Dimagi’s Principles for US Government Data Requests

The intent of this page is to assist in answering questions and concerns for potential and current customers regarding Dimagi’s approach to US Government requests for data hosted in US Cloud data centers. This page is intended as a clarification of the practice of Dimagi’s governing policy terms; it does not constitute legal advice nor should it be interpreted to establish distinct terms outside of the standard or existing contractual agreements.

Context:

On occasion, software companies may receive a request from a US government or law enforcement agency seeking data belonging to a customer hosted within the United States. When responding to such a request, Dimagi follows the principles described in this page to the degree practically possible, while adhering to all lawful orders.

We are focused on responsible data stewardship:

Dimagi believes that our customers and their clients deserve access to tools and services which can protect their data to the highest professional standard. We are organizationally committed to industry leadership in ensuring the privacy and security of customer data, with transparent and independently audited practices. We have designed our practices, policies, and priorities towards safeguarding customer data from unauthorized access or disclosure of any kind.

Our stance on data governance:

As outlined in our Terms of Service and Privacy Policy, Dimagi is not the owner of customer data content hosted in our systems. As stewards of our customer’s data, we believe that they should have as much control as possible over the use and disclosure of their own data. 

It is our position that US Government or law enforcement agency requests for customer data should, if possible, be addressed directly to the customer as the owner of that data. If such requests are made to Dimagi for customer data hosted in US servers we will work to direct that request to the customer for them to respond directly, when possible. When legally permitted we will take commercially reasonable steps, according to customer’s wishes, to support our customers in opposing such a request. 

We will notify customers of requests when legally permitted to do so:

As outlined in the “Third Party Requests” section of Dimagi’s Business Agreement, Dimagi will promptly notify our customers of Dimagi's receipt of a data request by any third parties, US Government included, unless explicitly prohibited by law. 

We will only comply with lawful requests to the extent required:

We review each request by a US Government or law enforcement agency individually to determine the extent of its legality and our compliance. We attempt to challenge requests or portions of requests that we believe to be unlawful, and will only comply with lawful requests made through legally issued subpoena, warrant, or other appropriate mechanism. As a certified B Corporation dedicated to promoting positive social impact around the world, Dimagi’s terms are conditional on legal and ethical acceptable use of our systems. We may, according to our judgment and careful review, decline to challenge legally issued requests which pertain to a flagrant violation of the acceptable use of our systems, ethical standards, and applicable law. 

We maintain a record of all US government or law enforcement agency requests for customer data, including the request itself, any response provided, and any communications with the government concerning the request.

 

For any queries please contact us at privacy@dimagi.com.