We cooperate with the law.
Within what's possible.
Citerius Holdings LLC is a Wyoming-registered company operating alaivOS. We comply with all valid legal requests from US courts and law enforcement agencies. This page explains the technical reality of what we are and are not capable of producing.
The Technical Reality
alaivOS is built on a local-first, zero-access architecture. User data — including messages, notes, health information, financial records, AI conversations, and personal content — is stored on the user's device and encrypted end-to-end. We do not hold decryption keys. It is technically impossible for us to produce this data even if ordered to by a court.
This is not a policy choice. It is a mathematical and engineering reality enforced by the Signal Protocol and our device-local architecture. The following response reflects what Signal Messenger established as precedent when served with similar demands: we can only provide data we actually possess.
What We Can Provide
In response to a valid US court order, subpoena, or search warrant, Citerius Holdings LLC can produce the following limited metadata:
| Data Category | Availability | Notes |
|---|---|---|
| Account email address | Available | The email registered to the account |
| Account creation date | Available | Unix timestamp of account creation |
| Last server connection date | Available | Timestamp of last connection to our servers |
| Subscription tier and status | Available | Current plan level and billing status |
| Device identifiers | Available | If retained in our systems at time of request |
What We Cannot Provide
The following data is technically impossible to produce, regardless of the legal instrument presented:
| Data Category | Availability | Reason |
|---|---|---|
| Message content (Streams) | Impossible | End-to-end encrypted via Signal Protocol; no decryption keys exist on our servers |
| Notes and journal entries | Impossible | Stored locally on device; never transmitted to our servers |
| Health and wellness data | Impossible | Device-only; never transmitted to or stored on our servers |
| Financial data and transactions | Impossible | Device-only; never transmitted to or stored on our servers |
| AI conversations with Laiv | Impossible | Processed locally; not retained on our servers |
| Photos and media | Impossible | Device-only; never transmitted to our servers |
| Calendar and contacts | Impossible | Device-only; never transmitted to our servers |
| Decrypted cloud sync data | Impossible | Encrypted before leaving device; we do not hold decryption keys |
Demanding that we produce encrypted data in decrypted form is equivalent to demanding we break AES-256-GCM encryption — a task requiring computational resources exceeding what currently exists. We will formally respond to any such demand explaining this technical impossibility and, where appropriate, file a motion to quash the overreaching portions of the order.
Jurisdiction
Citerius Holdings LLC is incorporated under the laws of Wyoming, USA. We are subject to US federal law and Wyoming state law only.
Foreign law enforcement requests: We do not respond directly to requests from foreign government agencies or law enforcement bodies outside the United States. Foreign authorities must route requests through established Mutual Legal Assistance Treaty (MLAT) channels with the US Department of Justice. We will comply only if a valid US federal court order is issued as a result of an approved MLAT request.
Our Response Process
- Receipt and verification — We verify the authenticity and legal validity of the request, including whether the correct legal instrument is being used (subpoena vs. warrant).
- Scope assessment — We assess the request against the technical reality of our architecture.
- User notification — Unless legally prohibited by a valid non-disclosure order, we will notify the targeted user prior to producing any data, allowing them to seek legal counsel.
- Challenge if warranted — If the request seeks data we technically cannot produce or exceeds legal bounds, we will file a motion to quash the relevant portions.
- Minimal production — We produce only the bare minimum data legally required and technically possible.
- Documentation — All requests are logged for inclusion in future transparency reports.
Our standard response time is 14 business days from receipt of a verified legal instrument. Emergency exceptions may apply in circumstances involving imminent threat to life.
Backdoor Demands
We will refuse any demand to build a backdoor, implement client-side scanning, weaken our encryption, or provide exceptional access to user data. Such demands are technically impossible to implement without fundamentally rebuilding the application and compromising the security of all users.
If ordered to implement such capabilities, we will challenge the order in US federal court, seek a stay pending appeal, and make our legal position public to the extent permitted by law.
How to Submit a Legal Request
All legal requests must be submitted via email with official documentation attached. Informal requests, police reports without legal instruments, or requests from non-authorized parties will not be processed.
Warrant Canary
We maintain a cryptographically signed warrant canary at alaivos.com/canary. It is updated every 30 days and affirms that we have not received any National Security Letters, FISA orders, gag orders, demands for backdoors, or compelled encryption key disclosures. If the canary is not updated or is removed, users may infer that a secret government order has been served.