Trustname Transparency Report H2 2025
At Trustname, our mission is to provide a "sovereign" alternative to Big Tech, built on the principle that true privacy requires absolute clarity regarding government and third-party data requests. We believe that earning and maintaining your trust depends on being transparent about every legal demand we receive, which is why we publish semi-annual updates to our Transparency Report.
1. Executive Summary
Reporting Period: July 1, 2025 – December 31, 2025
Last Updated: March 8, 2026
Transparency Report Schedule: Trustname publishes transparency reports on a semi-annual basis (H1 and H2).
Trustname operates under the strict legal jurisdiction of the Republic of Estonia and the European Union, meaning we do not recognize or comply with direct data requests from foreign law enforcement agencies, including those issued under the U.S. CLOUD Act. For any non-EU authority to request information, they must utilize the Mutual Legal Assistance Treaty (MLAT) process, which requires the request to be audited by the Estonian Ministry of Justice and approved by a local court.
This framework provides three layers of protection: it allows us to reject 100% of informal or extra-territorial requests, it enforces the Dual Criminality principle (ensuring data is shared only if the act is also a crime in Estonia), and it provides a judicial review period (normally up to 6 months) that prevents bulk or instantaneous surveillance.
Here are some key points to keep in mind
- We Mandate Strict Due Process: Trustname never cooperates with "informal" requests. Any demand for information must strictly adhere to the due process of law and be subject to independent judicial oversight. Our role is not to make law enforcement’s job easier or harder; it is to ensure the law is followed to the letter to protect our users' rights.
- Privacy is Non-Negotiable: Our overriding principle is that the personal information you entrust to us is private. We do not sell, rent, or share your data with third parties. This commitment applies with equal force to commercial entities, private litigants, and government agencies. We view our customers' privacy as a fundamental right, not a secondary concern.
- A Commitment to User Notice: It is our strict policy to notify customers of any subpoena or legal process requesting their account or billing information before any disclosure occurs. This applies to both government demands and civil litigation. We will only withhold notice if we are explicitly and legally prohibited from doing so by a valid court order.
- Rejection of Extra-territorial Overreach: Trustname does not recognize the authority of U.S. or other non-EU agencies to demand data directly. Because we are outside U.S. jurisdiction, we do not comply with the U.S. CLOUD Act. All non-EU authorities must utilize the process. This ensures that every foreign request is first audited by the Estonian Ministry of Justice and approved by an Estonian court before we take any action.
Some important things we have never done
- Trustname has never disclosed or compromised the encryption keys used for our secure internal systems. Nor have we ever provided a third party with access to our users' authentication keys.
- Trustname has never installed any law enforcement surveillance software, "backdoors," or monitoring equipment anywhere on our servers or within our management infrastructure.
- Trustname has never provided any law enforcement organization or government agency with a direct "feed" or bulk access to our customers' account data or registrant information.
- Trustname has never modified, suspended, or transferred a customer’s domain name at the request of law enforcement or a third party without a valid court order from the Republic of Estonia and our relevant privacy-shield jurisdictions.
- Trustname has never modified the intended destination of DNS responses, nor have we implemented any DNS-level redirection or censorship at the request of any authority outside of a formal, domestic judicial process.
- Trustname has never weakened, subverted, or compromised our Two-Tier Privacy (2TP) system or our underlying security protocols at the request of any government or third party.
2. Our Legal Framework (The "Shield")
As an Estonian entity (Fewmoretaps OÜ d/b/a Trustname.com), we operate under the strict privacy laws of the European Union (GDPR).
Our Policy: We do not disclose user data unless presented with a valid, legally binding order from a court of competent jurisdiction within the EU.
Non-EU Requests: Requests from foreign governments (e.g., US, UK) must follow the Mutual Legal Assistance Treaty (MLAT) process to be considered. Learn more about the and how it protects you.
3. Law Enforcement & Data Requests
Methodology: Requests are counted based on individual legal demands received by Trustname during the reporting period. Multiple domains included in a single request are counted as one request. Informal inquiries that did not meet legal service requirements are excluded from the totals.
In the table below, we disclose the volume of requests handled during this reporting period.
