What Information Do We Have?
NetGalley collects certain information from its members. The following is a summary of the information that we may collect and store.
- Basic account information, such as:
- Email address
- First Name, Last Name
- Website affiliations
- Preferred reading categories
- Professional affiliations
- Details about your usage history
More Information on Data Release and Retention
Before revealing any of this information to a party that is not the owner of the account or the publishers that you interact with, we require a validly issued subpoena, warrant, or court order that specifically requests your information unless we have a good faith belief that there is an emergency involving death or serious physical injury. We do not voluntarily provide governments with access to data about our members (private or public) for law enforcement, intelligence gathering, or other surveillance purposes. More information on our requirements for releasing private member information can be found below.
Requesting Private Information of NetGalley Members
Safeguarding our members private information is a vital aspect of the trust our members place in our service to keep them safe, and in some cases, anonymous.
NetGalley accounts can contain various information. This information is unverified and is provided at the member’s discretion.
If we find an ongoing violation of our policies or Terms of Service, we will address it per our usual procedure. This may or may not include contacting the member regarding their misconduct, removing content, or suspending the site entirely.
If we receive information indicating that someone is using our services to engage in crime where we are the victim, we will not inspect a member’s private content ourselves. Instead, we may report the matter to law enforcement.
Requests from Government Agencies/Law Enforcement
Except in emergencies (see more below), it is our policy to turn over private member information only upon receipt of a valid subpoena, search warrant, or Court order, in each case issued by a US authority, in compliance with the Federal Rules of Criminal Procedure, the Federal Rules of Civil Procedure, and/or California state law.
If these pieces of information are available, we can provide the first and last names, phone number, and the email address currently assigned to an account to government agencies/law enforcement upon receipt of a valid subpoena.
Except in emergencies, we require a court order or a warrant before providing information relating to a specific post or a specific review.
We require a warrant before disclosing content of member communications to government agencies/law enforcement. We also require a warrant before providing any non-public content information (such as private or draft post content, or pending comments).
Requests in Civil Cases
It is our policy to turn over private member information only upon receipt of either (1) a valid order from a US court, or (2) a subpoena served as part of an existing lawsuit that complies with Rule 45 of the Federal Rules of Civil Procedure and/or the California Discovery Act. Litigants should ensure that any such requests comply with the US SPEECH Act, 28 U.S.C. 4101 et seq.
Any request for specific review information must include the specific URL of each review. We will not provide any content information in response to civil orders or subpoenas, pursuant to the E.C.P.A.
Please note that we charge an administrative fee of USD $125/hour for compliance with validly issued and served civil subpoenas. We will bill for and collect this fee prior to furnishing information in response to a subpoena.
Emergency Requests from Government Agencies/Law Enforcement
As permitted by US law, we may disclose member information to the government or law enforcement, without a subpoena or warrant if we have a good faith belief that an emergency (imminent danger of death or serious physical injury) requires disclosure of information related to the emergency without delay. If you have an emergency request, contact our support team.
Notification to NetGalley Members and Transparency
We aim for total transparency with our members when requests or complaints affect their accounts, or information. It is our policy to notify members and provide them with a copy of any civil or government legal process regarding their account or site (including formal requests for private information), unless we are prohibited by law or court order from doing so. In those cases, we will notify members and provide them with a copy of the legal process when the prohibition expires.
If a request for information is valid, we will preserve the necessary information before informing the member. In most cases, upon notification to the member, that member will be provided with either 7 days or the amount of time before the information is due, whichever is later, during which time the member may attempt to quash or legally challenge the request. If, prior to the deadline, we receive notice from member that he or she intends to challenge a request, no information will be delivered until that process concludes. We also review the information requests received and may lodge our own challenge to the scope or validity of legal process received, on behalf of a member, whether or not the member pursues his/her own legal challenge.
As mentioned above, we notify members and provide them with a copy of any legal process regarding their account or site unless we are prohibited by law or court order from doing so. In those cases, we will notify members and provide them with a copy of the legal process when the prohibition expires.
In light of the October 19, 2017 DOJ guidance on nondisclosure orders, we request that you include a specific end date for the nondisclosure in any proposed order associated with this request that is no later than one year after the order.
If a legal request is formally withdrawn before information is provided as the result of a valid subpoena or search warrant, we will not notify the member if requested.
Enforcing Protection Orders Against NetGalley Members
NetGalley is not responsible for enforcing protection orders that apply to members on our service. If you represent a client with an active protection order that may apply to a NetGalley, please contact the appropriate court or law enforcement agency for assistance.
A Note on Back Doors, Encryption
We furnish member information to law enforcement agencies via the processes described in these legal guidelines. We do not provide access to member data through “back doors” in our systems.
Similarly, we support and promote encryption of member data. We encrypt all traffic (serve over SSL) for all NetGalley sites, by default.
Some governments have recently sought to weaken encryption, in the name of law enforcement. We disagree with these suggestions and do not believe that it’s feasible to include any deliberate security weaknesses or other back doors in encryption technologies, even if “only” for the benefit of law enforcement. As a wise man said, “there is no such thing as a vulnerability in technology that can only be used by nice people doing the right thing in accord with the rule of law.” We agree wholeheartedly.