I’ve been reading through Signal’s government requests and couldn’t find a similar section on Mullvad’s website. I’d be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.
Or they can do a cold boot attack
Possible but with physical access needed. Which makes things much more difficult. At least for servers under Mulls control vs rented servers from a provider in each locale.