Warrant Canary

Page-level last update: April 19, 2026 · See per-statement timestamps below

A warrant canary is a public statement we update on a regular schedule. As long as the statement keeps appearing here on time, our users can be confident that the listed events have not happened. If we ever stop updating any specific statement, that itself is the signal — because in some jurisdictions we would be legally prohibited from telling you directly. Each of the five statements below has its own independent timestamp so that, if pressure does occur, you can tell exactly which category was triggered, not just that "something happened".

Privacy pledge

We do not monitor.
We do not scan.
We do not report.

No content scanning of any kind. Anywhere. Ever. No PhotoDNA, no client-side scan, no keyword detection, no behavioural profiling, for any category of content.
No ability to read end-to-end encrypted messages. The keys live on user devices. A court order cannot change physics.
No automatic reports to NCMEC, GIFCT, StopNCII, Polaris, FBI, Interpol, or any other agency or hash database. We do not "scan and notify". We do not "voluntarily share". Period.

We act ONLY when a real human asks us to

A specific recipient reports a specific message. Then the moderation pipeline starts. No algorithm, no third party, can trigger this.
A verified victim asks us to file an external report (NCMEC for CSAM, StopNCII for non-consensual intimate imagery, GIFCT for terrorism, Polaris for trafficking, or case-by-case for other categories) — and survives our own independent identity check. We refuse most such requests; the public counters on this page show how many we filter out at each stage.

Section A — Secret demand statements (the canary)

Each of the five statements below is updated independently. As long as the timestamp on a statement is within the last 35 days, that specific category of secret demand has not occurred. If any single statement freezes (stops being refreshed), that specific category has been triggered — even though we may be legally prohibited from saying so explicitly. The other statements will continue to update normally so you can tell which categories are still safe.

Statement [1] · Last refreshed: April 19, 2026 Fresh

UmbrellaX LLP has never received a National Security Letter (NSL) or any equivalent secret legal demand from any government agency.

Categories covered: NSL, secret legal demands, classified subpoenas.

Statement [2] · Last refreshed: April 19, 2026 Fresh

UmbrellaX LLP has never received a gag order requiring us to comply with a legal demand without disclosing its existence to our users.

Categories covered: gag orders, non-disclosure orders attached to court process.

Statement [3] · Last refreshed: April 19, 2026 Fresh

UmbrellaX LLP has never received a request — formal or informal — to install backdoors, weaken encryption, modify client software for surveillance purposes, or hand over signing keys.

Categories covered: backdoor demands, encryption weakening, key escrow, key disclosure, malicious client modifications.

Statement [4] · Last refreshed: April 19, 2026 Fresh

UmbrellaX LLP has never voluntarily disclosed the contents of any private message, call, or other end-to-end encrypted communication to any government agency, law enforcement body, or third party.

Categories covered: voluntary disclosures, "informal sharing", administrative coercion outside of court process. (Compelled disclosures under valid Kazakhstan court orders, when they occur, will be reported in Section B counts and on the transparency log.)

Statement [5] · Last refreshed: April 19, 2026 Fresh

UmbrellaX LLP infrastructure has never been compromised in a manner that resulted in user data being accessed by an unauthorised party, including by state actors operating without judicial process.

Categories covered: covert wiretaps, infrastructure intrusions by state or non-state actors, insider exfiltration of user data.

Section B — Public legal requests (current quarter)

These are routine, public, judicially supervised legal requests we have received and either complied with, partially complied with, or refused. Counts are updated on or around the 19th day of every calendar month. Detailed per-request records (with redacted court documents) are published on the transparency log after a 90-day delay. Counts here are NOT subject to the canary mechanism — they are normal operational transparency and are expected to grow over time.

