Legal
Transparency Report
Our commitment: We publish this report annually to be transparent about government and legal requests for user data. Given our zero-knowledge architecture, there is a hard limit to what we can provide even when legally compelled.
What We Can and Cannot Provide
Fern & Echo uses client-side AES-256-GCM encryption. Vault contents are encrypted in your browser before reaching our servers. We hold ciphertext we cannot read — this is not a policy, it is an architectural fact.
We can provide: account metadata (email, creation date, last login), audit log actions (no content), share relationship records, failed login IP addresses.
We cannot provide under any circumstances: vault contents, encryption keys, or plaintext versions of any encrypted field.
All legal requests must be directed to legal@fernecho.app.
2026 Report
| Request Type | Received | Complied With | Notes |
|---|---|---|---|
| Subpoenas | 0 | 0 | — |
| Court Orders | 0 | 0 | — |
| Search Warrants | 0 | 0 | — |
| National Security Letters | 0 | 0 | — |
| GDPR/CCPA Requests | 0 | 0 | — |
This report covers January 1 – December 31, 2026. It will be updated annually.