Signal vs Samsung

Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encryption is architectural, not a promise — but it requires a real phone number to register, is subject to US law, and its privacy policy is conspicuously sparse: it hasn't been substantively updated since 2018 and lacks the specific retention periods, GDPR rights, or DPO contact that more thorough policies provide.

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.