Legal Process Policy

Version 1, 31 July, 2025

This Legal Process Policy (“Policy”) establishes the principles that Flodesk, Inc. and its subsidiaries (collectively, “Flodesk”) will follow when responding to legally valid requests for documents or witness testimony, whether issued by civil litigants, criminal defendants, courts, law enforcement or government or public authorities (collectively “Requests”). The Policy represents Flodesk’s commitment to maintaining the privacy of its users, their respective subscribers, and our employees (collectively, “Data Subjects“) and adhering to the law, legal process, and data privacy regulations that apply in the many jurisdictions in which it operates. 

This Policy is intended to provide information to all persons or entities seeking the production from Flodesk of information related to other people or things (“You” or “Your”). This Policy does not apply to Data Subjects requesting their own personal data, which Data Subjects, exclusive of employees, may request by emailing us at privacy@flodesk.com, and employees may request by emailing us at people@flodesk.com.  All communication in this regard will be subject to Flodesk’s verification of requestor’s identity.  

Data Subject information is held by Flodesk in accordance with Flodesk’s Privacy Policy and Terms of Service.  

We may transfer, disclose and preserve Data Subject information as stated in our Privacy Policy, to, among other things, (a) comply with law enforcement or legal process, such as a court order or subpoena; (b) protect your, our or others’ rights, property or safety; (c) enforce our policies; and/or (d) assist with an investigation or prosecution of suspected or actual illegal activity.

Flodesk maintains a centralized process for receiving, tracking, processing, and responding to Requests.  We review and evaluate all Requests received, and Requests which Flodesk determines to have no valid legal basis or considers to be unclear, inappropriate or over-broad are objected to, challenged or otherwise rejected.

Nothing within this Policy is intended to create any enforceable rights against Flodesk, and Flodesk may update or change the Policy in the future without notice. The latest version of this Policy will be available on the Flodesk website.

This section covers the general types of information which are and are not available from Flodesk.  Flodesk may produce the following information in response to a legally valid Request to the extent it has such information available in its records:

• Name and email address associated with a Data Subject who is a member of Flodesk Services, or a member’s subscriber;

• Messages member delivered using Flodesk Services; 

• Templates of messages sent to members through the Flodesk Services;

• Log of certain activity on the Flodesk platform; and/or 

• Information uploaded by members to the Flodesk platform.

Flodesk may minimize, redact, or otherwise limit the information produced in response to a Request as appropriate and necessary to comply with the Request and applicable law. 

Flodesk is not a financial institution or bank or payment processor.  Accordingly, Flodesk is generally not in possession or custody of bank account statements, complete banking or credit card information, digital payment information, account opening documentation, full account numbers or any other information typically held by financial institutions or payment processors.  

For bank account and related information, Flodesk can provide you the name of the relevant third-party payment processor and you can contact them for additional information.  As of the date of this Policy, and until further updated, the third party payment process for subscribers using the Flodesk Checkout services is Stripe, Inc. at https://stripe.com.  Financial information related to the payment of any subscription fee is held by a third party entity called Recurly, Inc. at https://recurly.com/legal/

Requestors should be as specific as possible when fashioning their Requests to avoid misinterpretation, objection, challenge and/or rejection of an unclear, inappropriate or overbroad request.  All Requests should include the legal basis for the request by citing the specific provision of domestic law which authorizes the collection of information from a third-party entity such as Flodesk for the purposes of prevention, detection or investigation of offenses, or the relevant provision of the applicable data privacy law or regulation.  Requests that do not have a legal basis, are overbroad, vague, do not provide sufficient information to identify responsive information, or that are otherwise inappropriate will be rejected.

When submitting Requests, the requester should identify the specific Flodesk member or member’s subscriber at issue.  When possible, the requestor should provide unique identifiers associated with member / subscriber such as their email address.  Names alone, without additional identifiers, are often not unique identifiers and Flodesk may not be able to identify responsive records using names alone.  

Flodesk is unable to conduct searches using dates of birth, physical addresses, social security or national identification numbers, or card card or bank account numbers; therefore, do not send the aforementioned information.

From the United States:  Flodesk will not waive service requirements for Requests seeking production or witness testimony; and it does not accept service via electronic means. Unless prior written consent is obtained or it is an emergency situation, as defined below, all Requests must be properly domesticated, where appropriate, and served through Flodesk’s registered agent of service of process in, among other places, Delaware or California.

Elsewhere In the World: If you are located outside of the United States and requesting a production of documents from Flodesk, you must utilize mutual legal assistance treaties (“MLATs”), the Hague Evidence Convention, or other comparable arrangements under applicable law.

Requests for information in emergencies without an otherwise legally valid subpoena, search warrant, court order, or information request may be submitted to Flodesk via legal@flodesk.com.  An emergency, for purposes of these requests, exists when Flodesk believes, in good faith, that the failure to disclose relevant information will result in imminent threat of death or serious injury to any person, terrorism, cyber-terrorism or kidnapping. Those seeking to demonstrate that an emergency exists must: 

• sufficiently verify his/her/their identity, including credentials as law enforcement or a government official, 

• describe the nature of the emergency, and 

• explain how the failure to disclose relevant information will result in the imminent threat of death or serious injury to any person, terrorism, cyber-terrorism or kidnapping. 

The email should also include the word “EMERGENCY” in the subject line.

Flodesk will not review or respond to requests submitted by non-law enforcement officials or government agencies. People aware of an emergency situation should immediately and directly contact the appropriate law enforcement official or government agency.

We will take reasonable steps to preserve account records in connection with official criminal investigations for ninety (90) days pending our receipt of formal legal process. You may make the request by emailing Flodesk at legal@flodesk.com.