DigitalOcean

Law Enforcement Guidelines

Last Updated on February 25, 2026

These guidelines are intended for those seeking information about a DigitalOcean account, or looking to take action against a resource hosted on our network.

Requesting DigitalOcean User Information

Safeguarding our users’ data is vital to the trust our users place in our service to keep their data secure. For the most part, DigitalOcean’s ability to disclose user information is governed by the Electronic Communications Privacy Act, 18 U.S.C. §2701, et seq. (“ECPA”). ECPA mandates that DigitalOcean disclose certain user information to law enforcement only in response to specific types of legal process, including subpoenas, court orders, and search warrants.

To request information for a site hosted on DigitalOcean, the site’s IP address and a date range must be specifically included in the request. We can’t process overly broad or vague requests. If your inquiry alerts us to a violation of our policies or Terms of Service, we will handle it via our usual abuse procedures which may include contacting the user regarding their misconduct or suspending the site entirely.

What Information Is Available?

Our Privacy Policy describes the information that we collect in more detail. In general, we have:

  • The email address currently assigned to the account.
  • The IP address from which a site was created.
  • The date and time at which a site was created.
  • First name, last name, and phone number (if a user elects to provide this information).
  • The PayPal or Stripe transaction information for purchases (this does not include credit card or bank account information, but may include country code or postal code).
  • Physical address (if a user elects to provide this information).
  • The contents of the Droplet itself (if the Droplet has not been deleted by the user).

We cannot guarantee that we will have any given set of information for any particular user.

The length of time data is retained varies based on the type of information and actions of the user. Generally, Droplet contents are purged immediately upon deletion by the customer. Additionally, customers can control the format of their content (e.g. plain text, masked, or encrypted) and can delete or destroy server content whenever they choose. DigitalOcean accounts can contain various information, which is unverified and is provided at the user’s discretion.

Before revealing information to anyone who is not the account owner, we require a valid subpoena, warrant, or court order that specifically requests it, unless we have a good faith belief that there is an emergency involving death or serious physical injury. See below for more details.

What Information Is Unavailable?

Here are some examples of data which we are unable to provide:

  • Connection Logs.
  • Credit Card information.
  • Local and long distance telephone connection records.
  • Records of session times and durations.
  • MAC addresses.
  • Telephone or instrument numbers.

Requests from Government Agencies/Law Enforcement

  • Except in emergencies (see more below), DigitalOcean turns over protected user information only upon receipt of a valid subpoena, ECPA US court order, or search warrant. Additionally, we will notify affected users about any requests for their account information, unless prohibited from doing so by law or court order (see more below).
  • Upon receipt of a valid subpoena, if these pieces of information are available, we can provide user registration information such as the first and last names, phone number, email address, the date/time stamped IP address from which a site was created, the physical address, and the PayPal / Stripe transaction information.
  • Upon receipt of a valid ECPA court order, if these pieces of information are available, we can provide access logs which might reveal a user’s movements over a period of time, account or private repository settings (for example, which users use certain services, etc.), security access logs other than account creation or for a specific time and date.
  • Upon receipt of a valid search warrant, if these pieces of information are available, we can disclose content of customer virtual machines, the content of user communications with customer support, or other forms of content data.
  • For legal requests from government agencies/law enforcement outside of the United States, we require that the request be served via (1) a United States court, (2) an enforcement agency under the procedures of an applicable mutual legal assistance treaty (MLAT), or (3) an order from a foreign government that is subject to an executive agreement that the Attorney General of the United States has determined and certified to Congress satisfies the requirements of 18 U.S.C. 2523.

Emergency Requests

As US law permits, we may disclose user information to law enforcement without a subpoena or warrant when we believe that doing so without delay is necessary to prevent death or serious physical harm to an identifiable victim. We require emergency requests to be made through our Law Enforcement Response Portal app.kodexglobal.com/digitalocean/signin and include all the information available so that we may evaluate the urgency of the request.

Notification to DigitalOcean Users

We notify users and provide them with a copy of any legal process regarding their account unless we are prohibited by law or court order from doing so (e.g., an order under 18 U.S.C. § 2705(b)). In those cases, we will notify users and provide them with a copy of the legal process when the non-disclosure order expires.

If a request for information is valid, we will preserve the necessary information, and then make a reasonable effort to notify any affected account owner(s) by sending a message to their verified email address. In most cases, upon notification to the user, that user will be provided with 7 calendar days to file an objection with the court or otherwise legally challenge the request. If, prior to the deadline, we receive notice from the user that he or she has filed an objection to challenge a request, no information will be delivered until that process concludes.

Preservation Requests for DigitalOcean Sites

DigitalOcean honors requests from law enforcement to preserve information in accordance with 18 U.S.C. § 2703(f). Upon receiving a valid preservation request, DigitalOcean will preserve available account information associated with the username listed in the request in an offline file for up to 90 days and will extend the preservation for one additional 90-day period on a renewed request.

Preservation of data is restricted to what is specifically and explicitly requested. You must specify the type of data that is subject to the preservation request, including whether the request relates to subscriber/account information or server content data.

Serving Process on DigitalOcean and Making Inquires

To submit your legal request or inquiry, please create an account on our Law Enforcement Request Portal, Kodex: app.kodexglobal.com/digitalocean/signin

Please make your requests as specific and narrow as possible, including the following information:

  • Full information about authority issuing the request for information
  • The name and badge/ID of the responsible agent
  • An official email address and contact phone number
  • The IP address, date, and timestamp(s) including time zone
  • The description of the types of records you need

Please allow at least two weeks for us to be able to look into your request. DigitalOcean reserves the right to make changes to any of the foregoing practices in its sole discretion.

Reimbursement for Requests

DigitalOcean reserves the right to seek reimbursement of reasonably incurred directly related costs to respond to legal process.

© 2026 DigitalOcean, LLC.Sitemap.