About these Guidelines. These guidelines are provided for use only by government and law enforcement agencies when seeking information from cPanel. All other requests for information regarding cPanel customers/users, including customer/user questions about information disclosure, should be directed to email@example.com. In this guide, cPanel, Inc. is referred to as the “Company.” Our products are referred to by their names.
cPanel, Inc. has been the web hosting industry’s most reliable, intuitive web hosting automation platform since 1997. The Company is a private company located in Houston, Texas
The Company is not a hosting company or a data center. Instead, it licenses a web hosting automation platform that provides an interface and tools to automate and simplify website hosting on a business to business basis. These products are licensed as “cPanel®”, “WHM®” and “cPanel & WHM®.” Because of the nature of the Company’s products, these products do not transmit to the Company significant information about the Company’s customers. Information that the Company does have about its customers is generally limited to transactional information about their license and aggregate use of its products. The information consists of billing information, contact information, the domain name where the Company’s customers’ sites are hosted, and limited access to IP address information. The Company does not have control over, or access to, any website’s content even if that website is administered through its products. The Company does not process or store email on behalf of customers. As a result, the Company is rarely an online repository of information that is useful to law enforcement, as evidenced by its transparency reporting.
Responding to Law Enforcement Requests
The Company responds to law enforcement requests in accordance with applicable law. These guidelines are for law enforcement officials seeking records from the Company. Please send all law enforcement process, requests, and correspondence to firstname.lastname@example.org.
The Company carefully reviews all requests from government, law enforcement, and third parties to ensure that there is a valid legal basis for each request; and complies only with legally valid requests. If the Company determines that there is no valid legal basis or where a request is considered to be inappropriate, the Company will challenge or reject the request.
U.S. Legal Process Requirements
cPanel, Inc. is a U.S. entity based in Texas. Because of this, disclosure of user data is governed by United States law, including the Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. Under that law, the Company requires:
- A valid subpoena issued in connection with an official criminal investigation is required to compel the disclosure of basic subscriber records (defined in 18 U.S.C. Section 2703(c)(2)), which may include: service start date, last seen date, IP address, and email address, if available.
- A court order issued under 18 U.S.C. Section 2703(d) to compel the disclosure of any transactional or other records apart from the basic subscriber records outlined above.
- Although the Company does not presently store any private content of its customers, it would require a search warrant to compel the disclosure of any private stored content in the future.
International Legal Process Requirements
Because the Company is a U.S. entity, we respond only to valid legal process issued by a U.S. governmental entity or court and properly served in the U.S.
To obtain data from the Company, non-U.S. law enforcement will need to work through an applicable MLAT, letter rogatory, or other process for international cooperation. For more information, you may wish to contact the Office of International Affairs at the U.S. Department of Justice.
User Notice Policy
The Company has adopted a user notice policy. We will notify our customers of all law enforcement requests 14 days prior to producing data to law enforcement, except where providing notice is explicitly prohibited by the legal process itself, by a court order the Company receives (e.g., an order under 18 U.S.C. § 2705(b)), by applicable law or where the Company in its sole discretion, believes that providing notice creates a risk of injury or death to an identifiable individual, or would cause harm to the Company.
The Company honors requests for preservation of account records made by law enforcement in connection with official criminal investigations pursuant to 18 U.S.C. § 2703(f), or similar provisions under state law. Upon receipt of a valid preservation request, the Company may preserve the data for up to 90 days.
The Company can only preserve information for active accounts. If a request to preserve information is received after an account has been deleted, the Company may not be able to honor that request.
Pursuant to 18 U.S.C. §§ 2702(b)(8) and 2702(c)(4), the Company may provide data to law enforcement when provided with written information that gives the Company a reasonable, good faith belief that there is a risk of imminent harm to a person (e.g., death or serious physical injury) and that the Company possesses information that may avert that harm.
Emergency requests may be sent as a document on official letterhead or via email to email@example.com from an official government email account address. For expedited processing of request, we recommend including the word "EMERGENCY" in the subject line of your message. The Company is unable to accommodate verbal, telephonic, or instant message requests of this nature. Requests addressed to resources other than firstname.lastname@example.org, will result in a significant delay in review of an emergency request.
Data Retention and Availability
The Company retains limited data about its customers. We will search for and disclose information that is specified with particularity in an appropriate form of legal process and which we possess and are reasonably able to locate and retrieve. We do not retain data for law enforcement purposes unless we receive a valid preservation request.
Form of Requests
Requests should be specific and identify the records sought. The Company will object to overly broad requests.
Legal process requesting user data must specify the target of the request by the domain name used by the target, the business’ legal name, or credit card used for and must include a return date and location. The Company will object to return dates that do not allow adequate time for it to comply with its user notice policies, which prohibit disclosure that is not expressly required by law, or that are unduly burdensome.
Submission of Requests
Legal process should be served from an official government/law enforcement email address and sent to email@example.com. Law enforcement agents who are unable to include the legal process in an email may notify us via email of their limitations so we may coordinate service of process.
Acceptance of legal process by any of these means is for convenience and does not waive any objections, including lack of jurisdiction or proper service.
To prevent delays in processing your request, Law enforcement requests should be served on the Company at:
2550 North Loop W., Suite 4006
Houston, TX 77092
United States of America
Please provide a courtesy copy to firstname.lastname@example.org to aid in our processing. By providing this email address, the Company does not consent to service of process by email or waive any objections to improper service or jurisdiction.
Updates to This Information
The Company may periodically update this information, which should be consulted before making any request.