[Workshop] Stream Processing Made Easy With Flink | Register Now

Last Updated February 21, 2023

Confluent Guidelines For Law Enforcement

Confluent takes privacy and security very seriously and values transparency when it comes to the relationship with its customers and on handling their data. These Confluent Guidelines for Law Enforcement (“Guidelines”) are intended for use, respectively, by customers and Third-Party Authorities.

These Guidelines are intended to serve as an informational resource and do not create obligations or waive any objections concerning how Confluent will respond in any particular case or request.

1. To Customers

Confluent may at some point receive requests from law enforcement, regulatory, judicial or other government or public authority (“Third Party Authority”) for data that our customers upload into Confluent Cloud for storage or hosting, or otherwise for certain data about our customers (“Customer Data”).

In the event Third Party Authorities make a lawful request to Confluent for Customer Data, Confluent will attempt to redirect such a request so that customer can respond to it directly. 

If Confluent is not able to redirect such request to the customer, or if Confluent knows or gains a reasonably grounded suspicion that Third-Parties Authorities have obtained or will soon obtain access to Customer Data which is subject to processing by Confluent, and such access by the Third-Party Authorities is neither subject to a data processing agreement, nor covered by an instruction from the customer, Confluent will inform the customer of such Third-Parties Authorities’ access as soon as reasonably practicable, to the extent legally permitted. 

Confluent will disclose only the minimum amount of Customer Data necessary to satisfy the Third-Party Authorities' Request. For purposes of keeping such disclosure by Confluent as restrict as possible, Customer is responsible for ensuring a level of data protection commensurate with the sensitivity of the Message Content it uploads to the Cloud Service including, without limitation, an appropriate level of message-level encryption, according to the terms of the Confluent Cloud Security Addendum

Confluent agrees to review the legality of the Third-Party Authority’s request and to challenge it if, after careful assessment, it concludes that there are reasonable grounds to consider that such request is unlawful under applicable laws. 

As of the date of last publication of this webpage, Confluent declares that:

  1. Confluent does not cooperate with US authorities conducting surveillance of communications under E.O. 12.3333; and 
  2. Confluent has not received a Third-Party Authorities’ request for Customer Data. 

Confluent maintains the Confluent Transparency Report that provides information on law enforcement requests received by Confluent.

 

2. To Third-Party Authorities

Third Party Authorities can send requests to:

Confluent, Inc.
Attn.: Confluent Deputy General Counsel, Privacy & Compliance
899 W Evelyn Ave, 
Mountain View CA 94041
United States of America
dpo@confluent.io

Please include your full name, mailing address, email address and phone number with the request. Confluent accepts requests by email from a Third-Party Authority, provided these are transmitted from the official email address of the Third-Party Authority. 

Confluent will only respond to requests issued where Confluent is subject to jurisdiction; have an enforceable subpoena, court order, or search warrant compelling Confluent to produce the information requested; and state the categories of records sought and specific time period. 

As mentioned in section 1 above, Confluent values transparency and will use reasonable efforts to notify customers of requests to the extent legally permitted. Third-Party Authorities that do not want Confluent to notify customers of a request should reference explicit legal authority barring Confluent from disclosing or obtaining a non-disclosure order. 

Confluent reserves the right to seek reimbursement for reasonable costs related to a request and may charge additional fees for costs incurred in responding to unusual or burdensome requests.