How much access does DigitalOcean have to my data?
How does DigitalOcean respond to government requests for customer data?
- We are totally committed to privacy. We have strong privacy policies in place and actively enforce them.
- We stand with our users when a government agency asks us for data. We don't voluntarily cooperate with authorities unless either legally compelled to do so, or in the case of imminent harm emergencies.
- We have many processes in place to closely scrutinize law enforcement requests, and we push back when something's not right.
- We notify customers of government requests for their information (unless we're prohibited by law from doing so), and we give our customers time to legally challenge or quash the request whenever possible.
DigitalOcean, like all hosted service providers, is required to turn over customer data when it receives valid legal process from a government agency with jurisdiction. We review each request very carefully to ensure that the government is entitled to the data they seek with the level of process they have obtained. Where appropriate, we also negotiate with the requesting agency to narrow the scope of the data sought. For more information about how we handle legal requests, see our Law Enforcement Guide here.
My country / industry has laws requiring data privacy and security. Can I use DigitalOcean and still comply with these laws?
DigitalOcean adheres to the highest standards when it comes to privacy and data security. Our services comply with stringent EU privacy directives, and we regularly conduct security audits and assessments meeting those requirements. Additionally, the data centers in which we host our servers have various certifications and compliance audits, which you can read about here: https://www.digitalocean.com/help/policy/
Some customers must comply with regulations that require data to reside in a specific country. These customers are free to choose the datacenter to which their Droplet will be deployed. The latest list of our available datacenters is here: https://www.digitalocean.com/pricing/
While DigitalOcean takes every precaution to provide security of the cloud, it remains our customers' responsibility to provide security in the cloud. Security of the cloud means that DigitalOcean ensures the security and integrity of the physical servers, storage, networking and hosting facilities that comprise our global cloud infrastructure. Security in the cloud means that customers are responsible for the security of Droplets running within that cloud infrastructure: the operating system, network configuration, access management, encryption and application-level security. These security measures must be implemented and operated by the customer, no differently than they would for on-site hosting.
Generally compliance with data privacy and security laws involves configuring services and training employees to use those services in a way that maintains compliance requirements for a given industry and location. DigitalOcean offers our customers the flexibility to configure and manage their data according to their compliance requirements, whatever those requirements may be.
Since DigitalOcean is a US company, what protections are in place for data in foreign data centers?
As a Safe Harbor certified company, DigitalOcean is legally obliged to safeguard EU data at the same high standards as EU privacy regulations. We adhere to the seven Safe Harbor Privacy Principles, which conform to the EU Directive on Data Protection passed in 1998. The seven Safe Harbor Privacy Principles are: (1) Notice; (2) Choice; (3) Onward Transfer; (4) Security; (5) Data Integrity; (6) Access; and (7) Enforcement. The text of these principles is here: https://www.export.gov/safeharbor
Additionally, as a US company, DigitalOcean is bound by US law, and our customers are protected by US due process standards. Except in emergencies, DigitalOcean turns over protected user information only upon receipt of a valid subpoena, search warrant, or US Court order. We require any law enforcement request to have jurisdiction and appropriate authority to compel us to disclose any customer information. We often deny requests for reasons of inadequate authority.
Does data located in one data center ever get moved to another location without the user knowing?
User data and account information such as billing information, customer support inquiries and contact email may reside in our central US databases. Server data remains in the data center to which it was provisioned. Backup copies may reside in nearby regional data centers for reasons of geographic redundancy (e.g., Germany Snapshot Backups end up in another Frankfurt data center). EU server copies do not leave the EU.
Does the data in foreign data centers need to abide by US law?
Any content you host on DigitalOcean must adhere to our terms of service, available here: https://www.digitalocean.com/legal/terms/. Section 3.9 gives a non-exhaustive list of specific legal prohibition examples.
Does DigitalOcean have a transparency policy? Where is the transparency policy shown?
Starting in Q2 2015, DigitalOcean will be publishing a transparency report detailing the types of requests we receive and our responses to those requests. Those reports can be found here.
How does DigitalOcean respond to US government requests for user data (billing info, name, etc)?
We require an ECPA subpoena – which has the lowest threshold for a government agency to obtain. In many jurisdictions there is no requirement that a judge review a subpoena before the government can issue it. Government agencies can use a subpoena to compel DigitalOcean to disclose only specific types of information listed in the statute. For example, a valid subpoena for your IP address could compel us to disclose the name that you listed when creating the account, and the IP addresses from which you created the account.
How does DigitalOcean respond to US government requests for server data?
We require an ECPA search warrant. To obtain one, a government agency must make a request to a judge or magistrate and meet a relatively high burden of proof: demonstrating 'probable cause' to believe that contraband or certain information related to a crime is presently in the specific place to be searched. A warrant must specify the place to be searched and the things being sought. It can be used to compel the disclosure of the same information as an ECPA subpoena or court order—but also a user's private content stored in a DigitalOcean. An ECPA search warrant is available only in criminal investigations.
How does DigitalOcean respond to Non-US government requests for user data (billing info, name, etc)?
As a United States company based in New York, DigitalOcean is not required to provide data to foreign governments in response to legal process issued by foreign authorities. For legal requests from government agencies/law enforcement outside of the United States, we require that the request be served via a United States court or enforcement agency under the procedures of an applicable mutual legal assistance treaty (MLAT).
How does DigitalOcean respond to Non-US government requests for server data?
Foreign law enforcement officials wishing to request information from DigitalOcean should contact the United States Department of Justice Criminal Division's Office of International Affairs. DigitalOcean will promptly respond to requests that are issued via U.S. court by way of a mutual legal assistance treaty ("MLAT") or letter rogatory. We require a search warrant before disclosing content of customer virtual machines to government agencies/law enforcement.
What additional measures can I take as a customer to prevent unauthorized access to my data?
Customers have complete control over their content and the Droplet environment. They can:
- Choose to locate all Droplets within EU data centers, such that their server content never crosses into other geographies
- Control whether to use SSL, VPN's or other network security measures to prevent unauthorized access
- Manage access controls, such as identity access management and security credentials
- Control the format of their content (e.g. plain text, masked, or encrypted)
- Delete or destroy server content whenever they choose