Abuse and Legal Process

This page explains how to report misuse of PRIVATEBYTE services and how we respond to lawful demands from courts and law enforcement.

1. Reporting abuse

If you believe traffic from a PRIVATEBYTE IP, VPS, or proxy is engaged in abuse (spam, fraud, phishing, harassment, copyright infringement, CSAM, scraping in violation of your terms, etc.), please use one of these channels.

Web form (preferred — fastest routing)

https://my.privatebyte.com/abuse

The form routes directly to our on-call abuse team via Telegram and email. We acknowledge submissions automatically and respond within 24-48 hours for standard reports, faster for urgent categories.

Email

[email protected]

Include: the originating IP or hostname, timestamps with timezone, log excerpts or screenshots, your contact email, and your organisation if applicable.

What you can expect

• Acknowledgement within one business day (often within minutes).
• Investigation — we examine our gateway logs (which include destination hostname and timestamp; see Privacy Policy section 3.3) for the cited window.
• Action — confirmed abuse results in throttling, suspension, or termination of the responsible customer per our Acceptable Use Policy section 8.4.
• Closure note — we tell you what we did, subject to confidentiality limits.

Critical / urgent reports

For CSAM, terrorism / violent extremism, or active life-threatening situations, mark the urgency field "critical" on the form, or email [email protected] with [URGENT] in the subject. These bypass normal triage and notify on-call staff via 24/7 channels.

2. Internet Watch Foundation (IWF) and NCMEC

PRIVATEBYTE is committed to the eradication of child sexual abuse material from our network. We operate IWF blocklist enforcement at our proxy gateway. We report all detected attempts to the IWF and, where the customer's identity is known, to NCMEC and to UK and destination-jurisdiction law enforcement. We do not warn customers prior to such reports.

3. Lawful demands — courts and law enforcement

PRIVATEBYTE responds to valid legal process from courts of competent jurisdiction and from law enforcement agencies acting under recognised authority.

Where to send legal process

For service of UK and EU process:

PRIVATEBYTE LTD 128 City Road London EC1V 2NX United Kingdom

[email protected]

For US process (subpoenas, 2703(d) orders, search warrants):

We have no US registered agent. Foreign requests should proceed via the UK-US Mutual Legal Assistance Treaty or under the CLOUD Act executive agreement where applicable. Direct subpoenas served on our US upstream providers will be referred to us; we recommend you send the request directly to [email protected] to save time.

What we will produce

For a valid demand, properly scoped, we can produce within the retention windows of our Privacy Policy:

What we will not produce voluntarily

• Anything we do not have. We do not log URL paths, query strings, request bodies, response bodies, or in-VM data.
• Customer data outside the retention windows above. Once expired, the data is purged from our systems.
• Customer data without lawful authority. Voluntary disclosure beyond imminent-harm exceptions creates GDPR exposure for us; we will not do it.

Preservation requests

Send to [email protected] with the subject PRESERVATION REQUEST. Include: customer identifier (email, IP, or account ID), time window, your case reference, and your jurisdiction's authority. We can preserve up to 180 days pending formal process. Preservation does not constitute disclosure.

Emergency disclosure (life-or-death)

For situations involving threat to life, send to [email protected] with EMERGENCY in the subject and provide a verifiable LE contact for callback. We honour 24/7 emergency disclosure under UK Data Protection Act 2018 Part 3 and equivalent foreign provisions where applicable.

Customer notification

Where lawful, we notify the affected customer of disclosure within 30 days. We do not notify when prohibited by gag order, when notification would itself constitute a tip-off offence, or when we believe notification would put a person in danger. We log every disclosure and the rationale for notify-or-not in our internal audit system; this log is itself disclosable under valid process.

Transparency

We publish a transparency report annually in January listing the number of legal-process requests received, the categories, and our compliance rate. The first report covers calendar year 2026 and will be published January 2027.

4. DMCA copyright takedown

For US-style DMCA takedowns of content hosted on our VPS service, please email [email protected] with the standard 17 U.S.C. § 512(c)(3) elements. We will act on properly-formed notices within 24 hours.

For copyright infringement involving our proxy service, please use the abuse form — proxies do not host content; they are infrastructure, and we cannot take down hosted material we do not host. We can and will suspend customers using our proxy service to access infringing material on third-party sites where the underlying activity also breaches Section 8 of our Acceptable Use Policy.

5. Sanctions

PRIVATEBYTE does not knowingly provide services to:

• Persons or entities listed on the UK Treasury OFSI consolidated list
• Persons or entities on the US OFAC Specially Designated Nationals list
• Persons or entities on the EU Consolidated Sanctions List
• Persons in or ordinarily resident in territories subject to comprehensive UK or US sanctions regimes (currently: Crimea, Donetsk and Luhansk regions of Ukraine, Cuba, Iran, North Korea, Syria; subject to change as sanctions evolve)

If you believe we are inadvertently providing services in breach of sanctions, please email [email protected].

6. Updates

This page may change as our processes mature, our jurisdiction footprint expands, or applicable law changes. Material changes are notified at sign-in and via email to active customers.