Law Enforcement Requests by Country
| Country / Region | Number of Requests | Rejected | Data Disclosed |
| European Union | 0 | 0 | 0 |
| United Kingdom (UK) | 7 | 7 | 0 |
| Australia | 2 | 2 | 0 |
| United States | 153 | 153 | 0 |
| India | 4 | 4 | 0 |
| Others | 1 | 1 | 0 |
| Total | 172 | 171 | 0 |
Domain Suspensions by Category
| Country / Region | Number of Abuse Reports | Accepted & Investigated | Suspensions |
| DMCA, Copyright & Trademark Complaints | 286 | 0 | 0 |
| Phishing & Pharming | 120 | 5 | 0 |
| Malware, Botnets, Spam | 14 | 0 | 0 |
| Hijacking & Domain Name Dispute | 0 | 0 | 0 |
| Pharmacy Complaint | 4 | 0 | 0 |
| CSAM (Child Abuse) | 0 | 0 | 0 |
| Other Illegal Activities | 59 | 4 | 1* |
| Total | 483 | 9 | 1 * |
* In most cases, domain suspensions are triggered by the registry (for example, the operator of the .org TLD, the Public Interest Registry), not the registrar (Trustname). When clear evidence of DNS abuse is presented — such as phishing targeting banks or other financial institutions — the registry operator, rather than the registrar, may decide to take action by setting the domain to serverHold status. However, such cases are very rare.
Data Requests by Authority & Rejection Analysis
| Country / Region | Law Enforcement Agency | Typical Outcome / Most Common Reason for Rejection * |
|---|---|---|
| European Union | Europol | Redirected: Operational intelligence requests must be routed through a national authority and formal judicial order |
| Germany | Federal Criminal Police Office (Bundeskriminalamt – BKA) | Withdrawn: Request refiled through proper judicial process |
| Germany | State Police (Landespolizei) | Rejected: Procedural defects / incorrect legal service |
| France | National Gendarmerie (Gendarmerie Nationale) | Clarification requested: insufficient domain identifiers |
| Netherlands | National Police (Politie) | Redirected: registrar not hosting provider |
| Estonia | Police and Border Guard Board (Politsei- ja Piirivalveamet) | Withdrawn after clarification of registrar role |
| Estonia | Estonian Internal Security Service (KAPO) | Withdrawn: data not retained due to RAM-only logging |
| Netherlands | Fiscal Information and Investigation Service (FIOD) | Challenged: overly broad request scope |
| United Kingdom | National Crime Agency (NCA) | Rejected: invalid jurisdiction (MLAT required) |
| United Kingdom | Metropolitan Police Service (London) | Rejected: non-EU request lacking Estonian court validation |
| United Kingdom | Serious Fraud Office (SFO) | Redirected: request should target hosting provider |
| United States | Federal Bureau of Investigation (FBI) | Rejected: invalid jurisdiction under EU law / MLAT required |
| United States | Department of Justice (DOJ) | Rejected: extraterritorial demand under CLOUD Act |
| United States | Drug Enforcement Administration (DEA) | Rejected: non-EU request lacking MLAT process |
| United States | New York Police Department (NYPD) | Rejected: incorrect legal entity / jurisdiction |
| United States | California Department of Justice | Rejected: direct foreign request not recognized |
| Australia | Australian Federal Police (AFP) | Rejected: lack of MLAT authorization |
| Australia | Australian Criminal Intelligence Commission (ACIC) | Rejected: invalid jurisdiction |
| Australia | New South Wales Police Force | Rejected: exempt personal data under GDPR |
| India | Central Bureau of Investigation (CBI) | Rejected: overly broad request lacking specific domain identifiers |
| India | National Investigation Agency (NIA) | Rejected: request predates alleged activity |
| India | Enforcement Directorate (ED) | Rejected: incorrect legal entity named |
| India | Delhi Police Cyber Crime Unit | Rejected: procedural defects |
| India | Various State Cyber Crime Cells | Rejected: insufficient legal standard |
* To provide transparency without compromising ongoing investigations, the table below lists representative examples of requests received from law enforcement agencies and the most common reasons they were rejected or redirected.
4. Content Takedowns & Abuse Reports
Trustname is a fully ICANN-accredited domain name registrar providing secure domain registration and management services. It is important to distinguish the role of a registrar from that of a hosting provider: registrars are generally not the appropriate venue for addressing concerns regarding specific website content. Because any action taken by a registrar affects the entire domain, such measures are often disproportionate and ineffective for content-level disputes.
Consistent with our ICANN obligations and our commitment to a secure internet, Trustname takes swift action to mitigate technical abuse, such as phishing or malware distribution, originating from domains using our services, and CSAM. For trademark-based disputes, we strictly follow the ICANN Uniform Domain-Name Dispute Resolution Policy (UDRP), ensuring that all such matters are handled through established, transparent, and neutral arbitration channels.
Outside of these specific technical and trademark mandates, we maintain our "Safe Harbor" status, requiring a valid Estonian court order for any other domain-level interventions. This section covers reports regarding phishing, malware, and illegal content.
Total Abuse Reports Received: 483
Accepted & Investigated: 9
Action Taken (Domain Suspended): 1 (Other Illegal Activities)
Declined (no valid court order presented): 474
5. Privacy Safeguards
WHOIS Privacy: We provided redaction for 100% of eligible domain registrations.
