At Trustname, our mission is to provide a "sovereign" alternative to Big Tech, built on the principle that true privacy requires absolute clarity regarding government and third-party data requests. We believe that earning and maintaining your trust depends on being transparent about every legal demand we receive, which is why we publish semi-annual updates to our Transparency Report.
Here are some key points to keep in mind:
We Mandate Strict Due Process: Trustname never cooperates with "informal" requests. Any demand for information must strictly adhere to the due process of law and be subject to independent judicial oversight. Our role is not to make law enforcement’s job easier or harder; it is to ensure the law is followed to the letter to protect our users' rights.
Privacy is Non-Negotiable: Our overriding principle is that the personal information you entrust to us is private. We do not sell, rent, or share your data with third parties. This commitment applies with equal force to commercial entities, private litigants, and government agencies. We view our customers' privacy as a fundamental right, not a secondary concern.
A Commitment to User Notice: It is our strict policy to notify customers of any subpoena or legal process requesting their account or billing information before any disclosure occurs. This applies to both government demands and civil litigation. We will only withhold notice if we are explicitly and legally prohibited from doing so by a valid court order.
Rejection of Extra-territorial Overreach: Trustname does not recognize the authority of U.S. or other non-EU agencies to demand data directly. Because we are outside U.S. jurisdiction, we do not comply with the U.S. CLOUD Act. All non-EU authorities must utilize the Mutual Legal Assistance Treaty (MLAT) process. This ensures that every foreign request is first audited by the Estonian Ministry of Justice and approved by an Estonian court before we take any action.
Some important things we have never done:
Trustname has never disclosed or compromised the encryption keys used for our secure internal systems. Nor have we ever provided a third party with access to our users' authentication keys.
Trustname has never installed any law enforcement surveillance software, "backdoors," or monitoring equipment anywhere on our servers or within our management infrastructure.
Trustname has never provided any law enforcement organization or government agency with a direct "feed" or bulk access to our customers' account data or registrant information.
Trustname has never modified, suspended, or transferred a customer’s domain name at the request of law enforcement or a third party without a valid court order from the Republic of Estonia and our relevant privacy-shield jurisdictions.
Trustname has never modified the intended destination of DNS responses, nor have we implemented any DNS-level redirection or censorship at the request of any authority outside of a formal, domestic judicial process.
Trustname has never weakened, subverted, or compromised our Two-Tier Privacy (2TP) system or our underlying security protocols at the request of any government or third party.
===
1. Executive Summary
Reporting Period: July 1, 2025 – December 31, 2025
Last Updated: February 6, 2026
Trustname operates under the strict legal jurisdiction of the Republic of Estonia and the European Union, meaning we do not recognize or comply with direct data requests from foreign law enforcement agencies, including those issued under the U.S. CLOUD Act. For any non-EU authority to request information, they must utilize the Mutual Legal Assistance Treaty (MLAT) process, which requires the request to be audited by the Estonian Ministry of Justice and approved by a local court.
This framework provides our users with three critical layers of protection: it allows us to reject 100% of informal or extra-territorial demands, it enforces the "Dual Criminality" rule (ensuring data is only shared if the act is also a crime in Estonia), and it provides a judicial "cool-down" period of several months, preventing bulk or instantaneous surveillance and ensuring every request is subject to the highest standards of European human rights and privacy law.
Learn more about the Mutual Legal Assistance Treaty (MLAT) and how it protects you.
2. Our Legal Framework (The "Shield")
As an Estonian entity (Fewmoretaps OÜ), we operate under the strict privacy laws of the European Union (GDPR).
Our Policy: We do not disclose user data unless presented with a valid, legally binding order from a court of competent jurisdiction within the EU.
Non-EU Requests: Requests from foreign governments (e.g., US, UK) must follow the Mutual Legal Assistance Treaty (MLAT) process to be considered.
3. Law Enforcement & Data Requests
In the table below, we disclose the volume of requests handled during this reporting period.
Law Enforcement Requests by Country
| Country / Region | Number of Requests | Rejected | Data Disclosed |
| European Union | 0 | 0 | 0 |
| United Kingdom (UK) | 7 | 7 | 0 |
| Australia | 2 | 2 | 0 |
| United States | 153 | 153 | 0 |
| India | 4 | 3 | 0 |
| Others | 1 | 1 | 0 |
| Total | 172 | 171 | 0 |
Domain Suspensions by Category
Data Requests by Authority & Rejection Analysis
| Country | Law Enforcement Agency | Typical Outcome / Most Common Reason for Rejection |
| European Union | Europol | |
Federal Criminal Police Office (Bundeskriminalamt - BKA) | ||
State Police (Landespolizei) | Rejected: Procedural Defects | |
| National Gendarmerie (Gendarmerie Nationale) | ||
National Police (Politie) | ||
| Police and Border Guard Board (Politsei- ja Piirivalveamet) | ||
| Estonian Internal Security Service (Kaitsepolitseiamet - KAPO) | Withdrawn | |
| Estonia | Fiscal Information and Investigation Service (FIOD) | Challenged |
United Kingdom | National Crime Agency (NCA) | |
| South East Regional Organised Crime Unit (SEROCU) | ||
| Metropolitan Police Service (London) | ||
| Greater Manchester Police, Police Scotland | ||
| HM Revenue and Customs (HMRC | ||
| Serious Fraud Office (SFO) | ||
| Federal Bureau of Investigation (FBI) | ||
| Department of Justice (DOJ) | Redirected | |
| Drug Enforcement Administration (DEA) | ||
| New York Police Department (NYPD) | ||
| California Department of Justice | ||
| Various County Sheriff’s Offices | ||
| Australian Federal Police (AFP) | Rejected: Lack of User Notice | |
| Australian Criminal Intelligence Commission (ACIC) | ||
| New South Wales Police Force | Rejected: Exempt Data (Professional Privilege) | |
United States | Victoria Police | Rejected: Invalid Jurisdiction |
| Central Bureau of Investigation (CBI) | Rejected: Manifestly Unfounded | |
Australia | National Investigation Agency (NIA) | Rejected: Overly Broad |
| Enforcement Directorate (ED) | Rejected: Future-Dated | |
| Bangalore City Police Cyber Cell | Rejected: Incorrect Legal Entity | |
India | Delhi Police IFSO | Rejected: Procedural Defects |
| Various Cyber Crime Cells | Rejected: Insufficient Legal Standard |
4. Content Takedowns & Abuse Reports
Trustname is a fully ICANN-accredited domain name registrar providing secure domain registration and management services. It is important to distinguish the role of a registrar from that of a hosting provider: registrars are generally not the appropriate venue for addressing concerns regarding specific website content. Because any action taken by a registrar affects the entire domain, such measures are often disproportionate and ineffective for content-level disputes.
