A privacy-protecting communication service is a juicy target for many actors, including governments. The usual way for these entities to lay hands on user data is through legal means backed by force.
The problem with this, however, is that even if a request for data were morally justifiable, that judgement would be the government's to make, not ours. Spying on our users would therefore be left to government discretion alone. Thus, for us it's an all-or-nothing situation.
If we allowed ourselves to be persuaded into handing over user data, we would become a government surveillance tool, the very opposite of a privacy-protecting service. Therefore, we must – and do – make it impossible for us to fulfill any data request.
To achieve this goal, we use a multi-layered defense.
We collect no data
As detailed in our no logging data policy, we go to great length in order to not collect and store data about our users' activities and identities. As a result, there is simply no data to request, nor confiscate in the case of physical seizure of a server.
When governments do request data, we refer them to our policy and explain that we have no information to hand over.
We are based in a good jurisdiction
Our legal entity is in Sweden, where the law does not allow for any government to force us to spy on our users.
We are prepared to shut down the service
Should a government somehow succeed in legally forcing us to spy on our users, we will cease operation of our service in the affected jurisdiction and only resume it if the legal situation* has been remedied. Just as where no data can be revealed if it does not first exist, the service can't be used as a surveillance tool if it's not in operation.
*We retain lawyers to help us monitor the legal landscape in Sweden and keep us abreast of any developments. We also stay up to date on how to move critical parts of our business to other jurisdictions around the world, should we need to.