e.PN Mobile App
Install
BN
Sign Up
Create an account or log in
Advertising cards already waiting for you
no-img
no-img API no-img Benefit no-img FAQ no-img Our conditions
no-img Help
no-img BN

e.PN Law Enforcement and Government Authorities Cooperation Policy

This Policy governs the lawful cooperation of the e.PN service with law enforcement and other government authorities in connection with requests for disclosure of information relating to users, their accounts and transactions.

The purpose of this Policy is to ensure compliance with applicable law, the principles of necessity and proportionality, as well as the protection of the rights and legitimate interests of users and third parties. This Policy is addressed exclusively to competent authorities; private individuals, lawyers, collection agencies and other commercial entities shall use customer support channels and are not covered by this document.

Cooperation is carried out in accordance with the laws of the Republic of Seychelles and, where applicable, international treaties. Requests from foreign authorities shall, as a general rule, be submitted through mutual legal assistance procedures (MLA/MLAT) via the designated central authorities, unless otherwise expressly permitted by law. The Company reserves the right to verify the competence of the requesting authority and the proper procedural form of the request.

All requests from competent authorities shall be submitted via the official e.PN communication channel with the subject line “Law Enforcement Request”. For service of official hard-copy documents, the following postal address shall be used: Digital Waves LTD., 306 Victoria House, Victoria, Mahe, Seychelles. The request must originate from an official domain of the authority and contain information on the responsible official, their department and contact details, as well as the case/file number.

A request shall include:
  1. The full name of the authority, contact details and the responsible official;
  2. The legal basis, including reference to the applicable law and type of procedural instrument;
  3. The case/file number, date of issuance, term of validity and territorial scope of the investigation;
  4. Identifiers of the data subject (at least one, preferably several), such as: e-mail address and phone number linked to the account, e.PN user identifier, virtual card details (last 4 digits only), transaction details (date/time (UTC)), amount, currency, MCC, merchant identifier, details of top-ups/withdrawals, cryptocurrency transactions (hash, wallet addresses), technical identifiers (IP address, device identifiers);
  5. A clear description of the data requested and a limited time period to which the request relates;
  6. Information on any prohibition on notifying the user (if applicable) and the preferred method of delivery of the materials.
The Company recognises the following procedural instruments and aligns the scope of disclosure accordingly:
  1. A lawful request (a “production order”) – basic account and account-related activity information within the limits allowed by law;
  2. A court order/judgment – an extended set of data, including certain historical logs and transaction information;
  3. A search and seizure warrant – access to protected data or compulsory disclosure, subject to procedural safeguards;
  4. Data preservation orders (“preservation”) – temporary preservation of specifically identified data;
  5. Emergency requests (“emergency disclosure”) – in situations of imminent threat to life and/or risk of serious bodily harm, supported by written confirmation from a responsible official.

The Company may request clarifications and may limit over-broad wording in order to comply with the principles of necessity and proportionality.

Depending on the product and the actual availability of records, the Company may hold:
  1. Account information (name/pseudonym, contact details, registration date, account status, information on consents);
  2. KYC/AML materials (documents provided, results of sanctions/PEP screenings, dates of verifications; access to copies of documents is granted only where there is a sufficient legal basis);
  3. Data relating to virtual cards (type, issuing partner, last 4 digits of the card number; access to full card details may be restricted by PCI DSS requirements and the policies of banking partners);
  4. Transactional data (authorisations and clearing records, date/time (UTC), amount, currency, MCC, merchant identifier, statuses, decline/chargeback codes, top-ups/withdrawals and refunds);
  5. Information on cryptocurrency transactions, where applicable (hash, addresses, routing metadata);
  6. Technical logs (IP addresses, user agents, auxiliary device identifiers, authentication records, risk-engine telemetry to a reasonable extent);
  7. Customer support materials (tickets, correspondence, attachments, where there is a sufficient legal basis).

The Company is not a messaging provider, does not store the “content of communications” between users and does not carry out covert geolocation tracking; location data may be present only indirectly in network logs.

Proportionality and Data Minimisation. The Company discloses only such data as is necessary for the stated purpose and within the specified time period. Authorities are requested to specify identifiers and the relevant period as precisely as possible.

User Notification. As a general rule, the Company’s policy is to notify the user of a request received, provided that such notification is not prohibited by law or a court order and does not create a risk of harm, destruction of evidence or interference with the investigation. Where permitted by law, notification may be delayed or not provided.

Emergency Requests. In the event of an imminent threat to life or serious bodily harm, an authorised official shall submit a request marked “EMERGENCY”, accompanied by written confirmation of the circumstances of the threat and the necessity of immediate disclosure. The Company gives priority to such requests and discloses the minimum amount of data necessary.

Processing Timeframes and Priorities. Requests are processed during the Company’s business hours (Monday to Friday, 09:00–18:00, UTC+3), excluding official holidays. Emergency requests are accepted 24/7 by e-mail with the appropriate marking. Where procedural deadlines are prescribed by law, the Company endeavours to comply with such deadlines or informs the authority of the need for an extension.

Cost Reimbursement. In cases provided for by applicable law, the Company may seek reimbursement of reasonable actual costs associated with the search, processing and transfer of materials. Information on the amount and procedure for reimbursement is provided upon request of the authority.

Clarification, Limitation or Refusal. The Company may request clarification, limit the scope of disclosure or refuse to comply where the request does not comply with applicable law, falls outside the competence of the authority, is excessively broad, lacks sufficient identifiers, or would infringe the rights and freedoms of data subjects without a proper legal basis. All requests and actions taken in relation thereto are recorded in the Company’s internal logs.

Final Provisions. This Policy may be updated from time to time; the current version is published on the e.pn website. This document does not amend user agreements or privacy policies and applies together with them insofar as it relates to interaction with government authorities. By submitting a request, the authority confirms its powers and its agreement to comply with the requirements of this Policy.