Government Data Request Policy
How oddly responds when a government or law-enforcement body asks for data about one of our users.
oddly (operated by Oddly Even Group Pte. Ltd., Singapore) holds a limited set of account and marketing-operations data on behalf of the merchants who use the Service. We treat that data as our users' data, not ours to hand over on request. This policy explains the standard we apply to any request for it from a government, court, or law-enforcement agency.
Valid legal process is required
We disclose user data to a government or law-enforcement body only when we are legally compelled to, and only to the extent required. In practice that means:
- The request must come through valid legal process appropriate to the data sought and the requesting jurisdiction: for Singapore, a lawful order under the applicable statute; for other jurisdictions, an equivalent court order, warrant, subpoena, or a request made under a recognised mutual legal assistance mechanism.
- The request must be in writing, signed by an authorised official, and specific about the account and the data sought. We reject requests that are overbroad, vague, or not supported by valid process.
- Informal requests, verbal requests, and requests that do not identify a lawful basis are declined.
We tell the affected user
Our default is to notify a user before disclosing their data in response to a government request, so they have an opportunity to seek to limit or challenge it. We will not give notice only where we are legally prohibited from doing so (for example, a valid non-disclosure order), or in a genuine emergency involving a risk of death or serious physical harm. Where a non-disclosure obligation later lapses, we will notify the user.
We disclose the minimum
Where we are compelled to respond, we provide only the specific data the valid process requires. We do not volunteer additional data, and we do not provide bulk or open-ended access. The data we hold for an account is limited to account identifiers (email, name, company), brand and store identifiers from connected sources, and the marketing-operations signals used to compute recommendations; we do not hold payment card numbers, and we do not hold the content of connected platforms beyond the aggregate metrics described in our Privacy Policy.
Emergency requests
In a bona fide emergency involving an imminent risk of death or serious physical injury, we may provide the limited information necessary to address the emergency, consistent with applicable law. We assess each such request on its facts and record our decision.
Data-preservation requests
We may honour a lawful, specific request to preserve data pending valid legal process, for a limited period. Preservation is not disclosure: preserved data is released only if and when valid legal process for disclosure follows.
Transparency
We record the government and law-enforcement requests we receive and how we respond to each. We aim to report on the volume of such requests in aggregate where the law permits. If a request seeks to prevent us from being transparent, we will comply only to the extent legally required and no further.
How to send a request
Law-enforcement and government requests must be sent in writing to [email protected] with the subject line LEGAL REQUEST, and must include the authorising legal process, the specific account identifier, and the precise data sought. Requests that do not meet the standard in this policy will be declined.
Users with questions about this policy can contact [email protected].