OVH does not release customer data without a properly served, valid, and binding legal demand. We require that requests for customer data be sent to OVH for our legal team to review. When the legal team receives a request, they review the request to ensure that it is a legally valid demand.
Generally, OVH produces non-content information in response to valid and binding subpoenas. Non-content information is data such as name, address, billing information, and certain service usage information. Content information is the content of data files stored in an OVH customer’s account. OVH does not produce content information in response to subpoenas. OVH may produce non-content and content information in response to valid and binding search warrants that are issued upon a showing of probable cause.
Generally, the government needs legal process—a subpoena, court order, or search warrant—to compel OVH to provide customer data. OVH does make exceptions in certain emergency cases such as when OVH has a good faith belief that imminent bodily harm may result.
The CLOUD Act authorizes the President to establish executive agreements permitting “qualifying” foreign governments to request records pertaining to foreign citizens from U.S.-based providers. To qualify, a foreign government must both be approved by the Attorney General and the Secretary of State and also abide by “robust” substantive and procedural protections for “privacy and civil liberties.”
To date, no such executive agreements exist. Until then and for the countries without agreements, OVH would continue to honor requests only if they followed the mutual legal assistance treaty (“MLAT”) process.
Unless prohibited by law, OVH will notify customers of a law enforcement request to OVH for information relating to customers or customers’ accounts.