“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”
That information is easily found with a web search, so there is no need to cast aspersions. It’s funded by Brian Acton’s “activist” funding (interest-free loans of $100 million+ total to Signal Foundation over the years). I’d guess Acton used it as a huge tax write-off the year he sold WhatsApp to Facebook.
Other revenue sources include voluntary user donations and grants from many free press organizations whose members rely on Signal. Some years they report positive net income, and other years they report negative.
Signal Foundation tax forms, which list all general revenue sources: https://projects.propublica.org/nonprofits/organizations/824506840
What Signal says about how they operate: https://signal.org/blog/signal-foundation/ https://signalfoundation.org/en/
Signal Privacy Policy: https://signal.org/legal/#privacy-policy
All the code, including what runs on their servers and in their apps, so you don’t need to take their word for anything. You can compile the signal client from source if you like: https://github.com/signalapp
Article which talks about their audit history (this is their weakest point. The full results of the audits Signal paid for were never published): https://restoreprivacy.com/secure-encrypted-messaging-apps/signal/
However, anybody can check for any spooky stuff in their code, so I doubt they would purposely try to hide anything untoward there.