Law Enforcement Request Policy
Effective date: 16 July 2026 · Last updated: 16 July 2026 · Version 2
Last updated: 14 July 2026 · Version 2
This policy of Spacelinkers Infotech Private Limited governs demands for user data, content removal, and preservation from police, courts, and government agencies, balancing legal compliance against our users' privacy rights under the DPDP Act, 2023.
1. Valid requests
Requests must: be in writing from an official email domain or letterhead; identify the requesting officer, designation and agency; cite the specific legal authority (e.g., BNSS/CrPC provisions, IT Act §69A/§79/§91-equivalents, court order, DPDP Board direction); identify the user, listing (STL-code), or data sought with reasonable particularity; and state the connection to the matter under investigation. Send to the Grievance Officer (info@spacelinkers.com), subject "Law Enforcement Request".
Foreign authorities must proceed via MLAT or letters rogatory through Indian authorities unless Indian law provides otherwise.
2. Our handling
- Authenticity is verified before any disclosure (call-back to official numbers where in doubt).
- Minimisation: we disclose only the data the instrument legally compels; overbroad requests are narrowed or declined with reasons.
- Emergency exception: where there is an imminent threat to life or safety, we act on verified emergency requests immediately, requiring written confirmation within 48 hours.
- User notice: we notify affected users of requests concerning them unless the law prohibits it or notice would endanger a person or an investigation.
- Every request, decision, and disclosure is recorded in tamper-evident audit logs and retained per the Data Retention Policy.
3. Content removal
Blocking/removal orders under IT Act §69A and takedowns under the IT Rules, 2021 are honoured within mandated timelines after verification (see also the Content Moderation Policy). Where the order permits, the uploader is informed.
4. Preservation
On a valid preservation request, we preserve the identified data for 90 days, renewable once for a further 90 days, pending legal process for disclosure.
5. What we can and cannot produce
We hold the data classes listed in the Privacy Policy and Data Retention Policy — account details, listings, contact/lead records, consent and audit records, IP/user-agent logs. We do not hold: passwords (authentication is passwordless via Google/OTP links), payment-instrument credentials, or message content beyond what the Platform stores.
Version 2 · Effective 16 July 2026 · Questions about this policy? See the Grievance Redressal Policy or contact us.