GoTo Government Request Policy
At GoTo, we value the privacy and security of our customers and their data. Therefore, we have taken precautions designed to ensure that we are safeguarding the information entrusted to us by our users from any unlawful access or intrusions. This policy was created to provide greater transparency regarding the guidelines used by GoTo to determine how and when we will process demands received from law enforcement, national security, and other regulatory bodies (“Government”) for information about our customers, their employees, and/or their users (“Customer Information”).
In addition, it is important to note that while this policy is not specifically intended to address requests for Customer Information arising from private or commercial disputes, GoTo will, to the extent applicable, take the same precautions specified herein for such requests.
Safeguarding Customer Information
Upon receipt of a Government request for Customer Information, GoTo takes the following steps into consideration before responding:
- Subject. Wherever possible, GoTo believes that the Government should first seek to obtain the information that they are seeking directly from the customer or end user who is the subject of the investigation before requesting such Information from GoTo.
- Authority. GoTo will only provide Customer Information if the Government has appropriate authority under applicable law to request such information. Absent a valid warrant, subpoena, court order, equivalent legal process, or emergency situation, it is GoTo’s position not to provide Customer Information to the Government.
- Scope. Wherever possible, GoTo will seek to ensure that any request for Customer Information is limited to a clear and reasonable scope about a specific customer account, request additional context if the nature of the investigation is not clear, and may push back on the request for other reasons. In the event GoTo does provide information, it will be the minimum amount of information required to comply with the demand.
- Notice. Except in circumstances where GoTo has been advised by the Government not to notify, is prohibited from doing so, or there is a clear indication of illegal conduct or risk of harm, GoTo will notify the customer of a request before disclosing any Customer Information so that the customer may seek available legal remedies.
Information We Can Provide
The vast majority of requests we receive are for basic customer account-level information in connection with a Government investigation of potential fraud, a violation of law, or suspected bad actors who may be using our services in violation of our Terms of Service.
The categories of Customer Information that may be hosted and retained by GoTo depend on which GoTo services are used. We strongly encourage Government officials to review our service offerings before preparing and submitting any warrant, subpoena, court order, or equivalent legal request.
Information Governments Must Provide
Government officials are asked to ensure that any requests for Customer Information be reasonable in scope and narrowly tailored to request only the information needed to complete their investigation. To help us respond in an effective and timely manner, please provide as much of the following information as possible:
- Customer email address. Most Customer Information is identified by using the Master Account Holder email address. Therefore, the email address associated with the account is very helpful.
- Billing address and/or credit card information. In some instances, we will be able to identify an account based on the last four digits of the credit or debit card used to purchase the services and the date of the transaction. Please note that GoTo does not possess any credit or debit card information beyond the last four digits.
- GoTo service. Please identify the GoTo service offering to which the request relates. In addition, wherever possible, please provide information related to use of the service offering such as session ID, IP address, telephone number, meeting ID, username, master account holder, etc.
Each request must also include contact information for the authorized Government official, including:
- Agency name
- Agent name and badge/identification number
- Agent employer-issued email address
- Agent phone number, including any extension
- Agent mailing address
- Requested response date
Where to Submit a Request
While we agree to accept requests by this method, neither GoTo nor our customers waive any legal rights based on this accommodation. Additionally, e-mail requests must be made from an official Government e-mail address.
All Government requests must be issued pursuant to applicable laws and made through official channels (e.g., executed order, Government e-mail address, etc.). In addition, requests must be made under appropriate legal basis, and a Mutual Legal Assistance Treaty request, a request from a country meeting the obligations under the U.S. CLOUD Act, letter rogatory, or other form of domestication may be required to establish the legal basis of the request.
We will review all international Government requests on a country-by-country and case-by-case basis in order to consider and balance our local legal obligations against our commitments to promote users’ safety and privacy. We may choose to respond differently to requests from different countries where these commitments conflict with local law.