Recent reports reveal that some companies are handing over user data when served with a subpoena by authorities. At Runbox we monitor this trend with concern and want to take the opportunity to make it clear that we will not disclose user data to anyone unless certain very specific and stringent criteria are met.
A subpoena, warrant or request from any government or foreign agency is not enough to meet our requirements. If an entity requests access to any user data, Runbox will by principle respond by requesting a Norwegian court order pursuant to the Norwegian Criminal Procedure Act before disclosing any information.
Read on to learn how Norwegian privacy law protects your data and why it’s your best defense.
Data Sovereignty
Your email data is stored on Runbox’ own physical servers in Norway, which means it’s protected by Norwegian law—not the laws of countries with weaker privacy standards. This principle of data sovereignty ensures that your email and personal information stay out of reach from foreign governments, intelligence agencies, and corporations that don’t respect your rights.
In some countries, a subpoena or a request from law enforcement such as a warrant can be enough to hand over your data. Not in Norway, and not at Runbox. Here, no one—including us—can bypass your rights as set forth in Norwegian law and our own Terms of Service.
This data sovereignty is how we protect you from fishing expeditions, mass surveillance, and unauthorized access.
Protected by Law
Norway has long been a leader in privacy protection, and was among the first countries in the world to establish a Personal Data Registers Act in 1978. Norway’s strict privacy laws are enforced by the Norwegian Data Protection Authority (Datatilsynet), an independent body that ensures companies like Runbox adhere to strict rules about how personal data is collected, stored, and processed.
Our country’s Personal Data Act also implements the EU’s General Data Protection Regulation (GDPR), which is widely regarded as the gold standard for data privacy—and Norway’s laws often go even further.
What does this mean for you? Your emails and personal information are protected by law—not just by our own company policy. Norwegian jurisdiction ensures that your data cannot be accessed or shared without your consent, unless required by a valid Norwegian court order, by Norwegian law, or as outlined in our Terms of Service.
It also means that we do not offer a safe haven for criminals. In the case of clear violations of Norwegian law or our Terms of Service, we will disclose data to the authorities in order to protect our company, our service, and our customers. But unlike other providers who might hand over user data even in cases when no crime is evident or when requests are legally questionable (such as an administrative subpoena which require no judicial oversight), we require a Norwegian court order regardless of where the request originated from.
Here’s the bottom line: If an agency or authority requests access to data from a law-abiding Runbox customer, they need a Norwegian court order.
Transparency and Accountability
We believe in transparency about how we handle your data. Our Privacy Policy and Terms of Service are designed to be clear and accessible, outlining exactly what data we collect (only what’s necessary to provide our service), how it’s used, and your rights as a user. We also publish a Transparency Report, detailing any requests for user data we receive—and how we respond to them.
Norwegian law and the EU’s General Data Protection Regulation require us to be accountable for your data. That means we can’t scan your emails for ads, sell your information, or use it for purposes you haven’t agreed to. It also means you have the right to request the deletion of your data, and we are legally obligated to comply.
Privacy as a Core Value
Privacy isn’t just a feature at Runbox—it’s part of the foundation of our service. We don’t use third-party tracking, we don’t store your data in the “cloud”, and we never share your information with advertisers or other companies. Our commitment to privacy is reflected in every decision we make, from our infrastructure to the policies we enforce.
In a world where digital surveillance and data misuse are increasingly common, Runbox offers a rare alternative: an email service that puts your privacy first, backed by the strongest legal protections available.
If you’re tired of companies that treat your privacy as an afterthought, consider giving Runbox a try.
Want to know more?