Consistent with our ICANN obligations and our commitment to a secure internet, Trustname takes swift action to mitigate technical abuse, such as phishing or malware distribution, originating from domains using our services, and CSAM. For trademark-based disputes, we strictly follow the ICANN Uniform Domain-Name Dispute Resolution Policy (UDRP), ensuring that all such matters are handled through established, transparent, and neutral arbitration channels.
Outside of these specific technical and trademark mandates, we maintain our "Safe Harbor" status, requiring a valid Estonian court order for any other domain-level interventions. This section covers reports regarding phishing, malware, and illegal content.
Total Abuse Reports Received: 72
Action Taken (Suspensions): 1 (CSAM - Child sexual abuse material)
Declined (no valid court order presented): 71
5. Privacy Safeguards
WHOIS Privacy: We provided redaction for 100% of eligible domain registrations.
Third-Party Sharing: Trustname shared data with 0 third-party advertisers or data brokers.
- Data Encryption: Technical privacy infrastructure, as explained below.
To minimize our data footprint and ensure that user information cannot be compromised even in the event of hardware seizure, Trustname employs the following technical safeguards:
A. RAM-Only Logging (Volatile Storage)
What it is: Our primary access and application logs are stored exclusively in volatile memory (RAM) rather than on permanent hard drives (SSD/HDD).
The Privacy Benefit: Because RAM requires power to retain data, all logs are automatically and permanently wiped upon any server reboot or power loss. This ensures that no long-term "trail" of user activity exists on our physical hardware.
Status: Enabled/Active across all European nodes.
B. Encrypted Database Backups (AES-256)
What it is: While active user data is strictly protected, our backup archives are encrypted using the Advanced Encryption Standard with 256-bit keys (AES-256).
The Privacy Benefit: Even if a backup file were intercepted during off-site transit, it remains cryptographically impossible to read without the master private keys, which are stored in a geographically separate, hardened Key Management System (KMS).
Status: 100% Encryption Coverage for all redundant data stores.
6. Warrant Canary
Status: ACTIVE
As of February 6, 2026, Trustname (Fewmoretaps OÜ) has received
- ZERO National Security Letters
- ZERO Gag Orders
- ZERO secret warrants from any government agency.
We have NOT been required to build "backdoors" into our systems.
7. Analysis of Trends
In the last year, we have seen a 5% increase in invalid data requests. This confirms that our stance on European Data Sovereignty is effectively shielding our users from overreaching global surveillance.
Definitions:
Challenged: We went to court to fight the warrant or narrow its scope.
Withdrawn: Law enforcement took back the request after we asked for clarification or pointed out legal errors.
Redirected: We informed the authorities that they must seek the data directly from the user or the relevant enterprise customer.
Rejected: A request is classified as "Rejected" when Trustname (Fewmoretaps OÜ) receives a formal legal demand but refuses to provide any user data or take the requested action. This occurs after our legal team conducts a manual review and determines the request fails to meet our required standards.
A request is rejected if it falls into one of these three categories:
1. Facial Invalidity
- The request is not signed by a judge or authorized official.
- The request contains material errors (wrong dates, incorrect legal entity name, or non-existent account identifiers).
- The request was not properly served (e.g., sent via an informal social media message rather than a formal legal channel).
2. Legal Deficiency
- Invalid Jurisdiction: The request originated from a non-EU authority without the necessary Mutual Legal Assistance Treaty (MLAT) or a valid Estonian court validation.
- Procedural Defects: Law enforcement attempted to obtain private content using a low-level subpoena when a high-level probable-cause search warrant is legally required.
- Dual Criminality: The alleged act is not considered a crime under Estonian or EU law (e.g., certain forms of protected political expression).
3. Substantive Overreach:
- Overly Broad: The request is a "fishing expedition" that lacks specific selectors and asks for data on an entire group of users.
- Manifestly Unfounded: The request appears to be an abuse of power or intended for harassment rather than a legitimate criminal investigation.
Trustname (Fewmoretaps OÜ) is a European domain registrar and infrastructure provider. We specialize in non-US jurisdiction services, offering resistance to the CLOUD Act via the MLAT process and RAM-only logging architecture.
Place accordion item content here...
Place accordion item content here...
National Gendarmerie (Gendarmerie Nationale)
National Police (Politie)