Last Updated: September 23, 2021
In the course of our business, Snowflake may at some point receive requests from law enforcement or other government agencies for certain information about our customers or data that our customers upload to our cloud data platform for processing.
Should Snowflake ever receive a request for customer data from a U.S. or non-U.S. law enforcement or government agency, Snowflake will direct the requestor to contact the Snowflake customer directly to obtain the relevant data. If the requestor refuses to contact Snowflake’s customer directly for the data, Snowflake’s policy is to notify the customer of any such request unless legally prohibited from doing so, in which case we will use best efforts to request a waiver of the prohibition and will document that request. Snowflake will notify the customer once the prohibition expires or has been lifted with the aim of providing as much relevant information as reasonably possible. Snowflake maintains a transparency report that provides information on law enforcement and government requests received by Snowflake.
Snowflake will only disclose customer data or other custom information when required to do so in compliance with valid legal process. Snowflake’s Legal department will carefully review the legality of each such request and will challenge a request if we conclude there are reasonable grounds to consider it unlawful, including if we believe it is not (i) duly authorized by the proper officials, or (ii) legally valid in form and substance. For example, Snowflake will challenge a request that Snowflake considers to be inaccurate, overly broad, not issued by the proper authority or not properly signed. We will pursue possibilities of appeal under the same conditions. If Snowflake receives a such request from a non-U.S. law enforcement or government agency, Snowflake will only respond to established legal mechanisms, such as a Mutual Legal Assistance Treaty request, letters rogatory or a request by a qualifying foreign government as defined by the CLOUD Act, depending on the nature of the request.
When challenging a request, Snowflake will seek interim measures with a view to suspending the effects of the request until it has been decided on its merits. We will not disclose customer data or other information until required to do so under applicable law, in which case we will provide only the minimum amount of information based on our reasonable interpretation of the request.
As reflected in our Documentation, we encrypt the data that customers upload to our cloud data platform for processing. In addition, certain editions of the Snowflake service enable customers to manage their own encryption keys through a feature called Tri-Secret Secure described here.