These guidelines explain how Sharkforce Inc., a corporation incorporated under the laws of Canada (federal), responds to requests from law enforcement and other government authorities for data relating to Docshark. They are intended to help authorities direct requests to the right party and submit valid legal process. They are not legal advice and do not waive any right or objection available to Sharkforce or its customers.
1. Scope and who controls the data
Docshark is a document sending and electronic-signature service that organizations (our customers) use to send documents to their own signers. For most data about signers and the documents they receive - including envelope contents, signer names, and signing activity - the customer organization is the controller of that data, and Sharkforce acts as a processor on the customer's behalf. Because of this, requests for signer or document data should usually be directed to the relevant customer organization, which is best placed to identify and produce its own records. Sharkforce will generally decline to produce Customer Data without the customer's involvement except where the law requires otherwise.
2. How to submit a request
Send valid legal process to legal@doc-shark.com. Sharkforce is a Canadian (federal) company, so we expect Canadian legal process. Foreign authorities should generally proceed through a Mutual Legal Assistance Treaty (MLAT), letters rogatory, or another recognized channel that results in Canadian legal process or an order from a Canadian court. Include the requesting agency, the name and contact details of the responsible officer, the legal authority for the request, a precise description of the data sought, and any deadline. Requests that are vague, overbroad, or unsupported by valid process may be returned for clarification.
3. What we require
We require valid legal process that is appropriate to the data sought - for example, a subpoena, court order, or warrant issued under applicable law. The more sensitive the data, the higher the standard of process we expect (for instance, content of documents generally requires a warrant or equivalent court order). Sharkforce does not disclose data voluntarily and will only do so where compelled by valid legal process or where disclosure is otherwise permitted or required by law. We may object to, narrow, or seek to quash requests that are improper, overbroad, or legally deficient.
4. Data that may be available
Depending on the request and the applicable process, data that may be available from Sharkforce includes account, billing, and administrator records for a customer organization, and audit-log or envelope metadata such as timestamps and event records. Document content and other Customer Data are produced only with appropriate legal process and, where applicable, the involvement of the customer that controls that data. We can only produce data we actually hold, in the form in which we hold it; some information (such as IP addresses) may be stored only as one-way hashes and cannot be reversed.
5. Notice to customers and users
Our policy is to notify the affected customer organization before disclosing data in response to a request, so that the customer can seek to limit or challenge the request, unless we are legally prohibited from giving notice (for example, by a valid non-disclosure order) or unless there is an emergency involving a risk of serious harm. Where notice is prohibited only for a period, we will provide notice after the prohibition expires where it is lawful and practicable to do so.
6. Emergency requests
In a genuine emergency - where we believe in good faith that there is an imminent risk of death or serious physical harm to a person - Sharkforce may disclose limited information necessary to address that risk, consistent with applicable law. Emergency requests should be clearly marked as such, sent to legal@doc-shark.com, and include enough detail for us to assess the nature and immediacy of the risk and the specific data needed to address it.
7. Data preservation and retention
Sharkforce will consider properly directed requests to preserve specific records pending valid legal process, consistent with applicable law and our data-retention practices. A preservation request does not require us to create or collect data we would not otherwise hold, and it does not result in disclosure; disclosure still requires valid legal process as described above. Records are otherwise retained and deleted in line with our agreements with customers and the Docshark Privacy Notice.
8. Costs and contact
Sharkforce may seek reimbursement of reasonable costs of responding to legal process where the law permits. Direct all law enforcement and government requests, questions about these guidelines, and emergency disclosure requests to legal@doc-shark.com. Sending a request to this address does not, by itself, create any obligation to disclose data; any disclosure is subject to the requirements set out above.