Effective Date: November 1, 2025

This document outlines SCALIBIT’s policy and procedures for responding to law enforcement and government requests for customer data.

Law Enforcement and Legal Requests for Customer Data

SCALIBIT (“SCALIBIT”) is a global provider of Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services, operating across multiple regions including North America, South America, Europe, Asia-Pacific, and Africa.

As an infrastructure provider, SCALIBIT does not manage or control any Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, or Dedicated Servers or Bare Metal services — including any data, content, or applications hosted within those environments.
Customers maintain full care, custody, and control over the data, content, and activities associated with their hosted services and are solely responsible for all actions originating from the IP address(es) assigned for use with their services.

For legal compliance, network management, and abuse mitigation, SCALIBIT retains limited administrative metadata — such as basic subscriber information provided by the customer during account registration (e.g., first and last name, company name if applicable, email address, phone number, and billing or contact address (as provided by the customer)), as well as service/order details, records of IP address(es) assigned for use with the customer’s services, and service activation/deactivation timestamps. SCALIBIT does not retain sensitive government-issued identification numbers (e.g., passport numbers, national ID numbers) unless required by law.

Account information provided to SCALIBIT is entered at the customer’s discretion and may not be independently verified by SCALIBIT unless verification is required for fraud prevention, legal compliance (e.g., lawful identification requests), or billing validation purposes. SCALIBIT does not routinely request or store government-issued identification (such as passports or national ID cards) unless legally mandated or necessary to prevent fraud or process a verified transaction dispute.

SCALIBIT does not monitor or store any network-level traffic data or packet logs (e.g., destination IPs, payload contents, flow data, or browsing activity), as all transit traffic is handled directly by upstream data center providers and their network infrastructure.

Furthermore, some SCALIBIT customers act as resellers; in such cases, the information sought may pertain to a customer of a customer.

Customers are fully and solely responsible for the Services they host or use on SCALIBIT’s infrastructure — including all usage, management, content, and activities originating from the IP address(es) assigned for use with those Services. SCALIBIT provides only the underlying technical infrastructure and does not monitor, manage, or control customer activities or hosted content.

Jump to Section ↓
Quick navigation to key parts of this policy
Contents:
1. GENERAL LEGAL & DISCLOSURE PRINCIPLES

SCALIBIT processes all legal requests in full compliance with applicable data protection and privacy laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), U.S. State Privacy Laws, and Türkiye’s Kişisel Verilerin Korunması Kanunu (KVKK), to the extent these laws apply to the specific request.

SCALIBIT processes requests for user information in accordance with applicable laws, including the Electronic Communications Privacy Act (ECPA), 18 U.S.C. §2701 et seq., and other relevant U.S. federal and international legal frameworks. Under ECPA, SCALIBIT may only disclose customer information to law enforcement in response to valid legal processes such as subpoenas, court orders, or search warrants.

All domestic and international legal requests must be submitted in writing to SCALIBIT’s Legal Compliance Department at legalrequests@scalibit.com. Copies of supporting court or prosecutorial documents must be attached. Requests sent to any other address may experience delays or may not be processed. Requests submitted via other channels (fax, phone, chat, or social media) are not processed.

Requests not submitted through recognized legal channels (e.g., subpoenas, court orders, search warrants, or official prosecutorial requests) will be formally rejected. SCALIBIT verifies, documents, and audits every disclosure to ensure full transparency and accountability in compliance with applicable privacy, security, and data protection standards.

Important: Informal email requests or correspondence from law enforcement that do not include a valid subpoena, court order, or warrant are not processed. In such cases, SCALIBIT will formally request that the agency submit proper legal documentation before proceeding.

SCALIBIT strives to assist law enforcement and government authorities while maintaining full respect for the rights, due process, and privacy of its customers. All information provided to SCALIBIT by customers during the registration or account creation process is handled in accordance with our Privacy Policies and applicable laws. Customer or account information is never disclosed without the customer’s express permission, except when required by law, to comply with a valid legal process, or to conform to lawful orders properly served on SCALIBIT or one of its affiliates.

