Yes.
No matter if it's plaintext, hash or encrypted information, or if it's data, credentials and/or payload(s), companies must comply with the law "Required disclosure of customer communications or records" (18 U.S. Code § 2703) (if you are reading this from another country, please note that this answer only applies with American-based entities and civilians—laws are quite similar for most countries).
Even if the servers are located elsewhere the United States Department of Justice will still require the data.
Wiki: The servers store registered users' phone numbers, public key material and push tokens which are necessary for setting up calls and transmitting messages. In order to determine which contacts are also Signal users, cryptographic hashes of the user's contact numbers are periodically transmitted to the server. The server then checks to see if those match any of the SHA256 hashes of registered users and tells the client if any matches are found. The hashed numbers are thereafter discarded from the server
Related:
Legal: Account Information. You register a phone number when you create a Signal account. Phone numbers are used to provide our Services to you and other Signal users. You may optionally add other information to your account, such as a profile name and profile picture. This information is end-to-end encrypted.
Profile: The most straightforward way to enable this feature would be to delegate responsibility elsewhere for the core profile functionality. Clients could simply upload an image and their chosen name to a remote server. The server would then store this plaintext data, expose a basic profile API, and act as the arbiter for any other clients who request profiles for other users.
Although this system would be easy to deploy, it comes with some drawbacks. The server would need access to unencrypted profile data in order to fulfill its role as the final broker for the exchange of this sensitive information. The server might also be required to maintain information about contact relationships or other metadata for the purposes of implementing profile permission options.
From the outset, we have designed Signal to minimize the amount of data that we store on our servers. We think this is important.
Government Request: When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication publicly.
Signal still knows nothing about you, but the government still continues to ask us if we do.
Because everything in Signal is end-to-end encrypted by default, the broad set of personal information that is typically easy to retrieve in other apps simply doesn’t exist on Signal’s servers. Orders request a wide variety of information we don’t have, including the target’s correspondence, contacts, groups, calls, address.
The only information Signal maintains that is encompassed for any particular user account, identified through a phone number, is the time of account creation and the date of the account’s last connection to Signal serve
Miscellaneous:
Signal | Grand jury subpoena for Signal user data, Central District of California (again!)
October 5th, 2021—United States Department of Justice—United States Attorney's Office Central District of California—GRAND JURY SUBPOENA—Signal Messenger, LLC
Please provide records pertaining to account(s) associated with or owned by [REDACTED] date of birth [REDACTED] or telephone number [REDACTED]..
Signal RE: Response to Federal Grand Jury Subpoe
“Signal—by design—does not possess almost any of the categories and types of information listed in the order. As Signal explains on its website,1 the Signal app utilizes state-of-the-art security and end- to-end encryption to provide private messaging, Internet calling, and other services to users worldwide. Users’ calls and messages are always encrypted, so they can never be shared or viewed by anyone except a user and their intended recipients. Likewise, Signal does not have access to its users’ profiles, group membership or group data, contacts, social graphs, searches, or the like. The only information Signal maintains that is encompassed by the subpoena for any particular user account, identified through a phone number, is the time of account creation and the date of the account’s last connection to Signal servers.”
“The only information Signal maintains that is encompassed by the subpoena for any particular user account, identified through a phone number, is the time of account creation and the date of the account’s last connection to Signal servers. That is all. We have provided the information responsive to the subpoena in Signal’s possession in Attachment A.”
Attachment A—Note that the username is known and redacted in the documents and contains the following: “Last connection date: 1634169600000 (unix millis)” and “Account created: 1606866784432 (unix millis)”
Signal | MLAT order from Luxembourg for Signal user data
November 24, 2020—UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION—CASE NO. CR20-91589—ORDER TO SIGNAL MESSENGER, LLC.
..to disclose certain records and other information pertaining ot Signal account [REDACTED]——the records and other information as set forth in (Order) Attachment A.
Signal RE: Response to Order Under 18 U.S.C. §§ 2703(d) & 3512
SAME AS (GRAND JURY SUBPOENA) RESPONSE—As a result, Signal has no records responsive to the order, which asks for information associated with a Signal user account that has the profile name of [REDACTED].
CONTINUED—Signal RE: Request to Unseal Order Under 18 U.S.C. §§ 2703(d) & 3512
APPLICATION BY THE UNITED STATES FOR AN ORDER UNDER 18 U.S.C. § 2703(d)—FOR ONE ACCOUNT FOR INVESTIGATION OF 18 U.S.C. § 3512—Case No. CR20-91589—UNOPPOSED MOTION TO PARTIALLY UNSEAL COURT RECORDS
INTRODUCTION—line 8-12 states: “Signal seeks this relief in order to inform the public that the company received and responded to legal process. As reflected in Attachment A, Signal's interest extends only to notifying the public about the fact of the legal process and Signal's response. Signal does not seek to publish (and has therefore redacted) the username of the target of the investigation, nor does it possess information sufficient to notify that user.”
PROCEDURAL HISTORY—line 21-22 states: “On September 22, 2021, Signal responded to the Order through a letter to the government indicating that *it maintained no records responsive ot the Order”
ARGUMENT—line 20-24 states: “Signal depends on user trust in the privacy, security, and transparency of the service. As Signal Messenger has publicly stated, the company designed its service to minimize the data it retains about its users. Because of its end-to-end encrypted design and other privacy features built into its software platform, Signal possessed no responsive information to the government request at issue here.”
Conclusion:
Which goes on with an approval to unseal (CASE NO. CR20-91589) for public peace of mind. Signal, which was basically asked for many key bits of PII that Signal cannot ever provide.
On behalf of how usernames or certain information was obtained in other similar cases it is more than like by physical or digital investigative seizures, any data stored, long term or temporary is encrypted and/or pushed from their servers after communication handshakes.
For additional legal documents: Signal | Big Brother
