Law Enforcement & Government Requests Transparency Statement

Last updated: 15.11.2025

At Spayo (operated by Krasen Markov, Thurgau, Switzerland), we are committed to protecting the privacy and rights of our users. This Transparency Statement explains how we handle government or law-enforcement requests for user information, what data we can lawfully provide, and under which conditions.

Please note: We do not monitor, review, or access user-generated images unless strictly required by law. Spayo is designed with privacy by default.

1. Our Core Principles

We follow four strict principles when dealing with legal requests:

a) Legality

We only respond to valid, lawful, and properly formatted legal requests issued under applicable Swiss law or binding international legal assistance treaties.

b) Minimum Disclosure

We provide only the minimum amount of data required by law.
If we do not possess the requested data, we explicitly state so.

c) User Protection

If allowed by law, we notify the affected user when their data is subject to a legal request.

d) Privacy-by-Design

We intentionally collect as little personal data as possible, which limits what can be disclosed.

2. What Data We Do Not Store

To protect your privacy, Spayo does not store:

  • Uploaded images
  • Generated images (unless saved to Gallery)
  • Prompts or styling choices tied to a specific user (except for temporary processing)
  • IP logs longer than the minimal required security window
  • User activity logs of what they generated, clicked, viewed, or edited
  • Any biometric, facial recognition, or identity-related metadata

This means:

➡️ If a user does not save a design to their Gallery, we cannot access or recover it.
➡️ We cannot tell what images a user uploaded or generated.
➡️ We cannot review stored content unless the user has saved it.

This privacy structure effectively limits the data that can be provided to authorities.

3. What Data We Store

We only retain data necessary to operate the service:

a) Account Information

  • Full Name
  • Email address
  • Profile Photo

b) Stripe Payment Metadata (Non-sensitive)

  • Transaction ID
  • Subscription or token purchase history
  • Country (if provided by Stripe)

We do not store or have access to:

  • Full credit card numbers
  • CVV/CVC codes
  • Bank account details

c) Saved Gallery Content (Optional)

Only if a user actively saves a design.

d) Minimal Technical Logs

Kept only for:

  • Security
  • Abuse prevention
  • Fraud detection

These logs are retained for the shortest reasonably necessary period according to Swiss privacy law.

4. How We Handle Requests from Law Enforcement

We require:

  • A court order, search warrant, or legally valid subpoena issued in Switzerland; or
  • A foreign request submitted through official legal assistance treaties (e.g., MLAT)

Requests sent directly by foreign police forces without treaty procedures are rejected.

We review each request to ensure:

  • It is lawfully issued
  • It is specific and limited
  • It seeks data we actually possess

If a request is overly broad, vague, or outside legal scope, we will reject or challenge it.

5. What We Can Provide (If Legally Required)

If a valid legal order is issued under Swiss law, we may disclose:

  • Email address associated with an account
  • Basic account registration information
  • Saved images explicitly stored in the Gallery
  • Payment records from Stripe (limited)
  • Minimal server logs if still retained

But only if required by law.

We cannot provide:

  • Deleted content
  • Unsaved user images
  • Browser or device history
  • Chat prompts or generation details
  • IP addresses older than the retention window
  • Any content not stored in our system

6. User Notification Policy

Unless legally prohibited under Swiss law, we will:

✔ Notify the user that their data has been requested
✔ Provide the nature of the request
✔ Allow time for legal challenge where possible

We do not notify users if:

  • The request is urgent
  • Notification is legally forbidden
  • Providing notice could cause harm or obstruct justice

7. Annual Transparency Reporting

Once Spayo reaches significant scale, we plan to publish an annual Transparency Report summarizing:

  • Number of requests received
  • Type of requests
  • How many were challenged
  • How many resulted in partial or full disclosure

This enhances trust and accountability.

8. Contact for Law Enforcement

Law enforcement agencies may contact us at:

📧 [email protected]
🏢 Krasen Markov
Thurgau, Switzerland

⚠ Requests must include:

  • Full agency details
  • Legal authority
  • Case reference
  • Specific requested information
  • Valid Swiss legal basis or MLAT documentation

Requests without proper legal process will be rejected.

Conclusion

Spayo is committed to user privacy and strict compliance with Swiss and international law.
Our policy ensures:

  • We protect user privacy by design
  • We only disclose what is legally required
  • We challenge improper or unlawful requests
  • We do not store data beyond what is necessary

If you have questions about this policy, contact us at:
📩 [email protected]