I’ve been reading through Signal’s government requests and couldn’t find a similar section on Mullvad’s website. I’d be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.
Once their servers are unplugged they lose all value. While their online and running that could be a different story.
Or they can do a cold boot attack
Possible but with physical access needed. Which makes things much more difficult. At least for servers under Mulls control vs rented servers from a provider in each locale.