Law Enforcement Guidelines

Principles

Mor evaluates all law enforcement and government requests under the following principles:

• We validate requests for legality, authenticity, and scope before production.
• We interpret requests narrowly and minimize production to what is necessary and responsive.
• We may require clarification, reject, or object to requests that are overbroad, defective, or insufficiently authenticated.
• Standards vary by jurisdiction, data type, and applicable law.
• Any thresholds described on this page are Mor's general policy thresholds (which may exceed legal minimums) and do not constitute legal advice.

How to Submit a Request

All requests must be submitted in writing. Requests should include:

• Agency identification: Name of the requesting agency and identity of the requesting official.
• Official contact information: Valid email address from an official government domain, phone number, and mailing address.
• Case or reference number: Investigation or case identifier.
• User identifiers: Specific identifiers for the account(s) at issue (e.g., account email address, user ID, or other identifying information).
• Time window: Specific date range or time period for the requested data.
• Data categories: Specific categories of data being requested.
• Legal process: Applicable legal process attached, or a clear statement of what is being sought if requesting voluntary disclosure.

Authenticity & Verification

We verify the authenticity of all requests. Verification may require:

• Badge or official identification.
• Supervisor confirmation.
• Callback to a publicly listed agency phone number.
• Request submitted on official letterhead.

Telephone is for verification purposes only. We do not accept substantive requests by phone. We may reject requests that appear fraudulent, spoofed, or insufficiently authenticated.

Data We May Have

Depending on how a user interacts with Mor, and subject to retention limits, we may have the following categories of information:

Account Information (if provided)

• Email address
• Display name (if provided; users are not required to use a legal name)
• Date of birth (used for age verification)
• Account creation date
• Account status
• Account settings and preferences

Service Logs (if generated)

• IP addresses used to access the service
• Login and access timestamps
• Device information and browser characteristics
• User agent and app version (if applicable)

Service logs are retained for a limited period as described in our Privacy Policy.

User Content (if applicable)

• Messages, chats, and other content submitted through the service
• Communications, reports, and feedback submitted to Mor

Mor is primarily a news and content consumption service. As of this writing, Mor does not support public user-generated posts or comments. This page will be updated if that changes.

Personalization Signals (if stored)

• Topic preferences and stated interests
• Saved articles (if the feature is used)
• Interaction and usage metadata (which may include engagement signals, if collected)

Security & Abuse Signals (if collected)

• Reports submitted by or about the user
• Security events and abuse-prevention logs

Retention & Deletion

Data retention is limited and described in our Privacy Policy. Key points:

• We retain personal information only as long as necessary for the purposes described in our Privacy Policy.
• We may retain data longer if required by law, legal hold, or pending legal process.
• Preservation (see below) does not create new data and cannot restore data that was already deleted or was never collected.
• When a user requests deletion, data is deleted or irreversibly anonymized subject to legal obligations.

Legal Process Requirements

We require valid legal process before disclosing user data. The following reflects Mor's general policy thresholds (U.S.); requirements vary by jurisdiction, data type, and applicable law.

General Policy (U.S.)

• Subpoena: Generally required for basic account information (email, account dates, account status).
• Court order: Generally required for service logs and transactional records.
• Search warrant: Generally required for content data, including user-submitted content, messages, and interaction data.

As a matter of policy, we apply higher process requirements to more sensitive data categories. The thresholds above are Mor's policy minimums and may exceed what is legally required. We are not providing legal advice regarding what process is required in any particular jurisdiction or situation.

Emergency Requests

In emergency situations involving imminent danger of death or serious physical injury, we may disclose information without standard legal process.

Emergency channel: emergency@themorapp.com

Emergency requests must include:

• Written request on official letterhead or equivalent authentication.
• Clear description of the emergency and imminent threat.
• User identifiers for the account(s) at issue.
• Specific data requested.
• Explanation of why the information is needed to prevent imminent harm.
• Explanation of why normal legal process cannot be obtained in time.

We limit emergency disclosures to what is necessary to address the identified imminent harm. We log and internally review all emergency disclosures. We may require follow-up legal process after the emergency.

Preservation Requests

We will preserve records upon receipt of a valid preservation request made pursuant to applicable law (e.g., 18 U.S.C. § 2703(f) in the U.S.) pending issuance of legal process.

Preservation requests must include:

• Specific user identifiers for the account(s) whose data should be preserved.
• Explicit date range or time window for the data to be preserved.
• Statement that legal process is being sought.
• Valid return contact from an official government domain.
• Reference to the pending investigation or case number.

Preservation period: As a matter of policy, we generally preserve for 90 days. We may extend preservation for one additional 90-day period upon written request. Extensions beyond this require legal process or other lawful basis.

User Notification

We notify users of requests for their data when legally permitted.

Timing: Where feasible, we notify before production. Where not feasible or not permitted, we notify after production or after restrictions expire.

Exceptions: We do not notify users when:

• Notification is prohibited by law or valid court order.
• A valid nondisclosure or delayed-notice order is in effect.
• Notification would create imminent risk of death or serious physical injury.
• Notification would risk destruction, alteration, or concealment of evidence.
• The user has no valid contact information or is unreachable.

If you require nondisclosure, include a valid legal basis (such as a court order) with your request.

International Requests

Mor is a U.S.-based company. Requests from outside the United States must generally be routed through U.S. legal process, such as:

• Mutual Legal Assistance Treaty (MLAT) request.
• Letter rogatory issued by a court of competent jurisdiction.
• Other lawful mechanism enforceable where Mor operates.

We do not respond to direct foreign government requests absent valid legal process enforceable in the United States or as otherwise required by law.

What We Do Not Provide

• Backdoors: We do not provide law enforcement with "backdoor" access to our systems or user data.
• Bulk or blanket disclosures: We do not provide bulk data or respond to requests that are not targeted to specific accounts or identifiers.
• Real-time or continuous access: We do not provide real-time surveillance or ongoing access to user data except where legally compelled and technically feasible.
• Plaintext passwords: We do not store or disclose plaintext passwords.
• Location data: We do not provide precise location data unless such data is explicitly collected as part of the service and the user has enabled location features.

Child Safety

We report all known child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) as required by law.

Requests involving child safety or CSAM may be handled on an expedited basis. If the matter involves imminent danger to a child, use the emergency channel.

For more information, see our Child Safety Policy.