Data Request Policy

Effective:  July 16, 2019

Vistasuite receives requests from users and government agencies to disclose data other than in the ordinary operation and provision of the Services. This Data Request Policy outlines Vistasuite’s policies and procedures for responding to such requests for Customer Data. Any capitalized terms used in this Data Request Policy that are not defined will have the meaning set forth in the Customer Terms of Service. In the event of any inconsistency between the provisions of this Data Request Policy and the Customer Terms of Service or written agreement with Customer, as the case may be, the Customer Terms of Service or written agreement will control.

Requests for Customer Data by Individuals

Third parties seeking access to Customer Data should contact the Customer regarding such requests. The Customer controls the Customer Data and generally gets to decide what to do with all Customer Data.

Requests for Customer Data by Legal Authority

Except as expressly permitted by the Contract or in cases of emergency to avoid death or physical harm to individuals, Vistasuite will only disclose Customer Data in response to valid and binding compulsory legal process. Vistasuite requires a search warrant issued by a court of competent jurisdiction (a federal court or a court of general criminal jurisdiction of a State authorized by the law of that State to issue search warrants) to disclose Customer Data.

All requests by courts, government agencies, or parties involved in litigation for Customer Data disclosures should be sent to jared@vistasuite.com and include the following information: (a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Customer Data being requested, including the relevant Customer’s name and relevant Authorized Vista User’s name (if applicable), Vistasuite team url, and type of data sought.

Requests should be prepared and served in accordance with applicable law. All requests should be narrow and focused on the specific Customer Data sought. All requests will be construed narrowly by Vistasuite, so please do not submit unnecessarily broad requests. If legally permitted, Customer will be responsible for any costs arising from Vistasuite’s response to such requests.

Vistasuite is committed to the importance of trust and transparency for the benefit of our Customers and does not voluntarily provide governments with access to any data about users for surveillance purposes.

Customer Notice

Vistasuite will notify Customer before disclosing any of Customer’s Customer Data so that the Customer may seek protection from such disclosure, unless Vistasuite is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm to people or property associated with the use of such Customer Data. If Vistasuite is legally prohibited from notifying Customer prior to disclosure, Vistasuite will take reasonable steps to notify Customer of the demand after the nondisclosure requirement expires. In addition, if Vistasuite receives a National Security Letter with an indefinite non-disclosure requirement, Vistasuite will initiate procedures for judicial review pursuant to 18 U.S.C. § 3511.

Domestication and International Requests

Vistasuite requires that any individual issuing legal process or legal information requests (e.g., discovery requests, warrants, or subpoenas) to Vistasuite properly domesticate the process or request and serve Vistasuite in a jurisdiction where it is resident or has a registered agent to accept service on its behalf. Vistasuite does not accept legal process or requests directly from law enforcement entities outside the U.S. or Canada. Foreign law enforcement agencies should proceed through a Mutual Legal Assistance Treaty or other diplomatic or legal means to obtain data through a court where Vistasuite is located.