-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

BitVPS Ltd — Warrant Canary
Week  : W20-2026
Signed: 2026-05-11 (Monday)
Period: 2026-05-04 through 2026-05-10 inclusive (UTC)

STATEMENTS

1. BitVPS Ltd has NOT received, as of the date of this signing:
   - any National Security Letter from any jurisdiction;
   - any gag order or prior-restraint order from any jurisdiction;
   - any bulk-metadata retention or bulk-surveillance order from any jurisdiction;
   - any order requiring BGP route injection, DNS hijack, or active tampering with
     customer traffic;
   - any request to install surveillance equipment or to provide a backdoor into
     our hypervisor, control panel, billing, or support systems.

2. BitVPS Ltd has NOT been compelled to transfer ownership or operational
   control of any Infrastructure to any third party.

3. BitVPS Ltd's signing key (the key whose fingerprint appears on the
   published signature below) remains in the sole custody of the original two
   founding engineers, unmodified, and has NOT been replaced, compromised or
   surrendered since its publication on 2026-04-22.

AGGREGATE REPORTING (period 2026-05-04 to 2026-05-10 UTC)

- - DMCA-style take-down notices received .............. 141
- - DMCA-style take-down notices actioned ..............   0    (see /dmca)
- - Court orders received (Saint Kitts and Nevis) ......   0
- - Court orders received (Iceland) ....................   0
- - Court orders received (Netherlands) ................   0
- - Court orders received (Romania) ....................   0
- - Court orders received (Switzerland) ................   0
- - Court orders complied with .........................   0    (narrow scope)
- - Abuse reports received (all categories) ............ 279
- - Abuse reports actioned .............................  2    (see /abuse)

NOTE ON ABUSE ACTIONING

Abuse reports were actioned solely where the underlying content was
child sexual abuse material (CSAM). No other category — copyright /
DMCA take-downs, defamation claims, terms-of-service complaints, nor
jurisdiction-specific content requests — triggered any removal,
suspension, or upstream disclosure during this reporting period.

NEXT SIGNING

This canary is renewed every Monday. The next signing is scheduled for
2026-05-18. If no successor signature has appeared by 2026-05-25 (14 days after
this one) and no publicly-announced infrastructure incident explains the delay,
assume something material has changed and act accordingly.

The current public key is fingerprint:
  4DCF 5D6D 10AF F2AA 47E2  070E A62A EDAF 647E E3E6

Archived signed statements are available under /canary/archive/.

- -- BitVPS Ltd
   security@bitvps.io
   Charlestown, Saint Kitts and Nevis
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQRNz11tEK/yqkfiBw6mKu2vZH7j5gUCagFD9wAKCRCmKu2vZH7j
5ikOAQCzQwe5jTV4qt8Vp0GH1CKo4lP/XNBDqOUSGitGSgbHtgD9Fc9HwCE9/pI8
wJR4CoNO3RaEcBGrEBq+/VNVZ5Yr8Q4=
=OWL7
-----END PGP SIGNATURE-----