Legal Disclosure Policy:
Except in emergencies, SCALIBIT discloses protected customer information only upon receipt of a valid legal, prosecutorial, or court request or order. If you seek information relating to specific SCALIBIT services and/or the IP address(es) assigned for use with those services, or if you seek customer information identifying the individual or organization using such services or IP address(es) (hereinafter collectively referred to as “Customer Information”), in connection with a legal investigation, you must submit a valid legal request to SCALIBIT. SCALIBIT strives to assist law enforcement and judicial authorities while maintaining full respect for the rights and privacy of its customers, and will comply only with lawful requests served through recognized legal channels. All disclosures are securely logged, retained, and audited for compliance and accountability purposes.

Note on Non-Government Requests: SCALIBIT does not disclose customer information to private individuals, civil litigants, or non-governmental entities under any circumstances. All requests must originate from competent government, judicial, or law enforcement authorities and be accompanied by proper legal documentation.

Customer Notification: In accordance with the confidentiality provisions within SCALIBIT’s Terms of Service, SCALIBIT will seek to notify affected customers of any request for their confidential information where permitted by law and operationally feasible.

SCALIBIT does not proactively monitor or access customer data and only responds to lawful, properly served requests as defined in this Policy.

2. SUBMISSION & VERIFICATION REQUIREMENTS
(What to Include in Your Request)

Requests must originate from an official government or law enforcement domain and include the following details:

  • IP address(es)
  • Domain or website information
  • Date(s) and time(s) with time zone (UTC preferred)
  • Precise timestamps (UTC preferred) and any relevant log excerpts
  • Issuing authority details (agency name, jurisdiction)
  • Requesting agent’s name and badge/ID number
  • An official email address and contact phone number
  • A clear description of the records sought
  • Justification, applicable legal basis, and issuing jurisdiction (cite statute/article where possible)

Please include as much detail as possible to help us identify the relevant customer, account, or service. Requests must be directly related to criminal activity, ongoing legal investigations, or valid court or prosecutorial orders. Requests lacking a clear legal basis or proper jurisdictional authority may be lawfully rejected or returned for clarification.

2.1 Preservation Requests (18 U.S.C. §2703(f)). SCALIBIT honors properly issued preservation requests. We will preserve responsive records for up to 90 days, renewable once for an additional 90 days upon timely written extension, pending receipt of formal legal process. These preservation requests apply only to records already held by SCALIBIT (such as account, billing, or IP assignment logs). They do not require SCALIBIT to collect new data or access customer systems or hosted content. Preservation ensures that existing metadata or account records are temporarily retained pending valid legal process.

2.2 Cost Reimbursement. SCALIBIT reserves the right to seek reimbursement for costs associated with responding to legal process, as provided by law (e.g., 18 U.S.C. §2706) and industry standards, including those incurred for locating, retrieving, reviewing, and producing responsive data. Such reimbursement shall be requested only where permitted by law and shall reflect the reasonable and direct costs incurred by SCALIBIT in responding to the legal process.

2.3 Emergency Requests. For urgent matters involving imminent threats to life, physical safety, or critical infrastructure, SCALIBIT may expedite processing of requests clearly marked as “EXPEDITE — EMERGENCY” in accordance with 18 U.S.C. §2702(b)(8). SCALIBIT evaluates such requests on a case-by-case basis and discloses only the minimum information necessary to prevent harm. This exception applies exclusively to life-threatening or critical emergency circumstances and does not waive the requirement for valid legal process in non-emergency cases.

3. U.S. LEGAL REQUESTS (DOMESTIC AND INTERNATIONAL HANDLING)

SCALIBIT’s authority to disclose customer information is primarily governed by the Electronic Communications Privacy Act (ECPA), 18 U.S.C. §2701 et seq. Under the ECPA, SCALIBIT may disclose certain customer information to law enforcement agencies only in response to specific types of lawful process — such as Subpoenas, Court Orders, or Search Warrants — that are valid, properly issued, and served through the appropriate legal channels.