Third-Party Sharing: Trustname shared data with 0 third-party advertisers or data brokers.
- Data Encryption: Technical privacy infrastructure, as explained below.
To minimize our data footprint and ensure that user information cannot be compromised even in the event of hardware seizure, Trustname employs the following technical safeguards:
A. RAM-Only Logging (Volatile Storage)
What it is: Our primary access and application logs are stored exclusively in volatile memory (RAM) rather than on permanent hard drives (SSD/HDD).
The Privacy Benefit: Because RAM requires power to retain data, all logs are automatically and permanently wiped upon any server reboot or power loss. This ensures that no long-term "trail" of user activity exists on our physical hardware.
Status: Enabled/Active across all European nodes.
B. Encrypted Database Backups (AES-256)
What it is: While active user data is strictly protected, our backup archives are encrypted using the Advanced Encryption Standard with 256-bit keys (AES-256).
The Privacy Benefit: Even if a backup file were intercepted during off-site transit, it remains cryptographically impossible to read without the master private keys, which are stored in a geographically separate, hardened Key Management System (KMS).
Status: 100% Encryption Coverage for all redundant data stores.
6. Warrant Canary
Status: ACTIVE
As of March 8, 2026 00:00 UTC, Trustname (Fewmoretaps OÜ) has received
ZERO National Security Letters;
ZERO Gag Orders;
ZERO secret warrants from any government agency.
We have NOT been required to build "backdoors" into our systems.
7. Analysis of Trends
In the last year, we have seen a 4% increase in invalid data requests. This confirms that our stance on European Data Sovereignty is effectively shielding our users from overreaching global surveillance.
8. Definitions & Grounds for Rejection
Trustname formally contested the legal demand before the competent authority or court. This may include requesting that the warrant be quashed, narrowed in scope, or modified to comply with applicable EU and Estonian law.
A request is classified as Clarification Requested when Trustname receives a legal demand that lacks sufficient detail to determine its validity or scope. In such cases, our legal team contacts the requesting authority to obtain additional information, such as specific domain identifiers, case references, or proof of judicial authorization. No user data is disclosed while the request remains under clarification.
A request is classified as No Data Available when Trustname does not possess the information requested by the authority. This may occur when: (1) The requested domain or account does not exist within Trustname’s systems. (2) The data requested is retained by another service provider (such as a hosting provider, CDN, or payment processor). (3) The requested logs or metadata are not retained due to Trustname’s RAM-only logging architecture, which automatically clears volatile operational logs upon server restart.
In such cases, the requesting authority is notified that Trustname does not hold the requested information.
The requesting authority withdrew the demand after Trustname requested clarification, identified procedural defects, or informed the authority that the request did not meet the required legal standard.
Trustname determined that the requested information is not controlled by the registrar. In such cases, authorities are advised to seek the data directly from the domain registrant, the relevant enterprise customer, or the hosting provider responsible for the website content.
A request is classified as Rejected when Trustname (Fewmoretaps OÜ) receives a formal legal demand but declines to disclose any user data or take the requested action. This occurs after our legal team performs a manual review and determines that the request fails to meet the legal requirements under Estonian or European Union law.
A request is rejected if it falls into one of these three categories:
a. Facial Invalidity
The request is defective on its face and cannot be processed due to formal errors.
Examples include:
The request is not signed or authorized by a judge or competent legal authority.
The request contains material factual errors (such as incorrect legal entity names, invalid case numbers, or non-existent domain identifiers).
The request was not properly served through an official legal channel and was instead delivered informally (for example, via email or social media).
b. Legal Deficiency
The request fails to satisfy the legal requirements necessary for Trustname to disclose protected user data.
Common reasons include:
- Invalid Jurisdiction: The request originates from a non-EU authority and has not been validated through the Mutual Legal Assistance Treaty (MLAT) process or an Estonian court order.
- Procedural Defects: The authority attempts to obtain protected user information using an insufficient legal instrument (for example, a low-level administrative request where a judicial warrant is required).
- Dual Criminality Failure: The alleged activity is not considered a criminal offense under Estonian or European Union law.
c. Substantive Overreach
The request is legally disproportionate or lacks sufficient justification.
Examples include:
- Overly Broad Requests: The authority seeks large amounts of data without specifying particular domains, accounts, or identifiers.
- Manifestly Unfounded Requests: The request appears to lack a legitimate investigative basis or may be intended for harassment, competitive intelligence gathering, or other improper purposes.
Transparency Report History
Trustname began publishing its Transparency Report starting with the second half of 2025 (H2 2025) in order to align with industry best practices and the growing global trend toward transparency among privacy-focused technology companies. Transparency Report Archive >
Law enforcement agencies seeking to submit a legally valid request may do so through our . For any other legal inquiries, please contact our legal team at: [email protected]