Transparency Log

Per-request public record · 90-day disclosure delay · Last update April 19, 2026

This is the per-request public record of every legal demand UmbrellaX LLP has received and our response to each. Unlike traditional aggregate transparency reports that publish only counts once or twice a year, this log publishes each individual request — with redacted court documents, our written response, and our reasoning — once 90 days have passed since we processed it. The 90-day delay protects the privacy of ongoing investigations while preserving meaningful long-term transparency. Quarterly counts of requests received are visible in real time on the Warrant Canary page.

Privacy pledge

We do not monitor.
We do not scan.
We do not report.

No content scanning of any kind. Anywhere. Ever. No PhotoDNA, no client-side scan, no keyword detection, no behavioural profiling, for any category of content.
No ability to read end-to-end encrypted messages. The keys live on user devices. A court order cannot change physics.
No automatic reports to NCMEC, GIFCT, StopNCII, Polaris, FBI, Interpol, or any other agency or hash database. We do not "scan and notify". We do not "voluntarily share". Period.

We act ONLY when a real human asks us to

A specific recipient reports a specific message. Then the moderation pipeline starts. No algorithm, no third party, can trigger this.
A verified victim asks us to file an external report (NCMEC for CSAM, StopNCII for non-consensual intimate imagery, GIFCT for terrorism, Polaris for trafficking, or case-by-case for other categories) — and survives our own independent identity check. We refuse most such requests; the public counters on the warrant canary page show how many we filter out at each stage.

Our principles for this log

Every legal request is published after a 90-day delay, unless a specific gag order forbids us from acknowledging its existence (in which case the corresponding statement on the canary will freeze instead).
Our response is documented — refusal, partial compliance, or full compliance — together with the reasoning.
The original court document is attached as a redacted PDF so you can verify our description.
Personal identifiers are redacted: user names, phone numbers, exact case identifiers, and the identities of victims (unless the victim explicitly consents to disclosure) are removed before publication.
Each quarterly batch is signed with our GPG key and archived as an immutable PDF dump for independent verification.

Filter

Q2 2026 (April — June)

○

No requests received yet

UmbrellaX is in pre-launch (code 0%, users 0). This log will populate as the service goes live and as legal requests start arriving. The first published entry will appear approximately 90 days after we process the first such request. Quarterly archive PDFs will become available on July 22, 2026 (for Q2) and quarterly thereafter.

Quarterly archive PDFs (signed)

Each quarter, on the 91st day after the quarter ends, we publish a signed PDF dump of every detailed entry from that quarter. The PDF is GPG-signed with our long-term legal key (fingerprint published below), so any third party can independently verify that we have not retroactively edited entries.

Q2 2026 (April — June 2026) — will be published on July 22, 2026
Q3 2026 (July — September 2026) — will be published on October 22, 2026

GPG fingerprint of legal signing key:to be published with first signed dump (Q2 2026). Public key will be available at /legal-key.asc and on the OpenPGP keyserver pool.

What gets published, and what doesn't

Always published (after 90-day delay)

Type of legal demand and issuing jurisdiction.
Issuing court or agency name (where public).
Category of investigation (e.g., "criminal investigation under Article 188 of the Criminal Code of Kazakhstan").
Date received, date processed, date published.
Description of what was requested.
Our response: complied, partially complied, or refused.
List of data we provided, list of data we refused to provide, and reasons.
Redacted PDF of the original demand and our written response.

Never published

Identities of users targeted by the request (names, phone numbers, exact case numbers).
Content of any private message, call, or other end-to-end encrypted communication (we do not have access to it).
Identities of victims, unless the victim or their legal representative explicitly consents.
Investigative techniques or tactics not already public in the court order.
Any item that would itself constitute a violation of Kazakhstan privacy law.

Special handling

Gag-order requests are not published here at all (we are legally prohibited). The freeze on the corresponding canary statement on the /canary page is the only signal.
Active investigations may extend the 90-day delay if a court explicitly requires longer non-disclosure. The entry is published when the court-ordered non-disclosure period ends.
Victim-controlled cases across all Category A content (per ADR-19c Amendment 4): victims of CSAM, non-consensual intimate imagery, terrorism or mass violence, trafficking, or other categories — and their legal representatives — can request that their case be excluded from this log entirely; we honour such requests across every external-reporting category.
NCMEC reports filed at victim request: each such report appears here as three separate counter increments — verification request received, verification approved by legal team, report actually filed — so the public can see the full pipeline. The detailed entry (90 days after filing) shows only that "1 NCMEC report was filed at the verified request of the victim or their representative", with no identifying information about either the requester or the victim. Verification documents themselves are never published, in this log or anywhere else; they are deleted within 30 days of case closure and only an audit-log line remains. The dedicated channel for victims and their representatives is at /victim-portal.

How to verify this log is honest

Compare a current page snapshot against historical snapshots in the Internet Archive Wayback Machine. Browse historical captures at web.archive.org/web/2*/umbrellax.io/transparency once the site is publicly deployed and indexed (during pre-launch the index will be empty). Entries on this page should only ever be added, never altered or removed; you can force an immediate Wayback capture yourself at web.archive.org/save.
Verify each quarterly PDF dump's GPG signature against our published fingerprint above.
Once the source repository is public, every entry will have a corresponding immutable database record and an audit-log entry timestamped at the moment of publication.
If you are an investigator or journalist, we can provide a notarised copy of any specific entry on request to legal@umbrellax.io.

Contact

This log is maintained by the UmbrellaX legal team. Questions or requests for clarification: legal@umbrellax.io. Press inquiries: press@umbrellax.io. Operated by UmbrellaX LLP, a limited liability partnership registered in the Republic of Kazakhstan under business identification number 260440006927, with its registered office at Zheltoqsan St., 1-6, building 3, apt. 13, Oral, West Kazakhstan Region.