Transparency & Warrant Canary
UnoLock is committed to transparency. This page contains our quarterly warrant canary statement and transparency reports disclosing government data requests, security incidents, and GDPR compliance metrics.
Current Warrant Canary Statement
As of November 2, 2025, Techsologic Inc. certifies that:
- We have NOT received any National Security Letters (NSLs) from any government agency
- We have NOT received any gag orders from any government agency
- We have NOT received any FISA court orders or similar secret warrants
- We have NOT been compelled to modify our code, systems, or services to enable government surveillance
- We have NOT been subject to any warrant canary gag orders prohibiting this statement
- We have NOT disclosed any user data to any government agency
- We have NOT provided any encryption keys or backdoor access to any third party
Important: This statement will be updated quarterly. If this statement is not updated on schedule, or if specific items are removed, you should assume we have received such requests and are legally prohibited from disclosing them.
Quarterly Transparency Reports
Q4 2025 (October - December 2025)
Published: November 2, 2025
| Government Data Requests: | 0 |
| User Data Disclosed: | 0 bytes |
| Security Incidents: | 0 |
| GDPR Subject Requests: | 0 |
| Uptime: | 99.9% |
Future quarterly reports (Q1 2026, Q2 2026, etc.) will be added here as they are published.
Zero-Knowledge Protection
UnoLock's zero-knowledge architecture means we mathematically cannot access your vault data, even if compelled by court order.
What We CANNOT Provide (Even Under Legal Compulsion)
- Your vault contents (encrypted client-side with AES-256-GCM)
- Your master password (never transmitted to our servers)
- Your encryption keys (generated on your device, never leave your device)
- Your stored passwords, notes, or payment cards
- Historical login data older than 72 hours (automatically purged)
What We CAN Provide (If Legally Compelled)
- Support Request email address (if voluntarily provided for support)
- Payment metadata (via Stripe - billing email, last 4 of card, dates)
- Account creation date
- Last login timestamp (only if within past 72 hours)
- IP address (only if within past 72 hours)
- Subscription status (active/cancelled)
Bottom Line: Even if we wanted to comply with a government request for your vault contents, it is cryptographically impossible. This is not a policy choice—it's a mathematical guarantee.
Full Q4 2025 Transparency Report
Government & Law Enforcement Requests
| Request Type | Requests Received | Accounts Affected | Data Disclosed |
|---|---|---|---|
| Government Data Requests (Canada) | 0 | 0 | No |
| Government Data Requests (USA) | 0 | 0 | No |
| Government Data Requests (EU) | 0 | 0 | No |
| Government Data Requests (Other) | 0 | 0 | No |
| Law Enforcement Requests | 0 | 0 | No |
| Emergency Disclosure Requests | 0 | 0 | No |
| National Security Letters (NSLs) | 0 | 0 | No |
| FISA Court Orders | 0 | 0 | No |
| Preservation Requests | 0 | 0 | No |
| Takedown Notices (DMCA, etc.) | 0 | 0 | No |
| TOTAL | 0 | 0 | 0 bytes |
Security Incident Disclosures
| Incident Type | Count | Details |
|---|---|---|
| Data Breaches | 0 | No data breaches occurred during this period |
| Unauthorized Access Attempts | 0 | No successful unauthorized access to user accounts |
| Service Disruptions (>1 hour) | 0 | No significant outages |
| Vulnerabilities Disclosed | 0 | No security vulnerabilities reported via security@unolock.com |
GDPR Data Subject Requests
| Request Type | Requests Received | Fulfilled | Avg. Response Time |
|---|---|---|---|
| Right to Access (Article 15) | 0 | 0 | N/A |
| Right to Rectification (Article 16) | 0 | 0 | N/A |
| Right to Erasure (Article 17) | 0 | 0 | N/A |
| Right to Data Portability (Article 20) | 0 | 0 | N/A |
| Right to Object (Article 21) | 0 | 0 | N/A |
Policy & Subprocessor Changes
| Change Type | Description | Date |
|---|---|---|
| Privacy Policy | Updated support communication clarification, tiered SLAs | Nov 2, 2025 |
| GDPR Policy | Added EU Representative (Max Böhm), complete subprocessor list | Nov 2, 2025 |
| Security Policy | Added vulnerability disclosure program (Section 1.12) | Nov 2, 2025 |
| Data Retention Policy | Added Section 1.6 documenting 72-hour log purge | Nov 2, 2025 |
| Subprocessors | No changes to subprocessors this period | N/A |
Questions About This Report?
General Inquiries: support@unolock.com
Security Reports: security@unolock.com (PGP encouraged - public key)
EU Representative:
Max Böhm
max@techsologic.com
Winterstrasse 4, 22765 Hamburg, Germany
Canadian Data Protection Officer:
support@unolock.com
150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada
Report Archive
- Q4 2025: Current Report
- Q1 2026: Coming February 1, 2026
- Q2 2026: Coming May 1, 2026
- Q3 2026: Coming August 1, 2026
Last Updated: November 2, 2025
Next Update: February 1, 2026 (Q1 2026 Report)
Report Version: 1.0.0