SCALIBIT provides Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services. However, it does not manage, monitor, or control customer data, hosted content, or deployed applications. Accordingly, SCALIBIT’s ability to process or respond to any legal request depends on the type and nature of the data being requested and whether such data is technically accessible within SCALIBIT’s infrastructure.

For clarity under the ECPA, SCALIBIT’s disclosure capability is limited to "non-content" records or "basic subscriber information" (e.g., information provided by the customer during account registration such as full name, company name if applicable, email address, phone number, payment details, service activation/deactivation timestamps, and IP address assignment logs). SCALIBIT does not possess, and cannot disclose, the contents of any electronic communications or network traffic logs associated with a customer’s IP address.

When requesting information about a specific service, server, virtual machine (VM), IP address, or hosted domain, the request must include sufficient identifying details — such as the exact IP address, corresponding date and time range (in UTC), and/or domain name — that clearly relate to the subject of the inquiry. SCALIBIT cannot process overly broad, vague, or unspecified requests that do not allow the Company to identify the relevant customer account, service, or infrastructure element with reasonable precision.

3.1 Requests Concerning U.S.-Based Infrastructure (ECPA Standards)

Legal requests issued by U.S. law enforcement or judicial authorities concerning Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services, and/or the IP address(es) assigned for use with those services, physically hosted within the United States are processed in accordance with the Electronic Communications Privacy Act (ECPA), 18 U.S.C. §2701 et seq. Such requests do not require international cooperation mechanisms.

Type of Information Applicable Legal Process (ECPA) SCALIBIT’s Handling Approach
Non-Content Data
(Subscriber/account identifiers, IP assignment logs, billing metadata) 		Subpoena or Court Order SCALIBIT may review the request and, where legally sufficient and technically feasible, identify the customer associated with a specific IP address, account, or billing record. SCALIBIT does not have access to customer systems or hosted content; therefore, any response is limited strictly to metadata or account-level records already retained by the Company.
Content Data
(Files, databases, communications, or any information stored on customer-managed systems) 		Search Warrant SCALIBIT generally has no technical access to customer-stored content. Customers control their own servers, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal, and SCALIBIT does not retain administrative credentials (e.g., root/admin usernames and passwords, private SSH keys, or SSH port numbers, console logins). Where a valid warrant seeks content data that is technically inaccessible, SCALIBIT will clearly communicate this limitation to the requesting authority.

Except in emergencies (see section 2.3), SCALIBIT discloses protected customer information only upon receipt of a valid and properly served Subpoena, ECPA Court Order, or Search Warrant. SCALIBIT will, whenever permitted by law, notify affected customers about any legal requests involving their account or services, unless prohibited from doing so by an applicable legal restriction or court order.

Upon receipt of a valid Subpoena, and if such records are available, SCALIBIT may provide limited account-level information, including the customer’s first and last name, company name (if applicable), telephone number, email address, the date/time and IP address used when the order or service account was created, billing or contact address (as provided by the customer), and payment transaction information (e.g., PayPal or Stripe details). No hosted data or customer system access is provided in response to a subpoena.

Upon receipt of a valid ECPA Court Order, and where technically available, SCALIBIT may provide certain non-content records such as customer panel access logs, account registration and order creation timestamps, or administrative provisioning activity (for example, information showing which customer account was assigned a specific IP address or service at a particular time).

Examples of such records, where available, may include the customer’s account registration details, order submission IP address, last panel login IP, and timestamps associated with account creation or service provisioning events. These records are limited to metadata maintained within SCALIBIT’s management systems and do not include any data stored within customer-hosted environments.

SCALIBIT does not retain operating system–level access credentials (e.g., root/admin usernames and passwords, private SSH keys, or SSH port numbers) and therefore cannot provide login or content data stored within customer-managed systems. Furthermore, SCALIBIT does not possess, monitor, or store any network-level traffic data, packet logs, or the contents of any electronic communications associated with a customer’s IP address (e.g., destination IPs, payload contents, flow data, or browsing activity), as all transit traffic is handled directly by upstream data center providers and their network infrastructure.

