Pre-launch policy

Legal / Government Requests

How Enmarch evaluates government, regulatory, and law-enforcement requests.

What Enmarch can access

Enmarch is designed as a private, encrypted messaging service. Message contents are encrypted on user-controlled devices, and Enmarch servers are designed to store encrypted message envelopes and the operational records needed to run the service.

Enmarch does not design, maintain, or offer a general server-side ability to read users' plaintext messages.

Reviewing requests

When a law-enforcement agency, court, regulator, or government body requests information about an Enmarch user, we review the request before producing data. We assess whether it has valid legal process, proper authority, clear target identifiers, a defined time period, and a specific legal basis. We may reject, narrow, or challenge requests that are vague, overbroad, procedurally invalid, or inconsistent with applicable law.

Records that may exist

We cannot provide information that we do not possess. Because Enmarch does not hold plaintext message contents or private keys, neither can be produced in response to a request.

Depending on what exists in our systems at the time of a valid request, we may be able to provide limited account, device, wallet, protocol, message-delivery, security, and audit records. This may include wallet addresses or internal account identifiers, device identifiers and public keys, conversation membership records, message identifiers and hashes, retained encrypted message envelopes, delivery or receipt records, timestamps, request identifiers, user-submitted abuse reports, and security audit logs. It does not include plaintext message content, private keys, seed phrases, device secrets, or records that have already been deleted or purged.

Preservation and user notice

We may preserve matching records when legally required to do so. Preservation can temporarily suspend ordinary deletion while legal process is reviewed or completed. It does not create new data, decrypt messages, or give Enmarch access to plaintext content.

Where legally permitted, we may notify affected users before disclosing their information. We may delay or withhold notice when prohibited by law or court order, in an emergency, or where notice would create a risk of harm, obstruction, or fraud. We may publish aggregate transparency information about requests we receive, unless legally restricted.

Emergency requests

Emergency requests are handled separately. If a request claims an imminent risk of death, serious physical harm, child exploitation, or another legally recognized emergency, we may review and respond on an expedited basis. Even then, we disclose only data we actually have and only to the extent we believe disclosure is lawful and necessary.

Abuse reports and enforcement

For abuse and illegal-use reports, Enmarch relies on privacy-preserving controls such as rate limits, device or wallet restrictions, spam prevention, block and report tools, and account enforcement.

Enmarch does not silently scan private messages. When a user voluntarily reports a message, they may choose to provide decrypted content or supporting evidence. The reporting flow should make clear what leaves the user's device.