In short: we protect our users. We disclose data only when the law properly requires it, and we never hand over biometric patterns in readable form.
1. Legal process we require
- Basic records: a valid subpoena or equivalent legal process.
- Non-content records: a court order or equivalent.
- Content: a warrant based on probable cause, or the equivalent in the requesting country.
Requests from outside our jurisdiction should generally come through a recognized cooperation channel (for example, an MLAT).
2. Notice to users
We aim to notify affected users before disclosure, unless we are legally prohibited or there is a genuine emergency involving risk to life.
3. Emergencies
In a genuine emergency involving a risk of death or serious harm, we may disclose limited information to help, following applicable law.
4. Data minimization and biometrics
We provide only what the request lawfully requires. Biometric patterns are encrypted and are never disclosed in plaintext.
5. How to submit a request
Authorities: email legal@xheight.com with the legal process attached.
Mail: Xheight Legal Department, Tel-Aviv, Israel