Upon receipt of a valid Search Warrant, and where technically possible, SCALIBIT may disclose content data only if it is accessible within SCALIBIT’s management infrastructure (for example, email content exchanged with SCALIBIT Support or configuration data stored within Company-managed panels). SCALIBIT does not host or manage customer mail servers, except for the standard built-in email functionality included with its Shared Web Hosting environments (e.g., cPanel or CWP-based hosting accounts). SCALIBIT does not have routine access to customer Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal; therefore, customer-stored files, databases, and application content generally remain inaccessible unless the customer has provided specific authorization or the data is unencrypted and resides within a SCALIBIT-controlled system.

Note: Technical access to customer systems is limited to metadata and account-level records only. For information about SCALIBIT’s system access policies and management interface scope, see Section 5.

3.1.1 Email Content Accessibility and Server-Side Retention.

SCALIBIT provides basic email functionality within Shared Web Hosting environments (cPanel Hosting, CWPpro Hosting, and WordPress Hosting). Whether email communication content (e.g., message bodies, attachments) remains stored on the server depends on the customer’s email client configuration (IMAP vs. POP3), deletion/download behavior, and backup preferences. If the customer retrieves emails via POP3 and deletes them from the server, or if deletion occurs through the client or server settings, SCALIBIT may no longer have access to such email content.

When served with search warrants, court orders, or other lawful requests, SCALIBIT can only provide data that is technically available at the time of the request — such as mail delivery/SMTP logs, header information, account metadata, and any email content that still resides on the server. To help preserve relevant information, requesting authorities are encouraged to submit an official preservation request as soon as possible. SCALIBIT may seek reasonable reimbursement for costs incurred while fulfilling lawful requests in accordance with applicable laws.

Note: Standard email functionality under Shared Web Hosting (e.g., cPanel or CWP built-in mail feature) is provided solely as a basic component of the hosting environment and not as a standalone mail hosting service.

3.2 Requests Concerning Infrastructure Located Outside the United States (MLAT / Local Law)

When U.S. authorities request information relating to Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services (or the IP address(es) associated with such services) that are physically hosted outside the United States, SCALIBIT evaluates such requests in accordance with both U.S. federal law (ECPA, 18 U.S.C. §2701 et seq.) and the mandatory local laws and data protection regulations of the host jurisdiction (e.g., GDPR, KVKK). If a direct disclosure would conflict with the host country’s legal framework, the request must be submitted through appropriate international legal cooperation channels.

Such requests must be transmitted through the competent authorities of the country where the servers, associated IP address(es), or infrastructure are physically located. SCALIBIT does not directly provide customer data to U.S. agencies for systems or IP address(es) located outside the United States. Instead, the requesting agency must pursue the request through one of the following International Cooperation Channels:

  • Mutual Legal Assistance Treaty (MLAT) process recognized between the United States and the host country;
  • Executive Agreements under 18 U.S.C. §2523 mutually acknowledged by both jurisdictions;
  • Other formal judicial or diplomatic cooperation mechanisms accepted under applicable law.

Under this framework, any information disclosure concerning Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services, and/or the IP address(es) assigned for use with those services, physically located outside the United States, may only occur upon receipt of a valid and binding legal order issued by the competent authority of the country where the data physically resides (for example, the national prosecutor’s office, judicial authority, or law enforcement agency of the country where the data physically resides). After the host authority validates and executes the request, any responsive information may then be transmitted to the U.S. authority through formal diplomatic or judicial channels.

Once a request is successfully validated and executed by the competent authority of the host jurisdiction, SCALIBIT's response to the Local Legal Order (i.e., a valid court order, prosecutorial request, or official directive issued by a competent authority) will adhere strictly to the classification of data types (Non-Content vs. Content) as follows:

Upon receipt of a valid and binding Local Legal Order (issued by the host jurisdiction based on the international request), and if such records are available, SCALIBIT may provide limited account-level information, including the customer’s first and last name, telephone number, email address, order creation date/time, IP address used during order placement, billing address, and payment transaction information (e.g., PayPal or Stripe details). No hosted data or customer system access is provided in response to a court or legal order for Non-Content Data.

