Frolo Law Enforcement Guidelines

These guidelines (“Guidelines”) are a reference for law enforcement officials seeking the data of users of the Frolo platform (the “Platform”). 

Frolo is committed to cooperating with law enforcement while respecting the privacy and other rights of its users. To achieve this, Frolo has internal policies and procedures governing how Frolo handles and responds to law enforcement requests. These require that Frolo disclose user data only where a request is based on a valid legal process or in emergency circumstances.

Frolo is committed to cooperating with law enforcement while respecting the privacy and other rights of our users. To achieve this, we have internal policies and procedures governing how we handle and respond to law enforcement requests. These require that we disclose user data only where a request is based on a valid legal process or in emergency circumstances.

All requests received undergo a case-by-case assessment by Frolo’s law enforcement response team before any user data is disclosed. This team is trained to evaluate requests from law enforcement authorities and frequently engages in outreach to communicate Frolo’s requirements for disclosing user data to law enforcement authorities.

1. Basic Requirements

First, requests must be addressed to Frolo at: Frolo Limited, C/O Craufurd Hale Group The Ground Floor, Arena Court, Crown Lane, Maidenhead, United Kingdom, SL6 8QZ. 

All requests to Frolo and any supporting documents (including orders, warrants, and/or subpoenas or equivalent) must be provided in English or with a translation. Frolo will not respond to requests for user data sent by non-law enforcement officials or when they are sent through informal channels.

2. Types of User Data 

Frolo may hold the following user data which can be the subject of a valid law enforcement request:

  • username
  • device information
  • content (feed posts, messages)
 

Each request must clearly specify the type of data requested and the legal basis for requesting it. If the request does not meet the applicable legal requirements for the requested data (as listed in Section 3 below), the data will not be disclosed. This is in particular the case for requests relating to content data (which generally require a domestic court / judicial order, warrant or equivalent).

3. Requirements When Making a Request

Each request must be signed, dated, sent on law enforcement letterhead and include the following information:

  • Details of requesting law enforcement authority (or Court):
    • Requesting Authority (or Court): The name and location of the law enforcement authority. In the case of a Court order, the request should indicate the location and name of the relevant Court and judge / magistrate.
    • Requesting officer: The requesting officer’s name, badge / identification number, email address (this must be from an official email domain) and phone number (including any direct dial extension).
  • Details of relevant user account:
      • username: When requesting data regarding a specific user of the Platform, you must provide a specific username or an approved account identifier associated with the relevant account. 
      • Phone number
      • Email address
    • Data requested: The request should clearly specify the scope of the data requested. Overly broad requests will be refused.
    • Date range: The request must specify a date (and, if possible, a time), or a date range as relevant to the request (for historic data only).
  • Legal basis for the request:
    • Relevant legal process: The request should clearly specify the legal process (i.e. citing the relevant article or section of an Act / Statute / Code), which authorizes law enforcement to request and collect information for the purposes of prevention, detection or investigation of criminal offences.
    • Context and Offence(s) under investigation: The request should separately indicate the type of offence(s) under investigation (citing the relevant Act / Statute / Code), the circumstances of the offence and in what way it is connected to the Platform.
    • User notification: Please indicate whether user notification is permitted (see Section 4 below).

4. User Notifications

It is our policy to notify Frolo users before disclosing their data to law enforcement, unless providing such notice: (a) is prohibited under applicable law; (b) would jeopardize an investigation; and/or (c) would put individuals at risk of harm. It is the responsibility of the requesting law enforcement authority to clearly indicate in their request whether any of these criteria are met. Frolo will honour such requests where appropriate supporting information is provided (for example, if a request makes reference to a non-disclosure obligation under applicable law).

5. Preservation Requests

Frolo will honor formal requests to preserve user data for 90 days. 

Preservation requests must be sent on law enforcement letterhead, signed, and must clearly identify the specific user data to be preserved (by reference to username, the data type and date ranges as per Section 3 above). Frolo will preserve information for an additional 90-day period upon receipt of a formal request to extend the preservation. We may not honour multiple extension requests beyond one additional 90-day period. If Frolo does not receive formal legal process for the preserved information before the end of the preservation period, the preserved information may be deleted when the preservation period expires.

Overly broad or unspecific preservation requests will not be actioned. To seek disclosure of preserved data, the requirements set out in Sections 1 and 3 of these Guidelines will apply.

6. Emergency Requests

Frolo has processes in place to handle emergency requests. Such requests are evaluated on a case-by-case basis: if as part of an emergency request we receive information that is sufficient in our assessment to establish a good faith belief that there is an emergency involving imminent harm or the risk of death or serious physical injury to a person, we may provide user data necessary to prevent that harm, as permitted by applicable law.

All emergency requests must be made by a sworn law enforcement official, and come from an official law enforcement email domain (if sent via email). Non-law enforcement personnel aware of an emergency situation should immediately and directly contact local law enforcement officials.

7. Other

In submitting a request, law enforcement officials are required to ensure that any information provided is complete and accurate to the best of their knowledge and good faith belief, and that the disclosure (or other action) requested is necessary and proportionate for the purposes of the prevention, detection or investigation of offences, or to prevent an emergency. Once received by law enforcement, the law enforcement authority is required to handle such data in accordance with applicable laws, including relevant data protection laws.

Frolo reserves the right to seek reimbursement for the costs associated with responding to law enforcement requests.

Frolo may update or replace these Guidelines from time to time at its sole discretion and without notice to any party.

Questions and answers: 

Q: Does Frolo ever reject data requests from law enforcement authorities?

Yes, Frolo rejects data requests from law enforcement authorities where they do not meet the requirements that are clearly set out in our guidelines above.  

Q: How else does Frolo ensure that requests from law enforcement authorities are valid?

Aside from rejecting requests from law enforcement authorities that are not made in accordance with the relevant legal processes and requirements, Frolo will in accordance with applicable law:

  • seek to narrow the scope of data requests in terms of the volume of data requested, the number of users they relate to and/or the time period to which they relate;
  • ask for further information in support of the request (in particular, for details of the relevant legal process and/or the type of offence(s) under investigation); or
  • communicate to the requesting law enforcement authorities that a request via the Mutual Legal Assistance Treaty (“MLAT”) process is necessary to obtain disclosure of the requested data.

Q: Does Frolo ever disclose user data outside of formal legal requests?

Frolo may disclose user data without receiving a formal legal request (based on valid legal process) in the following cases:

  • Emergency circumstances: Where satisfied there is an emergency involving imminent harm or risk of death or serious physical injury to a person, we may provide user data necessary to prevent that harm, as permitted by applicable law.
  • Reporting obligations: In certain circumstances, Frolo is subject to legal obligations to report certain user data either to law enforcement authorities or to designated bodies such as the National Crime Agency (UK). 

Q: What type of scenarios would constitute an emergency?

All emergency disclosure requests undergo a case-by-case assessment and each request will be evaluated by our law enforcement response team based on its particular circumstances. However, the following are some examples that may constitute an emergency:

  • Cases of child safety and exploitation;
  • Missing persons;
  • Suicide and self-injury scenarios;
  • Imminent threats of violence. 

Q: Does Frolo accept data requests from law enforcement authorities in all countries?

Frolo Limited houses user data in the United Kingdom. 

  • We request that law enforcement authorities outside of the UK request via the Mutual Legal Assistance Treaty (“MLAT”) process to obtain disclosure of the requested data.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us