COMPLIANCE · LEGAL HOLD

Legal Hold — Transparent Data Preservation

When competent authorities request preservation, the process is transparent — the customer sees active holds in their own panel instantly. The entire process is recorded into the audit hash chain.

Process — in 4 steps

What happens when a court, prosecutor, or regulator issues a request:

  1. 01

    Legal request received

    A written data request from a court, prosecutor, or competent regulator (DPA, financial-crime unit, telecom regulator) reaches the SendNomi Compliance team. The request is checked for jurisdiction and legal basis.

  2. 02

    Legal hold created

    Tenant, scope (mailbox, domain, user set), date range and a generic preservation reason are written into the panel record. The action is anchored into the audit hash chain — the process itself becomes verifiable.

  3. 03

    Deletion and modification blocked

    Within scope, deletion requests (including GDPR Article 17 / KVKK Article 7 erasure rights), retention expiry, and export operations are halted. While the hold is active, the system physically protects the data.

  4. 04

    Customer notified in-panel

    The tenant sees an active hold banner in their own panel: scope, start date, and a generic reason category (e.g. "court order"). Specific case numbers remain confidential; the tenant is directed to legal counsel if needed.

Tenant visibility

From /settings/compliance/legal-hold in the panel, every tenant sees their own status. There are two states — a calm empty state and a clear amber alert.

  • Panel: Settings → Compliance → Legal Hold
  • No active hold: green empty state — "No active legal hold"
  • Active hold: amber warning banner — scope + date + generic reason
  • History tab: read-only record of closed holds
  • Specific case numbers / court details are never shared in-panel — relayed via legal channels
  • Every hold action is anchored to the audit hash chain — an extra transparency layer

Legal framework

SendNomi's posture when GDPR + KVKK obligations conflict:

  • GDPR Art. 17 Member-state data retention obligations override the right to erasure (Art. 17(3)(b)). SendNomi preserves the data in this case and notifies the customer.
  • KVKK Art. 7 When the data subject's "right to be forgotten" conflicts with a legal obligation, KVKK Article 7(2) gives priority to the obligation. Preservation continues and the customer is informed.
  • Audit trail Hold creation, scope extension, and removal — every action is written into the audit hash chain. The chain itself cannot be altered retroactively; the entire process is independently verifiable later.
  • Confidentiality The hold reason appears in-panel only as a generic category (e.g. "legal request", "regulator review"). Specific case information is relayed through legal channels.
Related features. Legal hold actions are recorded into the Audit Hash Chain — the process itself becomes retrospectively verifiable. The full enterprise security suite: Enterprise Security.
GET STARTED

Your first send within minutes.

Create your free account. No credit card required. 1,000 sends per month free.

Start free Talk to sales