Where the Local Legal Order (i.e., a valid court order, prosecutorial request, or official directive issued by a competent authority) requires more detailed Non-Content Data, SCALIBIT may provide certain records such as customer panel access logs, account registration and service order creation timestamps, or administrative provisioning activity (for example, information showing which customer account was assigned a specific IP address or service at a particular time). SCALIBIT does not retain operating system–level access credentials (e.g., root/admin usernames and passwords, private SSH keys, or SSH port numbers) and therefore cannot provide login or content data stored within customer-managed systems.

SCALIBIT does not possess, monitor, or store any network-level traffic data, packet logs, or the contents of any electronic communications associated with a customer’s IP address (e.g., destination IPs, payload contents, flow data, or browsing activity), as all transit traffic is handled directly by upstream data center providers and their network infrastructure.

For Content Data, SCALIBIT may disclose such information only if explicitly authorized by the applicable local legal order (i.e., a valid court order, prosecutorial request, or official directive issued by a competent authority) and if it is technically accessible within SCALIBIT’s management infrastructure (for example, email content exchanged with SCALIBIT Support or configuration data stored within Company-managed panels). SCALIBIT does not have routine access to customer Virtual Machines (VMs), Cloud Environments, or Dedicated Servers or Bare Metal; therefore, customer-stored files, databases, and application content generally remain inaccessible unless the customer has provided specific authorization or the data is unencrypted and resides within a SCALIBIT-controlled system.

This approach ensures that SCALIBIT complies with both U.S. obligations and the mandatory legal frameworks of host countries, while maintaining full respect for data sovereignty and customer privacy under applicable international laws such as the GDPR, KVKK, and equivalent data protection regimes.

3.3 Technical Access, Management Interfaces, and Limitations

SCALIBIT does not routinely store or retain customer administrative credentials (for example, root/admin usernames and passwords, private SSH keys, or SSH port numbers, or long-term console credentials) for customer-managed Virtual Machines (VMs), Cloud Environments, or Dedicated Servers or Bare Metal. Customers are provided initial access credentials at provisioning and are solely responsible for changing and safeguarding those credentials. Most modern operating systems automatically prompt users to change the default or temporary root password upon first login (excluding outdated or unsupported operating systems). SCALIBIT does not retain any customer passwords after initial delivery. In rare cases where temporary credentials are voluntarily shared by a customer for support purposes, this is done exclusively through the secure SCALIBIT Client Portal ticket system, and such credentials are immediately invalidated after the support action is completed. Customers are explicitly advised to revoke or reset any temporary passwords following issue resolution.

Where legally compelled by a valid and binding legal process, or where explicitly authorized by the customer, SCALIBIT — in coordination with its data center partners, where applicable — may take limited technical steps to assist lawfully authorized requests. Such steps may include resetting or reconfiguring access credentials, performing system reinstalls, or using out-of-band management interfaces (for example, IPMI, iDRAC, iLO, KVM-over-IP, or serial-over-LAN) to obtain console access, subject to the capabilities of the underlying hardware and host operating system. Any compliance actions performed via management interfaces are logged and documented for audit purposes and — unless prohibited by law — customers will be notified when feasible. Importantly, if data on a device is protected by customer-held encryption keys or full-disk encryption, SCALIBIT cannot decrypt, recover, or reconstruct plaintext content even if console or SSH access is available.

For detailed information about SCALIBIT’s general access policies and management interface controls, please refer to Section 5: Access to Customer Systems & Management Interfaces.

4. INTERNATIONAL LEGAL REQUESTS

SCALIBIT provides Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services globally — across regions including North America, South America, Europe, Asia-Pacific, and Africa. While SCALIBIT’s primary legal jurisdiction is the United States, certain servers, cloud environments, and hosted systems may be physically located in other countries.

Accordingly, legal requests relating to Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services — and/or the IP address(es) assigned for use with those services — that are hosted outside the United States are reviewed in accordance with both applicable U.S. federal law (ECPA, 18 U.S.C. §2701 et seq.) and the mandatory local laws and data protection regulations of the country where the relevant services are physically hosted (Host Jurisdiction).

