Privacy is the hot potato - and with understandable concern!
We make sure to use strong encryption, and force it on the client (if this makes certain clients unusable, so be it - it's better to be safe in any case).
We support XEP-0313 (Message achiving), but it's turned off unless the client specifically requests it.
We do not foresee ever being requested to allow any authorities access to these data, but if a request comes - we'll naturally have to comply with it. However if this is a concern - either simply do not use message archiving, or use XEP-0364 (OTR), OMEMO, or something similar so what is stored is encrypted.