Effective date: August 18, 2025
Next review: February 18, 2026 (or sooner if laws change)
Applies to: All requests from law enforcement or government authorities for information or assistance relating to Hyvery services.
Important: These Guidelines are for information only and do not create contractual rights. Hyvery may update them at any time.
Hyvery respects the privacy of our customers and users and complies with applicable laws. We disclose data only in response to valid legal process, or in limited emergency situations where we have a good‑faith belief disclosure is necessary to prevent death or serious physical harm. We strive to:
Require proper legal process and verify authority and scope.
Limit disclosures to what is specifically requested and legally required.
Notify customers of requests unless legally prohibited or where notification would present a risk of harm.
Challenge overbroad or unlawful demands.
Maintain transparency through aggregate reporting where permitted.
Primary email (preferred): legal@hyvery.com
Security liaison: security@hyvery.com (for urgent security matters)
Mailing address: Hyvery, Inc., 4004 Sunburst View Cir., Kissimmee, FL 34746, USA
We accept electronic service only where permitted by law or by our written consent. Otherwise, serve through applicable procedures under federal/state rules. Requests sent via social media, chat, or support channels will not be processed.
United States authorities: Provide appropriate legal process under U.S. law (e.g., subpoena, court order, search warrant).
Non‑U.S. authorities: Must use established cross‑border mechanisms (e.g., MLAT or letters rogatory) or obtain an order from a U.S. court with proper jurisdiction. We do not provide data directly to foreign authorities without such process.
Subpoena / Administrative Subpoena: May compel non‑content information (e.g., basic subscriber/account info) to the extent allowed by law.
Court Order: May compel certain transactional or non‑content records.
Search Warrant: Required for content at rest where Hyvery is the custodian and for certain sensitive records; must be issued upon probable cause by a judge with jurisdiction.
Protective / Nondisclosure Orders: We comply where valid; we may seek to narrow scope or duration.
Emergency Disclosure: In limited circumstances, we may disclose information without legal process where we have a good‑faith belief that disclosure is necessary to prevent imminent danger of death or serious physical injury. See §8.
Hyvery is a B2B SaaS platform. Depending on configuration, we may hold:
Customer Account Data (Controller context): Organization name, admin contact, billing contact, subscription tier, support history.
Customer Data (Processor context): Customer‑submitted business records (e.g., locations, floor plans, tickets, work orders, invoices, programs/campaigns, assessments, events). Access and retention are governed by the Customer’s settings and our DPA.
Service/Log Data: Security and operational telemetry (e.g., IPs, timestamps, user agent, event logs, error reports).
We do not provide decryption keys or build backdoors. Data is encrypted at rest and in transit; Hyvery can access data in its capacity as a service provider only as necessary to operate the service and to comply with law.
We notify the affected customer before producing data, providing a copy of the request, so they may seek legal remedies, unless: (a) we are legally prohibited; (b) there is a clear risk of harm or flight; or (c) exigent circumstances make notice impracticable. If delayed notice is mandated, we will notify promptly after the restriction lifts.
All requests must include:
Authority & origin: Agency name, requesting officer/agent’s full name, title, official email/phone, and mailing address.
Legal basis: Type of process (e.g., subpoena, warrant), issuing court/authority, statutory references, and any nondisclosure/protective orders.
Specific identifiers: Organization/tenant name, user email(s), resource IDs, relevant IP addresses, and precise date/time range in UTC. Avoid broad terms like “all data.”
Scope & categories: Describe exactly what you seek (e.g., subscriber info, specific documents, logs).
Production format & deadline: Preferred electronic format (CSV/JSON/PDF) and legal response date.
Contact for coordination: Name, email, and phone.
We may refuse or narrow requests that are overbroad, vague, or unduly burdensome.
For imminent threat cases (e.g., risk of death or serious physical injury):
Send “EMERGENCY REQUEST” in the subject line to security@hyvery.com and legal@hyvery.com.
Provide: (a) a specific description of the emergency; (b) the nature of the threat; (c) the individual(s) at risk; (d) the data needed and why; (e) why normal process is insufficient; and (f) your agency verification.
We may request a signed Emergency Disclosure Request Form on agency letterhead.
We will evaluate in good faith and may disclose limited information necessary to address the emergency. A formal legal process may still be required for additional data.
We will accept preservation requests from U.S. law enforcement to preserve specific records in connection with an official investigation for 90 days, extendable once for an additional 90 days upon receipt of a renewal before expiration.
Requests must identify the targeted accounts or data with particularity and include date/time range (UTC).
Preservation maintains a snapshot; it does not provide data access. Lawful process is still required for disclosure.
Format: Unless otherwise required, productions are provided electronically (secure portal or encrypted archive) in CSV/JSON/PDF with UTC timestamps.
Certification: We can provide a Custodian of Records declaration and hash values for produced files upon request.
Costs: To the extent permitted by law, Hyvery may seek reimbursement for reasonable costs associated with responding to requests, especially for extensive data pulls or expert time.
Limits: We only produce information within our possession, custody, or control.
Hyvery retains data according to documented schedules and Customer configurations. Some logs are retained for 12–24 months; backups are retained on rolling schedules. Deleted Customer Data may persist in encrypted backups until those backups expire. We do not restore backups except as required by law or to fulfill our disaster recovery obligations.
Where permitted, Hyvery may publish aggregate, periodic statistics (e.g., number and type of requests, countries of origin, and outcome) and will delay reporting where doing so could jeopardize investigations or violate law.
We do not respond to civil requests seeking Customer Data without notice to the Customer and an opportunity for the Customer to obtain the records directly.
For civil matters, serve the Customer directly whenever possible. Hyvery will object to improper requests for Customer Data.
Customer Data: Content that customers upload or create in the Hyvery platform (we process it as a service provider/processor).
Account Data: Business contact and administrative details about the customer’s account with Hyvery.
Service/Log Data: Technical logs and telemetry generated by use of the Service.
We publish a security.txt file at /.well-known/security.txt with security contact details, and a Vulnerability Disclosure Policy (VDP) on our website for reporting product vulnerabilities.
A) Sample Preservation Request (Agency Letterhead)
Agency and contact details
Target identifiers (tenant name, user emails, IPs)
Precise UTC date/time range
Description of investigation and legal authority
Signature of authorized official
B) Sample Data Request (Agency Letterhead)
Authority and legal process type (attach order/subpoena/warrant)
Specific data categories requested
Target identifiers and UTC date/time range
Preferred format and deadline
Non‑disclosure order (if any)
Contact for follow‑up
Government agencies with questions about these Guidelines may contact legal@hyvery.com. Customers with questions should contact privacy@hyvery.com or their Hyvery account representative.