Canary is alive
Last updated: 2026-05-11 · Next update due: 2026-06-11
PGP-SIGNED STATEMENT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
VENDLY PRIVACY LABS — WARRANT CANARY
=====================================
Date: 2026-05-11
Next update due: 2026-06-11
As of the date above, Vendly Privacy Labs states:
1. We have never received a National Security Letter, FISA court order,
or any other classified or secret legal demand.
2. We have never been compelled to hand over user data, metadata, or
encryption keys to any government or law enforcement agency.
3. We have never installed any backdoor, wiretap, or covert surveillance
mechanism into any of our services.
4. We have never been gagged or restricted from disclosing a legal order.
5. We do not log IP addresses, usernames, message content, or any
identifying information across any of our tools. There is nothing
to hand over even if compelled.
This statement is updated monthly. If it is not updated within 35 days
of the date above, or if the PGP signature cannot be verified, assume
the canary is dead.
Signed by: vendlyprivacylabs <vendlyappio@proton.me>
Public key: https://vendlyprivacylabs.com/pgp.txt
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbztx8GiQ29gwg/z29li1KfwnDd8FAmoCAuQACgkQ9li1Kfwn
Dd8xCxAA1e0HHgYOhFrW/B4tQazH+HveLS826weHm2C2YSQJlAZMEQoMl4Bu5Hz0
0ZVJPwcDKqRXFjOHSg4hycTJicJb5KPjA64Kh1/1VYwCxohA0b3qSgMnGcIOEpBk
ZcFMMmD21L1yD9/r2Q5vt5rUVaSy5LHk6c19D4XteEkwb3e2XZt8eUKeJK0nRA6d
eS8xFw9Z4483l7cEZiwS1h6CQYmqCntmm5ZOl7EnmuyEb4+GY9H4lyWkIIDQmJ0i
Z40bmIYTdjS73p3bNSqvYiGXZn8XMnQDketvrUZDcAX5h4EVhpS12jsU2btjRJKD
zVJ7fENbWWQugNZAHw/IIFqPH0agRy1SDBV39vLYA2z+DKjq6Hz48Yr9gaPVDzuC
B5nhH5lUeS3A2HiD5OPjyRpL+6yAZuikx6h275BqBQyjDb7oLMtQtsQSyEE2MnO6
1oa7BUuj4KPFIMYVQ4exd2mnhRULvS1B16OMGlpHJ8uvJdr8SiColOyDG1WCmA3U
jQ0vJ+Iwi9lFR0HRrc9lPLYNBadsfw/Tri7UYGvyXkDwtyr8TcLkiepYJJcaK6sO
7/YYme2Mg2r8vlfMLd4HTwkWGT1IvrViTlMSpTxv+qiys/i06ckJlOI71kRi5lbH
7Mg23eAMAwUPIWOWH3ZXqU7J0GgLqyuMeoJYekapLzRSJWcUYtc=
=mRyO
-----END PGP SIGNATURE-----
KEY DETAILS
Identityvendlyprivacylabs <vendlyappio@proton.me>
Key IDFC270DDF
Fingerprint6B3B 71F0 6890 DBD8 3083 FCFB F658 B529 FC27 0DDF
Public keyvendlyprivacylabs.com/pgp.txt
Verify it yourself
Download the signed statement and verify the signature against our public key:
curl https://vendlyprivacylabs.com/pgp.txt | gpg --import
curl https://vendlyprivacylabs.com/canary.txt | gpg --verify
A valid signature means the statement is authentic and unmodified. If GPG says Good signature, the canary is alive.
What this means
→
Monthly updates. We re-sign and re-publish this statement every month. The date tells you exactly when it was last confirmed.
→
Silence is the warning. If this page stops updating, or the signature becomes invalid, assume something has changed. You don't need us to tell you — the absence of the update is itself the signal.
→
We can't fake a valid signature. The statement is cryptographically signed with our private key. Any modification — even a single character — breaks the signature and GPG will reject it.
→
Even if compelled, there's nothing to give. We don't log IPs, usernames, or content. A court order against us produces nothing of value because we designed our tools that way from day one.