Transparency report
A privacy company that won't tell you about the legal pressure it faces is asking you to take a lot on trust. So here is ours, in full: every category of legal order we have received since we opened in 2021, how many we pushed back on, and what we actually handed over. We publish this report every six months. The numbers are small, because we are small - around 12,000 mailboxes across two Swiss datacentres - but we would rather show you small, honest numbers than none at all.
How the law reaches us
Scroogle Mail AG is a Swiss company, and Swiss law is the only law that can compel us to do anything. A Swiss court or prosecutor can order us to produce data through Swiss legal process, and when a valid order arrives, we comply - saying otherwise would be a lie, and any provider who tells you they are "immune" to their own courts is selling you something.
Foreign authorities are a different matter. Under Article 271 of the Swiss Criminal Code, it is a criminal offence to carry out acts for a foreign state on Swiss soil without authorisation - which means a police force or agency outside Switzerland cannot demand your data from us directly. They must go through Swiss mutual legal assistance, where a Swiss authority reviews the request against Swiss law and Swiss standards before anything happens. Requests sent to us directly from abroad are declined and redirected to that process. Every one of them is counted in this report.
The second half of the story is architecture, not law. Because your mailbox is protected by zero-access encryption, what we can produce under a valid order is almost nothing: encrypted blobs we cannot decrypt, plus the minimal account metadata we need to run the service - plan, billing state, signup date, and access logs that we delete after three days. We cannot hand over message content, because we cannot read it. That is not a policy we could quietly change under pressure; it is how the system is built.
Legal orders we received
The table below counts every binding order from a Swiss authority, including those that originated abroad and reached us via mutual legal assistance. "Contested" means we formally challenged the order's scope or validity; "complied with" means we produced something, however little, in response.
| Year | Legal orders received | Contested | Complied with |
|---|---|---|---|
| 2022 | 3 | 1 | 2 |
| 2023 | 7 | 2 | 5 |
| 2024 | 14 | 4 | 10 |
| 2025 | 26 | 6 | 19 |
A contested order can still end in disclosure: if a Swiss court upholds it, we comply, and it is counted in both columns. The orders we did not comply with were either withdrawn, narrowed to nothing, or rejected as formally defective.
The growth year on year is what you would expect: our mailbox count roughly doubled over the same period, and authorities have become more aware that we exist. We would be more worried by numbers that stayed suspiciously flat.
What we handed over in 2025
Of the 26 orders received in 2025, we complied with 19. Broken down by what was actually sought and produced:
| Type of order | Complied with | What that meant in practice |
|---|---|---|
| Subscriber information | 11 | Account existence, signup date, plan and billing state. We do not require a name or postal address at signup, so often there was little to give. |
| Metadata / traffic data | 5 | Access logs where they still existed. We keep them for 3 days, so most of what was asked for had already been deleted. |
| Real-time interception | 1 | One lawful interception order, executed as required. Mail between Scroogle Mail users is end-to-end encrypted, so what could be captured was ciphertext and routing data. |
| Account freeze / preservation | 2 | Accounts preserved in their encrypted state pending further process. Preservation does not give anyone the ability to read them. |
Every order is checked by our lawyers for formal correctness before we act. We notify affected users where the law allows; in 2025 we were barred from notification in a minority of cases by non-disclosure periods attached to the orders themselves, and we notify as soon as those periods lapse.
Warrant canary
Some legal instruments arrive with gag provisions. A warrant canary works in reverse: we state what has not happened, and if a statement below ever stops being true, we remove it rather than lie. Watch this section, not our press releases. It is a blunt instrument, but a useful one.
Canary statement - 2 July 2026
As of 2 July 2026, Scroogle Mail AG has never:
- received a secret order that we are gagged from disclosing the existence of in this report;
- received a request to insert a backdoor into, or otherwise weaken, our encryption;
- disclosed encryption keys to any party;
- been compelled to modify our systems to enable surveillance of our users.
Affirmed by Matthias Keller (CEO) and Nadia Furrer (CTO), Zurich, 2 July 2026.
Open data
For how we handle personal data day to day, read our privacy policy. For how the encryption behind these numbers actually works, read our security model. Suspected abuse of the service is handled separately - see reporting abuse.
Privacy you can check, not just believe.
Zero-access encryption means the strongest line in this report is the one about what we cannot produce. That protection starts the minute you sign up.
Get Scroogle Mail