Guide for Law Enforcement: Requesting User Information from Ko-fi

We take privacy and legal compliance seriously at Ko-fi. If you're a law enforcement agent seeking information about a user, please follow the steps below.

How to Submit a Legal Request

1. Fill in our form here.
2. In the 'Query Type' field, select 'Request from law enforcement' (under 'Policies & Requests').

UK Law Enforcement Requests

Ko-fi is a UK-based company. Requests from UK law enforcement authorities for disclosure of personal data must be supported by a valid UK legal basis - for example, a court order, warrant, or a statutory notice.

Requests should include:

• The applicable legal authority
• The specific data being requested
• Any relevant time frames or urgency

International Law Enforcement Requests

All requests from law enforcement authorities outside the UK for disclosure of personal data must have obtained a UK court order or have submitted the request through the appropriate Mutual Legal Assistance (MLA) process. We cannot disclose user data directly in response to international requests in any other circumstances.

This requirement applies to:

• Information requests
• Preservation requests
• Emergency or urgent requests

Emergency Requests

If your request relates to an imminent risk of death or serious physical harm, please indicate that it is an emergency when submitting your request.

• Ko-fi will preserve relevant data immediately upon receipt of a valid emergency request.
• Preservation does not constitute disclosure of data.

For international emergency requests for disclosure of personal data, the MLA process or a UK court order still applies.

Ko-fi and Know Your Customer (KYC) Information

Unlike many other services, Ko-fi does not process payments directly. Instead, the supporter (buyer) pays the creator (seller) directly through the creator’s own Stripe or PayPal. As a result, Ko-fi is not responsible for collecting Know Your Customer (KYC) information. We do collect some basic details during a user’s interaction with Ko-fi, but please be aware that most financial or identity data is held by payment processors, not Ko-fi.

Notification of the User

Under UK GDPR, Ko-fi is required to notify users when their personal data is requested by law enforcement.

We will only withhold user notification where valid legal documentation expressly requires non-disclosure on the grounds that notification would prejudice or obstruct an investigation, in line with applicable data protection law exemptions.

Instructions to delay or prevent user notification must be included within the formal legal instrument and supported by a recognised legal basis. Informal requests or instructions provided outside of valid legal documentation will not be acted upon.

Requests for Account Action

Law enforcement requests may ask Ko-fi to restrict, suspend, or disable a user account as part of a lawful process.

Where an account action is requested for reasons external to the content or account activity itself, we will assess the request strictly as a matter of legal compliance, rather than under its standard content moderation processes.

If the legal documentation lawfully requires:

• non-disclosure to the user, or
• limitations on the information that may be communicated to the user,

Ko-fi will comply with those requirements. In such cases, we will not generate policy-based justifications or explanatory notices that could conflict with the legal obligation or investigative integrity.

What Happens Next?

Once we receive your completed request, our team will review it to confirm legal validity and jurisdictional requirements. We may follow up if further information is needed.

If the request meets the applicable legal standards, Ko-fi will disclose any information we are legally permitted to share and only the specific information, as available, that has been outlined in the request.