4.1 Requests Concerning U.S.-Based Infrastructure

Requests from foreign or international authorities (such as law enforcement or government agencies) relating to Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services — and/or the IP address(es) assigned for use with those services — physically located within the United States must comply with applicable U.S. federal law, including the Electronic Communications Privacy Act (ECPA), 18 U.S.C. §2701 et seq.. Accordingly, such requests must be transmitted through one of the following legally recognized international cooperation channels.

  1. A United States court with proper jurisdiction;
  2. A law enforcement agency acting under an applicable Mutual Legal Assistance Treaty (MLAT);
  3. An order from a foreign government subject to an Executive Agreement that has been determined by the U.S. Attorney General and certified to Congress as compliant with 18 U.S.C. §2523.

SCALIBIT does not directly disclose customer information to non-U.S. authorities outside of these formal international cooperation frameworks.

Requests not submitted through these recognized channels will not be processed and will be returned without further action. This ensures compliance with U.S. federal law and preserves customer privacy across international jurisdictions.

SCALIBIT’s infrastructure access and credential management principles remain consistent across all jurisdictions. For reference, see Section 5.

4.2 Requests Concerning Infrastructure Located Outside the United States

For data or systems hosted in other jurisdictions — including Europe, Asia-Pacific, Africa, or South America — SCALIBIT will review and process lawful requests in accordance with both U.S. legal standards and the local legal framework, data protection laws, and due-process requirements applicable in the country where the relevant Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services — and/or the IP address(es) assigned for use with those services — are physically hosted.

Requests must originate from competent government or judicial authorities within that jurisdiction (the country where the relevant services are physically hosted), and must be supported by a valid legal order, court ruling, or official prosecutorial request clearly identifying the data sought and its legal basis. Where required by law, SCALIBIT may coordinate with authorized service providers involved in the hosting of the relevant systems, solely to the extent necessary to comply with applicable obligations, and any disclosure will be limited to the minimum scope required to satisfy such legal process.

Technical access is governed by the same global standards described in Section 5, ensuring compliance with both U.S. and local data protection frameworks.

4.3 Requests from Third Countries (Cross-Border Scenarios)

In situations where a legal request originates from a country that is neither (a) the United States (SCALIBIT’s home jurisdiction) nor (b) the Host Jurisdiction (i.e., the country where the relevant Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services — and/or the IP address(es) assigned for use with those services — are physically hosted), such requests are considered third-country legal requests.

SCALIBIT will not directly disclose customer data in response to third-country requests unless they are submitted through a recognized and lawful international mechanism — such as a Mutual Legal Assistance Treaty (MLAT), an executive agreement under 18 U.S.C. §2523, or another formal diplomatic or judicial cooperation channel accepted by both the United States and the hosting jurisdiction.

If the requested data resides in a country outside the United States, that country will be referred to as the Host Jurisdiction — meaning the jurisdiction where the relevant Shared Web Hosting, Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal services — and/or the IP address(es) assigned for use with those services — are physically hosted. If a request is made by an unrelated foreign government, law enforcement authority, or prosecutorial or judicial body (the requesting third country) for data located in the Host Jurisdiction, the request must be routed through a recognized and lawful international mechanism — such as a Mutual Legal Assistance Treaty (MLAT), an executive agreement under 18 U.S.C. §2523, or another formal diplomatic or judicial cooperation channel accepted by both the United States and the Host Jurisdiction. SCALIBIT will process such requests only upon receipt of a valid legal order from competent authorities within the Host Jurisdiction or the United States.

Requests that bypass these frameworks will be rejected and redirected to appropriate channels.

This policy ensures that cross-border requests are handled consistently with U.S. and local data protection laws, and that customer data is not disclosed to third-country authorities without proper legal safeguards and jurisdictional validity.

SCALIBIT’s handling of customer system access and technical interfaces follows the same global principles outlined in Section 5.

