Like all service providers, Adobe is legally required to turn over customer data that it hosts when it receives valid legal process from a law enforcement authority with jurisdiction. These guidelines are to assist law enforcement agencies in the United States and overseas in understanding our overall policies and practices and learning how to request customer data from Adobe.
These guidelines apply to all customer data hosted by Adobe, whether it relates to software purchases or information hosted by one of Adobe’s online services.
In general, we will turn over “basic subscriber” records (name, length of service, billing information, email address, registration IP address, and so on) in response to a valid subpoena that is issued in connection with an official criminal investigation. However, we require a search warrant issued upon a showing of probable cause under relevant state or federal law before we will turn over user content stored on our servers, such as photos, videos, documents, form responses, or email messages.
It is Adobe policy to give notice to our customers whenever someone seeks access to their information unless we are legally prohibited from doing so, such as when we receive a Delayed Notice Order under 18 USC Section 2705(b).
For Adobe customer data or content that is hosted in the United States, Adobe may respond only to requests from foreign law enforcement agencies that are issued by a U.S. court either by way of a mutual legal assistance treaty or a letter rogatory. If you are an international law enforcement agency, you may want to contact your local FBI legal attaché for assistance with the process.
A few Adobe services (such as Adobe® Creative Cloud™ and Business Catalyst®) may host user content outside the United States. For example, Creative Cloud files for customers in the European Union generally are stored on servers in Ireland, while Creative Cloud files for customers in the Asia Pacific region generally are stored in Japan. By comparison, Business Catalyst customers can elect hosting in the United States, Ireland, or Australia — regardless of where the customer is located.
When Adobe customer data sits on a server outside the United States, we will respond to law enforcement requests that are legally valid in the jurisdiction where the server hosting the data is located.
The length of time Adobe keeps different types of customer data varies depending upon the nature of the service at issue. If you are a law enforcement agent with questions about the types of data that may be available for a particular Adobe service, contact us using the information below.
When we receive a preservation request from an agency investigating a crime, Adobe will preserve then-existing customer data for 90 days in anticipation of receiving valid legal process.
If law enforcement provides Adobe with information that gives us a reasonable good faith belief that there is a risk of imminent harm (such as death or serious injury) to a person, and that we have information in our possession that may avert that harm, we may choose to disclose the information we have to protect human life. Individuals who believe we have information that would prevent imminent harm to someone should contact their local law enforcement agency.
We report any images that appear to involve child exploitation — regardless of where they are hosted — to the National Center for Missing and Exploited Children (NCMEC). If you are a law enforcement agent reporting a child exploitation or child safety matter, let us know by following the procedure for reporting an imminent harm matter (outlined above) so that we can address the matter as quickly as possible.
We cannot comply with overly vague requests. At a minimum, we typically need the Adobe ID of the customer whose data you seek, the name of the service or services at issue, and a specific statement of the type of information sought.
By law, we are entitled to recover costs associated with responding to requests for information. Fees apply on a “per Adobe ID” or per account basis. If your request is unusually broad or burdensome, additional fees may apply. It is Adobe policy to waive fees in matters involving child exploitation or imminent harm.
It is Adobe’s policy to give our customers notice of any civil subpoena seeking access to their information and fifteen (15) days to move to quash such a subpoena before we respond to it — regardless of the subpoena’s stated return date. If the request appears to violate a customer’s free or anonymous speech rights, Adobe may, in its discretion, move to quash the subpoena on our customer’s behalf.
Preservation requests, subpoenas, or search warrants may be personally served at, or mailed to, our San Francisco office (address below) or served via fax sent to 415-723-7869. Civil subpoenas require personal service and will not be accepted via fax.
Contact Adobe’s Law Enforcement Response Hotline at 415-832-7614 and follow the prompts as appropriate (for example, for civil subpoenas, law enforcement inquiries, or imminent harm requests).
Adobe Systems Incorporated
Attn: Law Enforcement Requests
601 Townsend Street
San Francisco, CA 94103