Transparency Report: secure messaging app
On this page, we publicly inform all our users about what was requested by U.S. government agencies over a certain period of time. In the language of American jurisprudence, this is called a transparency report.
Such a report shows what we provided to American services, and what, due to architecture, we could not provide. Our secure messaging app follows the highest standards of transparency adopted by leading American technology companies. The First Amendment to the Constitution of the United States protects our right to talk about these requests, and we exercise this right in full.
The first report is expected in July 2026
Mold has not yet been launched publicly. The data given below forms the structure of future reports of the encrypted messaging app and confirms that, prior to launch, no requests for data have been received from any U.S. jurisdiction. The first complete report will cover the period from the moment of public launch through June 30, 2026, and will be published in July 2026.
Frequency of transparency report publication: once every six months. The January report covers July through December of the preceding year. The July report covers January through June of the current year. All figures are fixed thirty days after the end of the period for record reconciliation and lawyer verification.
The numbers, today.
How a secure and protected messenger answers each lawful request.
American legislation provides a thoughtful and multi-level system of legal procedures, each of which requires a certain level of evidentiary basis and permits the disclosure of certain categories of data. This system, calibrated by decades of work by the Congress and the Federal courts of the United States, balances between the lawful needs of law enforcement and the constitutional rights of users. Our end to end encryption messenger executes every lawful request in full and as quickly as possible.
| Procedure | Legal basis | Received | Complied | Rejected |
|---|---|---|---|---|
| Subpoena | 18 U.S.C. § 2703(c)(2) | 0 | 0 | 0 |
| Court order | 18 U.S.C. § 2703(d) | 0 | 0 | 0 |
| Search warrant | 18 U.S.C. § 2703(a) | 0 | 0 | 0 |
| Traffic capture (Pen Register / Trap & Trace) | 18 U.S.C. §§ 3121-3127 | 0 | 0 | 0 |
| Data preservation request | 18 U.S.C. § 2703(f) | 0 | 0 | 0 |
| Emergency disclosure | 18 U.S.C. § 2702(b)(8) | 0 | 0 | 0 |
When the law asks, we hand it over.
The encrypted messenger Mold stores only the absolute minimum necessary for delivering messages between users. The categories listed below represent the complete list of data we are able to provide in response to a lawful request under U.S. law. We provide everything, promptly and in full.
Mold ID (a sequential public identifier), nickname, public cryptographic key of the user, date and time of account creation, date and time of last connection to the server. We also provide all available correspondence in encrypted form, including the personal profile data of the user.
Undelivered messages are stored on the server for the time the user has set themselves in the application settings. The contents are end-to-end encrypted using keys that exist exclusively on user devices. We provide the encrypted blocks.
Firebase Cloud Messaging tokens used to wake the application on the user's device. The tokens contain no message text, only a signal that pending changes have appeared in the application.
Zero tolerance for crimes against children.
The most secure messaging app Mold is registered with the National Center for Missing & Exploited Children (NCMEC) as an Electronic Service Provider and fully complies with 18 U.S.C. § 2258A and the REPORT Act of 2024. When a user reports a violation through the built-in complaint button in a chat with someone, we are required to review such a report. If it contains material falling under the federal child protection law, we file a report with NCMEC through CyberTipline, retain related data for at least one year, and assist any subsequent investigation without any reservations.
Prior to launch, no reports through the application have been received and no reports to CyberTipline have been filed. The figures below are updated with each reporting period.
Foreign requests only through the U.S. legal system.
The encrypted messenger Mold is registered in the United States and is subject to U.S. and California state law. Foreign governments requesting data are required to direct requests through channels established by American law, which provide independent judicial oversight and guarantees of compliance with human rights.
Mutual Legal Assistance Treaties
Foreign authorities may direct requests through their country's central authority to the U.S. Department of Justice, Office of International Affairs (OIA). The U.S. has concluded MLATs with more than sixty-five countries. The OIA reviews each request for legal sufficiency and, when necessary, obtains the corresponding American court act.
Executive agreement mechanism
Under the CLOUD Act of 2018 (Pub. L. 115-141), foreign governments that have entered into bilateral executive agreements with the United States are entitled to direct qualified requests directly. Each such agreement requires independent judicial oversight and confirmed respect for human rights in the requesting country. As an end to end encryption messenger operating under U.S. jurisdiction, Mold honors only such validated channels. The agreement between the United States and the United Kingdom has been in effect since October 2022.
Redirected to the U.S. legal system
Direct requests from foreign authorities outside the channels of MLAT and CLOUD Act are politely declined, and the requesting party is directed to the appropriate American legal process. We have no legal grounds to fulfill such requests, and U.S. law forbids us from doing so.
Preservation, restriction, and termination.
In addition to requests for data disclosure, we receive and execute requests to preserve account data, to restrict, and to terminate them. Each action of this encrypted messaging app is governed by a specific U.S. legal basis or by our Terms of Service and is reflected here in aggregate. Protection of private correspondence does not mean shielding violators of the law.
The complete archive.
Every transparency report we publish is preserved in PDF and CSV formats so that, historically, every entry can be examined, compared, and independently verified. As the most secure messaging app under U.S. law, we commit to storing every published report indefinitely.
Reports have not yet been published. The first report is scheduled for July 2026 and will cover the period from the moment of public launch through June 30, 2026.
Arithmetic does not lie.
Behind every figure on this page stand specific articles of the law, constitutional principles, and architectural decisions. The secure messaging app Mold is a messenger without a phone number that operates by the law, and not against it. Read our complete protocol for working with law enforcement.