City of Hats - Exposure Intelligence Platform
πŸ“‹ Warrant Canary

Transparency Through
Architecture

We don't just promise privacy β€” we architect it so we have nothing to hand over. Our Warrant Canary is a public commitment to transparency, updated monthly.

CANARY ACTIVE β€” ALL CLEAR

City of Hats Warrant Canary Statement

  • City of Hats has not received any National Security Letters or FISA court orders.
  • City of Hats has not received any gag orders preventing disclosure of government data requests.
  • City of Hats has not been required to provide encryption keys, back doors, or decryption capabilities to any government agency.
  • City of Hats has not been subject to any searches or seizures of its servers, infrastructure, or user data.
  • No government or law enforcement agency has gained access to user content, keys, or metadata stored on our systems.
  • City of Hats has not modified its cryptographic protocols or infrastructure at the request of any third party.
Last Updated February 6, 2026
Next Update Due March 6, 2026
Update Frequency Monthly
Compliance GDPR Β· PDPA Β· HIPAA Β· SOC 2
Understanding Warrant Canaries

What Is a Warrant Canary?

A warrant canary is a transparency mechanism used by privacy-focused organizations to indirectly signal whether they have been compelled by a government to hand over user data.

🐦

How It Works

A company publishes a statement asserting it has not received secret government orders. If the statement is removed or stops being updated, it signals that a legal order may have been received β€” without directly violating a gag order.

πŸ“œ

Legal Basis

While governments can compel silence (via gag orders), they generally cannot compel someone to actively lie. By removing a truthful statement rather than making a false one, organizations can alert users within legal bounds.

πŸ””

What to Watch For

Check that the canary is updated on schedule. If the statement is removed, altered, or significantly delayed past its due date, treat it as a signal that the organization's hands may be tied.

πŸ›οΈ

Industry Standard

Major privacy platforms like Signal, Cloudflare, and Reddit have published warrant canaries. It's now considered a baseline expectation for any service that handles sensitive communications.

Architecture

Why Our Canary Is Different

Most warrant canaries are a promise. Ours is backed by a zero-knowledge architecture that makes compliance with data requests architecturally impossible.

Zero-Knowledge Architecture β€” Nothing Stored, Server Knows Nothing, Canary Active

Even with a warrant, there is nothing to hand over.

Our store-nothing architecture means the server holds only encrypted blobs with no keys, no identity mappings, and no plaintext. Here's what that means in practice:

πŸ”‘

No Encryption Keys on Server

All key generation and storage happens client-side. The server never possesses decryption keys for any user.

πŸ‘€

No Identity Data

Hat identities are not linked to phone numbers, emails, or any personal information. There's no user database to query.

πŸ’¬

No Message History

Messages are deleted from the server upon delivery. Dead Drops are destroyed after a single read. Nothing is retained.

πŸ“Š

No Metadata Logs

Sealed sender and encrypted headers mean the server doesn't log who talks to whom, when, or how often.

πŸ›‘οΈ

No Backdoor Capability

The cryptographic protocol is designed so that inserting a backdoor is architecturally impossible without breaking the entire system.

πŸ“‹

Client-Side Audit Only

Hash-chained audit logs exist only on the user's device. The server has no audit trail, activity log, or usage record.

Our Commitments

Privacy Principles

These aren't marketing claims β€” they are engineering constraints embedded in our architecture.

πŸ—οΈ

Privacy by Architecture

We don't rely on policies. The system is built so that even we cannot access user data. Technical enforcement, not legal promises.

πŸ“‰

Data Minimization

We collect the absolute minimum needed to route encrypted messages. No analytics, no tracking, no profiling. Compliant with GDPR, PDPA, HIPAA, and SOC 2 by design.

πŸ”

Radical Transparency

This canary is updated monthly. If you don't see an update on time, ask questions. We believe silence is a signal β€” and you should too.

🌍

Jurisdiction Awareness

Operating outside Five Eyes jurisdiction. Our store-nothing architecture ensures GDPR, PDPA, HIPAA, and SOC 2 alignment globally β€” because there's nothing to comply with.

🀝

No Third-Party Access

No third-party analytics, no CDN-side data collection, no advertising partners. Your communications touch only your device and our encrypted relay.

♻️

Continuous Verification

Client-side hash-chained audit logs allow you to independently verify that your cryptographic session has not been tampered with.

Trust the Architecture, Not the Promise

City of Hats is built so that even we cannot compromise your privacy. Start using Secure Channels today β€” no personal data required.

Launch Secure Channels → Request Enterprise Demo