Effective Date: December 11, 2025
Sacred Records / Trisummit Technologies, an LLC (hereinafter “[Your Company]”), is committed to protecting the privacy and personal data of our users. We collect and process limited personal information primarily through integrations such as Facebook Login, in accordance with our Privacy Policy. This policy outlines our principles and processes for handling requests from public authorities, government agencies, or law enforcement (collectively, “Requesting Authorities”) seeking access to user personal data or information.
We process personal data in compliance with applicable laws, including, where relevant, the General Data Protection Regulation (GDPR) for users in the European Union or where GDPR applies extraterritorially. We adhere to GDPR principles such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
We do not voluntarily disclose user personal data to any third parties, including government entities, except in limited circumstances where we believe in good faith that disclosure is required by law or necessary to prevent imminent harm.
Key Principles
We handle all requests in a manner that prioritizes user privacy while complying with applicable laws, including GDPR requirements where applicable. Specifically:
- Required Review of the Legality of Requests Every request from a Requesting Authority is carefully reviewed by us (or our legal counsel, if retained) to ensure it is legally valid, properly issued under applicable law (including GDPR Article 6 lawful bases where relevant), and accompanied by appropriate legal process (e.g., subpoena, court order, or search warrant). We reject requests that do not meet these standards or appear overly broad, vague, or invalid.
- Provisions for Challenging Unlawful Requests If a request is considered unlawful, overbroad, or otherwise defective, we will challenge it where possible. This may include objecting to the request, seeking to narrow its scope, or pursuing legal remedies to quash or modify it, in line with GDPR principles of necessity and proportionality.
- Data Minimization We disclose only the minimum amount of information necessary to comply with a valid legal requirement. We will not provide more data than explicitly required and will push back against requests seeking excessive or irrelevant information, consistent with GDPR data minimization and purpose limitation principles.
- Documentation of Requests We maintain internal records of all requests received, including:
- The details of the request (e.g., requesting authority, date received, type of data sought).
- Our response (e.g., data disclosed, if any; rejection or challenge).
- Legal reasoning for our decision.
- Involved parties and any related correspondence. These records are kept confidential and secure, in compliance with applicable laws, including GDPR accountability requirements.
GDPR-Specific Considerations
Where GDPR applies to the processing of personal data:
- Disclosures to Requesting Authorities will only occur where there is a valid legal obligation (e.g., under GDPR Article 6(1)(c)) or other lawful basis.
- We will consider any applicable restrictions under GDPR Article 23, which allows limitations on data subject rights in certain circumstances (e.g., for national security or law enforcement purposes), but only to the extent provided by law and where necessary and proportionate.
- In cases of international transfers (e.g., to authorities outside the EEA), we will ensure compliance with GDPR Chapter V transfer rules, such as adequacy decisions or appropriate safeguards.
Process for Handling Requests
No Voluntary Disclosure: We do not proactively provide user data to Requesting Authorities. Emergency
Exceptions: In rare cases involving imminent danger of death or serious physical injury (e.g., emergencies), we may disclose limited information without prior legal process if we believe it is necessary to prevent harm. User
Notification: Where permitted by law, we will notify affected users of the request to allow them an opportunity to challenge it themselves, unless prohibited (e.g., by a court order) or where GDPR restrictions apply.
Transparency: As a small company, we may publish anonymized summaries of requests received (e.g., in annual updates on our website) if we begin receiving them in volume, to promote accountability and transparency in line with GDPR principles.
Contact for Requests
Valid requests from Requesting Authorities must be submitted in writing with sufficient details and legal basis. Please contact: support@trisummit.io.
We reserve the right to require proper legal process and may seek reimbursement for costs associated with responding to requests where permitted by law.
This policy may be updated periodically. We encourage users to review it regularly.
If you have questions about this policy, please refer to our [Privacy Policy] or contact us at support@trisummit.io.