Government Access Request Policy
Purpose
This policy summarizes Cubic Compass Software's approach to government, law enforcement, regulatory, or public authority requests seeking access to customer data, personal data, or non-public company information.
Scope
This policy applies to Cubic Compass personnel, systems, services, and service providers that may receive or handle requests from government agencies, courts, law enforcement, regulators, or other public authorities.
Policy
Cubic Compass does not voluntarily provide government or public authorities with access to customer data or personal data except where required by applicable law, valid legal process, or a binding regulatory obligation.
Government access requests must be escalated to appropriate Security, Privacy, Legal, and business leadership for review before disclosure, unless immediate action is legally required.
Cubic Compass reviews requests for validity, scope, authority, and consistency with applicable law, customer agreements, and privacy commitments. Where appropriate and legally permitted, Cubic Compass may seek clarification, challenge overbroad requests, or request that the authority obtain the information directly from the customer.
Cubic Compass will notify the affected customer of a government access request where legally permitted and where notice is not prohibited by the request, court order, or applicable law.
Any disclosure must be limited to the minimum information reasonably required to comply with the valid legal obligation. Cubic Compass does not provide direct, unfettered, or bulk access to customer systems or data.
Requests and related responses must be handled as confidential information and documented in a manner appropriate to the sensitivity of the request and legal obligations.
If a service provider receives a government access request involving Cubic Compass or customer information, the provider is expected to notify Cubic Compass where legally permitted and consistent with applicable contractual commitments.
Exceptions
Exceptions require documented review by Security, Privacy, Legal, and business leadership unless prohibited by law or impossible due to an emergency legal requirement.
Review Cadence
This policy is reviewed at least annually and when Cubic Compass materially changes its privacy, legal request, vendor, or customer data handling practices.
Contact
Questions about this policy may be directed to info@cubiccompass.com.