Presidential hopefuls are arguing about it. Officials like FBI Director James Comey have publicly criticized tech companies for their encryption practices. Facebook-owned WhatsApp was temporarily banned in Brazil last week for failing to hand over user info it claims it didn’t have.

Almost all messaging companies encrypt messages en route between a user’s device and company servers, where a company could then read them if needed. The problem arises, though, when messages are end-to-end encrypted, which means they are only readable on the sender’s and receiver’s devices. That means the messaging companies can’t read them. Companies like Apple offer this level of security to satisfy users looking for total privacy. Law enforcement officials hate it because it poses a serious security threat.

Who can read your private messages? We checked in with some of the most popular messaging companies out there, and here’s what we found.

These Companies Can’t Always Read Your Messages

Apple: Apple’s iMessages are end-to-end encrypted, which means they can only be read on users’ phones and the company can’t read them. There’s a caveat here, though. If you back up your messages in iCloud, then Apple can read them and could be forced to hand them over to authorities if provided with an appropriate warrant.

WhatsApp*: WhatsApp gets an asterisk here because while it’s almost done rolling out end-to-end encryption to all of its users, it’s not officially there yet. Either way, the company claims that it does not store messages on its servers, which means it can’t hand over messages if approached by law enforcement officials. (This is what got WhatsApp into trouble in Brazil.)

Telegram**: Telegram messages can be totally private if you want them to be. The company offers end-to-end encryption if users turn on the app’s “secret chat” feature and thus can’t read those user messages. Regular messages are stored on Telegram’s servers. The app benefited immensely from Brazil’s temporary WhatsApp ban. Telegram claims that it added 5.7 million new users on the day WhatsApp was blocked.

Signal: Owned by Open Whisper Systems, Signal is also end-to-end encrypted. The company explicitly states on its website that it “does not have access to the contents of any messages sent by Signal users.”

Line*: Line offers end-to-end encryption, but only if both the sender and recipient of a message turn on a feature called “Letter Sealing.” This will encrypt your messages so the company can’t read them, but regular messages without the feature are not end-to-end encrypted and Line may have to hand them over if required by Japanese law.

These Companies Can Read Your Messages

Kik*: Kik also gets an asterisk here. Messages are not end-to-end encrypted, so the company can theoretically read them. But Kik claims it deletes user messages from its servers as soon as they’re delivered to a user’s device. That means it wouldn’t be able to share your messages with authorities if requested, and the length of time during which it could read your messages is extremely short.

Facebook (Messenger and Instagram): Both Facebook Messenger and Facebook-owned Instagram encrypt messages only when they are en route between a user’s device and company servers where they are stored. This means Facebook might have to hand over private messages if required by law.

Google: Messages sent via Google Hangouts are also encrypted en route and even on the company’s servers, but Google can still read them if needed. Encrypting the messages while on Google servers is intended to keep others from jacking in and reading them, but Google itself has the encryption key. This means Google might have to hand over private messages if required by law.

Snapchat: Like Google, Snapchat messages are encrypted while at rest on Snapchat’s servers (though the company has the encryption key if needed). Snaps are deleted from the servers as soon as they’re opened by the intended recipients, and Snapchat claims these delivered messages “typically cannot be retrieved from Snapchat’s servers by anyone, for any reason.” But unopened Snaps are kept on the servers for 30 days before being deleted. That means Snapchat might have to hand over unopened, private messages if required by law.

Twitter: Direct messages on Twitter are not end-to-end encrypted. The company might have to hand over private messages if required by law.

Skype: Microsoft-owned Skype does not offer end-to-end encryption for instant messages. They are stored on Skype’s servers for a “limited time,” which means Skype might have to hand over private messages if required by law.

**The Telegram section was updated to include distinction that end-to-end encryption is only available for the app’s “secret chats.”