5. ACCESS TO CUSTOMER SYSTEMS & MANAGEMENT INTERFACES

SCALIBIT does not routinely store or retain customer administrative credentials (e.g., root/admin usernames and passwords, private SSH keys, or SSH port numbers) for customer-managed Virtual Machines (VMs), Cloud Environments, and Dedicated Servers or Bare Metal servers. Customers normally receive initial access credentials at provisioning and are responsible for changing and safeguarding those credentials. In general, SCALIBIT cannot access customer-managed systems using customer credentials unless the Customer voluntarily provides temporary credentials or explicit authorization.

For Virtual Machines (VMs), Cloud Environments, and similar automated services, provisioning occurs automatically through SCALIBIT’s management platform once payment and verification are complete. The system automatically generates and delivers initial, temporary credentials directly to the customer — for example, a temporary root/administrator username and password, the SSH port number, and the IP address(es) assigned for use with the service. These temporary credentials are provided only for first-time access and are not retained or stored by SCALIBIT after deployment. Customers can access and manage their servers either via SSH or directly through the SCALIBIT Client Panel, which provides features such as viewing server information, checking bandwidth usage, changing passwords, configuring rDNS records, powering on/off, rebooting, and reinstalling operating systems. SCALIBIT retains only limited infrastructure metadata (such as assigned IP addresses, hardware specifications, and bandwidth allocation) necessary for billing, provisioning, and lawful requests.

For Dedicated Servers and Bare Metal servers, provisioning is performed manually by SCALIBIT’s technical team. A temporary root password is created for the initial setup and provided to the customer upon service activation, along with the IP address(es) assigned for use with the server, the default SSH port number, and — where supported by the server hardware (as is the case with most configurations) — the IPMI, iDRAC, or iLO management console access details. Upon the customer’s first SSH login, most operating systems automatically enforce a password change — requiring the customer to set a new root/administrator password immediately. After this change, SCALIBIT no longer has access to the customer’s credentials or any SSH port details. Customers can access and manage their Dedicated Servers or Bare Metal servers either via SSH or through hardware-level management consoles such as IPMI, iDRAC, or iLO, which allow full hardware control, OS reinstallation, and system recovery without SCALIBIT involvement. SCALIBIT may, however, retain administrative metadata showing which IP address(es) were assigned to the service for operational, billing, and lawful-request purposes. Consequently, customers are the sole holders of administrative access to their Dedicated Servers or Bare Metal servers and are solely responsible for maintaining the confidentiality and security of their credentials.

Where legally compelled by a valid and binding legal process, or where explicitly authorized by the customer, SCALIBIT — in coordination with its data center partners, where applicable — may take limited technical steps to assist lawfully authorized requests. Such steps may include resetting or reconfiguring access credentials, performing system reinstalls, or using out-of-band management interfaces (for example, IPMI, iDRAC, iLO, KVM-over-IP, or serial-over-LAN) to obtain console access, subject to the capabilities of the underlying hardware and host operating system. Any compliance actions performed via management interfaces are logged and documented for audit purposes and — unless prohibited by law — customers will be notified when feasible. Importantly, if data on a device is protected by customer-held encryption keys or full-disk encryption, SCALIBIT cannot decrypt, recover, or reconstruct plaintext content even if console or SSH access is available.

Accordingly:

  • SCALIBIT does not access customer data or log into customer OS accounts except (a) at the Customer's explicit request and instruction, or (b) to comply with a valid and binding legal process as described elsewhere in this policy.
  • Some recovery or reset actions (for example, resetting an OS password via console or reinstalling an operating system from a rescue image) are possible only if the underlying hardware or hypervisor provides such functionality and the operating system does not employ protections (e.g., full-disk encryption) that prevent access.
  • SCALIBIT cannot recover plaintext passwords or decrypt data protected by customer-held encryption keys. If a customer uses full-disk encryption, SCALIBIT may be unable to access the contents of the disk even with console or IPMI access.
  • All support or compliance actions performed via management interfaces are logged, documented, and retained for audit purposes. SCALIBIT will notify the Customer in advance of any such support access when permitted by law and operationally feasible.

