Transparency

Warrant canary

A PGP-signed quarterly statement of truth. If this page disappears, fails to update on schedule, or its signature breaks, treat the canary as dead. Don't trust this page; verify it yourself.

Last signed: 2026-05-12
Next signing due: 2026-08-12
Signing fingerprint: AAB2 A06A E5F9 187B 9565 4584 C1B0 7D4D F41C B15F

Verify this canary ->

As of 2026-05-12, the ServerCrate team affirms:

01 No legal compulsion.

ServerCrate has never received a National Security Letter, FISA court order, gag order, or any classified request for user data, user metadata, or user identity information.

02 No backdoor.

ServerCrate has never been compelled by any government or law-enforcement agency to:

hand over user encryption keys (we don't have them by design);
modify our software or infrastructure to weaken encryption;
insert a backdoor of any kind into our service;
hand over plaintext customer data (architecturally impossible).

03 No surveillance partners.

ServerCrate has never shared user data with advertising networks, data brokers, third-party analytics services, or any external party for non-operational purposes. All analytics are self-hosted and never leave our infrastructure.

04 True zero-knowledge.

Customer data is encrypted client-side via Restic (AES-256) using a key only the customer holds. ServerCrate operators cannot read customer backups even with full root access to the underlying ZFS storage. This is enforced by the protocol, not by policy.

05 No coercion.

The ServerCrate team has not been replaced, coerced, or compromised in a manner that affects the truth of statements 1 through 4.

Proof this canary wasn't pre-generated

The reference block below pins this signing to after a specific Bitcoin block existed. A canary signed before that block's timestamp would be mathematically impossible to produce.

Bitcoin block height: 949033
Bitcoin block hash: 000000000000000000009f9dce9f7c9370b441b5aab4188956589d26dc4177dc

Cross-check at mempool.space, blockstream.info, or any Bitcoin node you control.

Verify yourself

Three steps. Two minutes. Anything less is just trust theater.

1Import our team key
```
curl -sL https://servercrate.net/pgp/servercrate-team.asc \
  | gpg --import
```
Then confirm the fingerprint matches what's on our PGP page and what's in this canary's status card.

2Fetch the signed statement

curl -O https://servercrate.net/warrant-canary/canary.asc

3Verify the signature
```
gpg --verify canary.asc
```
You want: Good signature from "ServerCrate Team ...". Anything else, bad signature, expired key, unknown key, treat the canary as dead.

The signed statement

The complete PGP-signed message below is what you verified above. It's reproduced here so you can compare byte-for-byte.

Full PGP-signed message

Open raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ServerCrate Warrant Canary - Statement of Truth

Issued: 2026-05-12
Next scheduled signing: on or before 2026-08-12

As of 2026-05-12, the ServerCrate team affirms each of the following
statements is true. We will not silently weaken any of them. If we
are ever compelled to do so, this entire canary will be removed
rather than altered. Silence is the signal.

  1. ServerCrate has NEVER received a National Security Letter, FISA
     court order, gag order, or any classified request for user data,
     user metadata, or user identity information.

  2. ServerCrate has NEVER been compelled by any government or
     law-enforcement agency to:
       (a) hand over user encryption keys (we do not have them by design);
       (b) modify our software or infrastructure to weaken encryption;
       (c) insert a backdoor of any kind into our service;
       (d) hand over plaintext customer data (architecturally impossible).

  3. ServerCrate has NEVER shared user data with advertising networks,
     data brokers, third-party analytics services, or any external
     party for non-operational purposes. All analytics are self-hosted
     and never leave our infrastructure.

  4. ServerCrate operates a true zero-knowledge architecture. Customer
     data is encrypted client-side via Restic (AES-256) using a key
     only the customer holds. ServerCrate operators cannot read
     customer backups even with full root access to the underlying
     ZFS storage.

  5. The ServerCrate team has not been replaced, coerced, or
     compromised in a manner that affects the truth of statements 1
     through 4.

Reference block (proves this canary was signed AFTER this Bitcoin
block existed, and therefore was not pre-generated):

  Bitcoin block height : 949033
  Bitcoin block hash   : 000000000000000000009f9dce9f7c9370b441b5aab4188956589d26dc4177dc

Signing key fingerprint:
  AAB2 A06A E5F9 187B 9565 4584 C1B0 7D4D F41C B15F

- - The ServerCrate team
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqrKgauX5GHuVZUWEwbB9TfQcsV8FAmoEKp4ACgkQwbB9TfQc
sV91bw/8DkLZij4ecFOO/xOTbG4rNPv4XGgboTuO3PFzR5uh9DupVRrAt/h6Mk/X
MD6sZNH4cbcogLLwz3WmPiDwdcFUBU0YMARg0f1qNa88i6Bn5AV5Cx+CJYqQPKdB
kR/EaXxAsgQdjcXILHL/SrMx8jdKcIotv54u2pODoUkH7nQrDNLWp71PHGTugFi6
NkNGOddQVBKPwcWGMGPu+TVoyW3Zt7l7Wh6lNKPgunUoy7CQbdOcr51vdmK+HSWq
AAnfzmaHyWIhDc5rs8pbm6RNoGmX6dc4LVYJiH8pgjnx8twRPnw6ZAh3jW69h68A
f96OY6g0R2A3X0cH1SgoNMJGRw1md/JPdionY5KKkP1+7kXKEdKSj/63+0bVRlMX
E+YFDiF8lqBB4IJV4HXPz6KJSuxnJHaCIZVX4aRDFAxmZvjccVlmlyXtJN9yb5gd
xlRDREMj2OYhw9KEX5XaijyIYipFutdZGVoHKu1ayZjbv4qSJDOeo/RVew/aAkM0
2XmlSP9WnCSHP6AU+yOAaTDZgdIP4HDoTNDXCTnOq6gpfipWudjothP3xtidHReh
CJba70pF4nQscLlzIFCRmFiJPYmMN6amyqZzbCDGWQbDyqypvGCrA4a0BYoMPU7Q
uWaA29L/NZZ9mkrSXC7IkI8hYtB9CWzQU4FL9TzsYGmbFb99q98=
=QZOb
-----END PGP SIGNATURE-----

What if the canary dies?

If this page is missing, the signature breaks, the signing date is more than 30 days past the next-due date, or the team key changes without a signed transition statement from the outgoing key, assume ServerCrate has been compromised.

Your backups remain yours regardless. By design:

Your repository is plain Restic format on standard SFTP. No proprietary container, no vendor wrapper.
Your encryption key is local to your machine; we never had it.
Point Restic at rsync.net, BorgBase, your own VPS, or any SFTP server. Same commands, same data.
Run restic snapshots against the new repo URL, it works because the format is open.

Read the full security model ->

Signed history

Previous canaries (signed, archived, timestamped):

2026-05-12 canary-2026-05-12.asc current

Each future signing is appended here so anyone can audit the entire chain from the team key's birth.