Secure messaging app legal process
Mold, the secure and protected messenger, operates under the full jurisdiction of the United States and the State of California. We respond to all lawful requests in accordance with the law. We cooperate completely and entirely, promptly and in good faith.
We believe in the laws of America.
Mold was created in the United States, a country founded on the principle of freedom of speech as a fundamental right. The First Amendment protects the code we write. The laws we value and observe protect the people we serve. The most secure messaging app must operate where the law protects free expression.
The secure messaging app Mold is registered with the National Center for Missing & Exploited Children (NCMEC). Any use of a secure messenger for any criminal activity is strictly prohibited. We respond to all lawful requests in accordance with US law and provide everything we possess upon first request.
What Mold can provide.
Mold, as an encrypted messenger, is built on the principle of data minimization. Only what is technically necessary to deliver user messages is stored on our servers.
Mold ID, nickname (the unique username). Date and time of account creation. Date and time of last connection to the server. Encrypted conversations and a block of encrypted profile information (if the user has filled it in).
Protection of private correspondence is ensured by end-to-end encryption of message blocks awaiting their turn for delivery. As an encrypted messenger, we do not possess decryption keys. The internal content of user message blocks is mathematically inaccessible to us.
The system works on the basis of FCM tokens for message delivery notifications. These tokens do not contain message text; their task is only to send a wake-up signal to the client application. This is one more option in the security package for countries with a dictatorial regime.
Zero tolerance for crimes against children.
As an encrypted messaging app, Mold is registered with the National Center for Missing & Exploited Children (NCMEC) as an Electronic Service Provider. We report all detected violations of laws on child exploitation to the NCMEC CyberTipline hotline in accordance with 18 U.S.C. § 2258A.
A user report
Because this end to end encryption messenger uses E2E technology, we cannot proactively and preemptively scan the content of messages. However, when a user submits a complaint via the "Report" button in the application, their device sends us a moderation report with at least 20 messages of conversation context. Upon receiving such a report containing signs of CSAM, we immediately file a report with NCMEC via the CyberTipline and preserve all related data for at least one year, in accordance with the REPORT Act of 2024.
Our obligations
18 U.S.C. § 2258A requires the filing of a report upon actual detection of criminal activity. We perform this without reservation. This approach fully complies with the requirements of US law and is the standard for any encrypted messaging app.
Requests from foreign governments.
Mold is an American secure messaging app, subject directly to the laws of the United States and the State of California. We do not respond to requests from foreign governments. International requests must be directed through the proper legal channels of the United States.
Mutual Legal Assistance Treaties
Foreign governments may direct requests through their country's central authority to the US Department of Justice, Office of International Affairs (OIA). The US has entered into MLATs with more than 65 countries. The OIA reviews the request for legal sufficiency and issues an appropriate court act under US law.
Executive agreement framework
Under the CLOUD Act (Pub. L. 115-141), foreign governments eligible for executive agreements may issue requests directly to US providers regarding data on non-US persons. The US-UK agreement has been in effect since October 2022. All such agreements require independent oversight and protection of human rights in the requesting country.
All requests for user data are governed by US law
All requests from foreign governments must go through MLAT or CLOUD Act channels. These mechanisms include built-in safeguards for the protection of human rights and require independent oversight. We do not respond to direct requests from foreign governments. A court act from lawful US structures is the only lawful path to the data of users of the most secure messaging app.
Information for US law enforcement agencies.
Any request must contain
• The name and jurisdiction of the agency submitting the request
• Officer's name, badge/ID number, and title
• Official official email address
• Direct contact phone number
• Specific Mold account identifier (Mold ID or @username)
• Copy of the court act (subpoena, court order, or search warrant)
• Description of the investigation (non-classified portion)
• For international requests: MLAT or CLOUD Act documentation
Where to send requests
Email:
Contact form: Submit a request
Emergencies: For requests involving an imminent threat to life or serious physical harm, send them to the email address above with "EMERGENCY" in the subject line. We aim to respond to emergency requests within 1 hour.
Law and liberty.
We created this messenger for hidden communication, which does not require a VPN, a phone number, or personal data, because we believe: privacy of personal life and the rule of law are not in conflict. It is possible to defend freedom of speech and cooperate with law enforcement under US law. It is possible to create an end to end encryption messenger that protects people offended by their own state, without sheltering criminals.