This is why you should run your own node. In USA, you can be compelled in a court of law to provide a private key in certain settings…if your hardware wallet provider is also your node, they can list off for the government all they keys you definitely do own…

If you want the utmost in privacy, use blockstream.space for a totally offline bitcoin node. Not even your isp can know you have bitcoin…