Warrant canary and legal posture
What data we hold, how we respond to legal demands, and the jurisdiction framework that governs our operations. Updated periodically.
Canary statement
Current canary
As of 2026-06-01, AnubizHost affirms the following:
- We have not received any national security letters, FISA court orders, or other secret government demands for user data.
- We have not been ordered by any court to maintain silence about a government investigation.
- We have not been served with any gag order that prevents us from disclosing a legal demand.
- We have not been compelled to install any backdoor or monitoring capability in our infrastructure.
- We have not knowingly compromised the integrity of our servers or services at the request of any government.
This canary is updated periodically. If this canary is not updated, or if any of the above statements are removed or modified, assume the canary is dead and act accordingly.
Data minimization
What we hold - and what we do not
What we collect
- -Email address (for account and invoices)
- -Crypto payment transaction IDs (to confirm payment)
- -IP address used at registration and login (standard server logs, rotation allowed)
- -Service configuration choices (plan, location, OS)
- -Support ticket content (retained for dispute resolution)
What we do not collect
- -Government-issued ID documents or passport scans
- -Phone numbers or SMS verification records
- -Credit or debit card numbers or billing addresses
- -Physical address or real name
- -VPS traffic content or packet inspection data
- -Cryptocurrency wallet identity (beyond the transaction ID)
Jurisdiction
How legal requests work in our jurisdictions
Romania (primary operations)
AnubizHost's primary operations are based in Romania. Romanian law requires a Romanian court order for any compelled disclosure of user data or content. Requests from foreign governments - including US law enforcement or DMCA complaints - have no automatic legal force in Romania. They must be channeled through diplomatic mutual legal assistance treaty (MLAT) processes, which are slow and require the underlying matter to be an offense in Romania as well.
Iceland (second node)
Iceland operates strong free speech protections and has an independent judiciary. The country's legal framework actively protects press and information freedoms. Foreign requests follow similar MLAT processes and require dual criminality. Iceland is a separate geographic and legal jurisdiction from Romania - diversifying the legal exposure of the infrastructure.
DMCA requests
DMCA is a US statute with no automatic legal force outside US territory. When we receive a DMCA complaint, it goes through legal review rather than automatic compliance. If the content is hosted in Romania or Iceland and the underlying matter is not actionable under local law, the notice is rejected. Content that is clearly infringing and has no protected speech dimension is assessed on a case-by-case basis.
Abuse reports
We process abuse reports from network operators and organizations like Spamhaus, CERT, and similar bodies. Malware command-and-control, active phishing, botnet nodes, and CSAM are acted on quickly regardless of jurisdiction - those are not edge cases we debate. Everything else goes through review. Clients are notified of abuse reports where notification does not compromise an active investigation.
Infrastructure posture
What "no logs" means at the infrastructure level
AnubizHost does not perform deep packet inspection on customer traffic. We do not log the content of connections to or from customer servers. Standard network-level logs (bandwidth accounting, routing tables) are maintained for operational purposes but do not capture payload content.
What passes through your VPS is determined by what you run on it. We do not monitor server processes, file contents, or network destinations unless an active abuse investigation requires network-level diagnostics - in which case the scope is limited to what the investigation requires.
Server data lives on your disk, which is yours. We do not make copies of customer disk images without explicit request (e.g., for a backup service you have subscribed to). At end of service, disk contents are wiped.
For maximum operational security: encrypt your data at the application or disk level, use a VPN or Tor for your control plane connections, and choose a payment method (Monero) that does not leave a public on-chain identity trace. The infrastructure provides the jurisdiction protection; the opsec layer is yours to control.