In emergency or legal-compelled situations, SCALIBIT may take necessary technical steps (including using management interfaces) to preserve evidence, secure systems, or comply with a lawful request. Any such actions will be limited to the minimum scope necessary, logged, and—unless prohibited by law—communicated to the Customer.

6. DATA RETENTION & CONTROL BY CUSTOMER

The length of time data is retained varies based on the type of information and actions taken by the user. Generally, data from Virtual Machines (VMs) (VPS, VDS, Dedicated Cloud Servers), Cloud Services (Cloud Hosting, Cloud Servers, Cloud Backup), Cloud Compute Services (Cloud Compute – Standard Performance, High Performance, High Frequency), Optimized Cloud Compute Services (General Purpose, CPU Optimized, Memory Optimized, Storage Optimized), and Dedicated Servers (Dedicated Servers or Bare Metal) services are permanently removed upon deletion by the customer or upon a cancellation request. Customers also have control over the format (e.g., plain text, masked, or encrypted) and can delete or destroy server content at any time.

SCALIBIT has no authority or right to intervene over the content hosted by its customers in the scope of the services provided. Server content is entirely under the control of the customers and can only be managed, modified, or deleted by the customer. However, SCALIBIT reserves the right to take necessary action, including suspension or termination, in compliance with legal obligations or to comply with applicable law or court orders, or in cases of intellectual property violations.

The administrator/root credentials, other user account details, passwords, SSH port numbers, and similar confidential data related to the servers, services, and platforms used by customers are solely known by the customers and are not stored within SCALIBIT systems.

Customers using SCALIBIT's Dedicated Server or Bare Metal services can erase their data, format their servers, or install a new operating system at any time through remote management panels (IPMI, iDRAC, iLO). For Virtual Machines (VMs), Cloud, Cloud Compute and Optimized Cloud Compute services, a new operating system can also be installed through the management panel. As a result, all previous data on the server is permanently deleted and cannot be recovered by SCALIBIT.

7. RESPONSE TIME & QUESTIONS

Response Time: Valid legal requests are handled in the order received, subject to any pending emergency or expedited matters. Responsive information is generally provided within five (5) business days or earlier if required by law or indicated in the request.

For emergency or expedited legal matters, please refer to Section 2.3 Emergency Requests.

Questions & Clarifications: During SCALIBIT’s business hours, all questions or clarification requests regarding the legal process should be directed to legalrequests@scalibit.com. For security and traceability reasons, SCALIBIT does not process or discuss legal requests via phone, fax, chat, or social media.

8. TRANSPARENCY & REPORTING

SCALIBIT is committed to transparency in handling lawful requests. Where legally permissible, SCALIBIT may periodically publish anonymized statistics summarizing the number and type of requests received from law enforcement and government agencies.

All requests, responses, and disclosures are subject to internal audit review and may be included (in anonymized form) in SCALIBIT’s annual transparency summaries.

SCALIBIT may publicly disclose aggregate statistics (e.g., total number of requests, types of data sought, and compliance rates) without revealing any customer-identifying information.

SCALIBIT may also publish annual transparency summaries on its website, providing general insights into the volume and nature of lawful requests received. These summaries, if published, will exclude any customer-identifiable information and will focus solely on aggregate request statistics.

This Legal Requests Policy forms an integral part of the Terms of Service (ToS), the Privacy Notice, and the Acceptable Use Policy (AUP) of SCALIBIT.com.

This document supersedes any prior version of SCALIBIT’s Law Enforcement and Legal Requests Policy.

Last Reviewed: November 1, 2025
Compliance Verification: SCALIBIT Legal Compliance Department, Wyoming, United States.

SCALIBIT is a global technology company providing cloud solutions, advanced compute, dedicated server services, and infrastructure — from virtual machines to data center deployments, across the Americas, Europe, Asia-Pacific, Australia, and Africa.

Get in touch with us!

We accept credit and debit cards, digital wallets, local payment methods, bank transfers, and Bitcoin.

Telif hakkı © 2025 SCALIBIT technology. Tüm Hakları Saklıdır.