Type	Received / Verified	Complied / Filed	Partial	Refused / Declined
Court orders — Republic of Kazakhstan	0	0	0	0
Foreign subpoenas (without MLAT process)	0	0	0	0
Foreign requests via MLAT (Kazakhstan as routing party)	0	0	0	0
External victim-requested reports — full pipeline (per category) · channel: /victim-portal
NCMEC (CSAM) — verification received → approved → filed	0	0	—	0
StopNCII (non-consensual intimate imagery) — received → approved → filed	0	0	—	0
GIFCT (terrorism / mass violence) — received → approved → filed	0	0	—	0
Polaris / anti-trafficking partners — received → approved → filed	0	0	—	0
Other (case-by-case, e.g. doxxing with imminent threat) — received → approved → filed	0	0	—	0
DMCA / copyright takedowns	0	0	0	0

Counts above are for current calendar quarter (Q2 2026). At the start of each new quarter the counters reset; cumulative numbers are visible on the transparency log. Empty table at this stage reflects that the service is in pre-launch (code 0%, users 0). The five external-reporting rows (NCMEC / StopNCII / GIFCT / Polaris / Other) all expose the full verification pipeline — for each external database the public counter shows how many requests we received from victims or their representatives, how many our legal team approved at the verification stage, and how many we actually filed. A checkbox click in the in-app report flow or an email to /victim-portal is only a request; our legal team independently verifies the requester's connection to the case before any report is filed. This protects real victims from the noise of false claims and protects accused users from being reported on the strength of an unverified checkbox.

View detailed transparency log →

How to read this page

Check the "Last refreshed" timestamp on each of the five statements separately. We commit to refreshing every statement on or around the 19th day of every calendar month. If a single statement has not been refreshed for more than 35 days, treat it as triggered — that specific category of secret demand has occurred, and we are legally prohibited from saying so directly.

Important: a single freeze does NOT mean every category has been triggered. The structure is intentional — if Statement [3] (backdoor) freezes but Statements [1], [2], [4], [5] keep updating, then we have received some sort of backdoor demand specifically, but we have NOT been compromised, we have NOT voluntarily disclosed message contents, we have NOT received a gag order on a separate matter, and we have NOT received an NSL on a separate matter. You can react proportionally to the specific category instead of treating any failure as total compromise.

Why we publish this

UmbrellaX is a privacy-first messenger. Our position on user data is described in the Privacy Policy and on cooperation with law enforcement in Terms of Service section 6.4. We publish this canary in addition to those documents because in some jurisdictions a court may order a service provider to comply with a legal demand and to lie about the existence of the demand. A canary works around this: we cannot be ordered to make a true positive statement on a future date, only to remain silent. If we go silent on a specific statement, you have learned something even though we said nothing.

What is not covered

This canary covers secret demands and demands that arrive without lawful judicial process under Kazakhstan law. Routine, public, judicially supervised legal process within Kazakhstan — for example, a properly issued court order from a Kazakhstan court in a criminal investigation — is handled according to the Terms of Service section 6.4 and the Privacy Policy, is counted in Section B above on a quarterly basis, and is published in detail (with redacted court documents) on the transparency log after a 90-day delay. Public legal requests are normal operational transparency and are not the subject of this canary.

Verification

The freshness of each statement can be verified independently:

Check the HTTP Last-Modified header returned by this URL.
Check the page in the Internet Archive Wayback Machine at multiple time points and compare individual statement dates across snapshots. Browse historical captures at web.archive.org/web/2*/umbrellax.io/canary once the site is publicly deployed and indexed; you can also force an immediate capture yourself at web.archive.org/save.
Once the source repository is public, compare policies/canary.html against the live page; the commit timestamp for each statement update must be no more than 35 days old.
Each quarterly publication on the transparency log includes a GPG-signed PDF dump of all detailed records for that quarter, providing a cryptographically verifiable audit trail.

Who we are

This canary is published by UmbrellaX LLP, a limited liability partnership registered in the Republic of Kazakhstan under business identification number 260440006927, with its registered office at Zheltoqsan St., 1-6, building 3, apt. 13, Oral, West Kazakhstan Region. Questions about this canary: legal@umbrellax.io. Security disclosures: security@umbrellax.io.