WhatsApp may not be as private as it seems. When it became the world’s largest encrypted messaging app on Monday, WhatsApp sent a flurry of security-conscious texters straight into the arms of the Facebook-owned service. Buried in the news, however, is a worrying section that gives WhatsApp the right to hold on to a large amount of message data.

Micah Lee, a journalist at The Intercept, spotted a line in WhatsApp’s privacy terms that suggests the service may store the date, time, and recipient numbers of the messages sent with its service. The actual message contents, WhatsApp claims, are not held on the servers at all.

That still leaves a ton of information up for grabs. Sure, a rogue hacker may not be able to grab a message from the server, but they could find out that a message was sent in the first place, when the message was sent, who sent it, and who it was sent to. This information stands to be available upon government request, as well.

WhatsApp’s new encryption system is the culmination of a year and a half’s worth of work. Partnering with Open Whisper Systems, the team worked to make sure that message content can only be read by the sender and receiver.

The changes are not enough for some to trust WhatsApp. The “YourAnonNews” Twitter account warned its followers of being deceived by WhatsApp’s offer, saying the app and competing service Telegram are both “deeply flawed.” Instead, the account directed its readers to use Signal, a free private messenger app available for iOS and Android.

And, of course, there’s skepticism surrounding WhatsApp’s ownership; the company was bought by social networking powerhouse Facebook back in February 2014 for $19 billion. “Everyone is going crazy about WhatsApp,” said Twitter user Polidoros_K. “I still don’t trust an App owned by Facebook.”