▸ Compliance and Applicable Law
Quad9 operates under a finding of law by the Swiss Post and Telecommunications Surveillance Service that the Swiss Federal Act on the Surveillance of Post and Telecommunications (SPTA; SR 780.1) does not apply to Quad9, and that Quad9 therefore is not required to fulfill any obligations under the SPTA and its implementing ordinances. These would otherwise include obligations of data collection and retention for use by Swiss law enforcement and intelligence authorities.
Quad9 operates under a finding of law by the Swiss Federal Office of Communications that Quad9 is not a "telecommunications service" as defined by the Swiss Telecommunications Act (TCA, SR 784.10), and that Quad9 therefore is not required to fulfill applicable obligations under the TCA and its implementing ordinances. These would otherwise include "know your customer" ("KYC") obligations.
Switzerland does not have any other laws which would allow the Swiss government to compel Quad9 to collect personal data, nor does Swiss law allow the Swiss government to compel Quad9 to secrecy regarding its actions or compliance with the law.
Countries other than Switzerland may assert legal authority to compel Quad9 to produce personal information, but enforcement of any such request must be enacted through a Mutal Legal Assistance Treaty (MLAT) request directed to the Swiss Federal Office of Justice, which must first assess the request for compliance with standards of human rights, and then must assess whether the requested action can be effected through the action of Swiss law. Given the above findings of law, there may be no such mechanism available. Furthermore, Quad9 does not collect personal information, and is thus not in possession of it, and is therefore unable to provide it. Please see ourtransparency policy for details of any such requests received by Quad9.
Quad9 regards Internet Protocol ("IP") addresses associated with its users to be Personally Identifiable Information ("PII"). Quad9 uses the union of the definitions of PII contained in Swiss law (Article 3 (a) FADP), United States Law (2 CFR § 200.79) and European Union law (Article 4(1) GDPR), with the definition which extends the greatest protection to the user controlling in the event of any conflict between the three, and we extend that most stringent protection to all of Quad9's users, regardless of their citizenship or domicile.