do to strengthen your security.
Use a strong, unique password
A compromised password elsewhere should not affect your Daylogue account.
Keep your devices secure
Your encryption keys live on your devices. Device security is key security.
Store your recovery phrase safely
If you use device key backup, store recovery information securely offline.
Enable two-factor authentication
Add an extra layer of protection to your account access.