Ledger significantly restructured its privacy policy on April 2, 2026, removing 188 sentences and adding 11 new ones. The policy now opens with 'Your privacy, our priority' instead of a longer explanation, and reorganized sections with a new 'What this policy covers' heading. Notably, the policy removed explicit carve-outs stating that the privacy policy does not apply to Ledger Recover and Ledger Multisig services, along with references to their dedicated privacy policies, which means these services are now either covered by this single policy or their coverage status has become unclear.
Ledger removed language explicitly stating that this privacy policy does not cover Ledger Recover and Ledger Multisig services, and eliminated references to dedicated privacy policies for those services. This creates ambiguity about whether those services are now governed by the main privacy policy or whether separate policies exist but are no longer disclosed in this document. If you use Ledger Recover or Ledger Multisig, you should review the privacy disclosures for those specific services directly, as it is no longer clear from the main privacy policy whether separate protections apply.
The removal of explicit service carve-outs creates legal and operational ambiguity about which Ledger products are governed by this privacy policy. Under GDPR and CCPA, consumers are entitled to clear, specific notice of what services and data are covered by any given privacy statement. If Recover and Multisig were previously governed by separate policies and are now intended to fall under the main policy, that expansion requires clear notification. If they remain separate, their removal from the policy without replacement disclosure violates transparency standards.
→ If you use Ledger Recover or Multisig, locate and review the privacy disclosures or terms of service specific to those services to understand what data they collect and how it is used.
→ Contact Ledger support to confirm whether those services are covered by the main privacy policy or remain subject to separate privacy terms.
→ You may not have clear notice of what data Ledger Recover or Multisig collect, how they use it, or what rights you have regarding that data.
→ If a privacy incident or data request arises, you may lack clear documentation of which privacy policy governs your data in those services.
Removed explicit carve-out stating privacy policy does not apply to Ledger Recover and Multisig, creating ambiguity about whether those services are now covered.
Modified language from 'If you keep using our services after updates, you're agreeing to the new terms' to 'If you continue to use our services after updates, you're agreeing to the new terms,' a minor semantic shift with no material change in meaning.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Consumers using Ledger Recover or Multisig no longer have clear notice from the main privacy policy about whether those services are covered by this policy or subject to separate terms.
Ledger removed explicit service carve-outs and references to dedicated privacy policies for Recover and Multisig on April 2, 2026. Under GDPR Article 13 and 14, and CCPA Section 1798.100, data controllers must provide specific, clear disclosure of how personal data is collected and used. Removing explicit carve-outs without replacing them with clear alternative disclosure creates potential transparency gaps. Organizations relying on Ledger as a service provider, or those subject to privacy-by-design obligations, may need to confirm whether separate privacy disclosures for Recover and Multisig still exist and are adequately linked. If those services no longer have dedicated policies, the main policy may now need to address them explicitly to satisfy regulatory clarity standards.
GDPR (Articles 13, 14 on transparency and fair processing information); CCPA (Section 1798.100 on consumer right to know); UK GDPR (equivalent transparency requirements); FTC Act Section 5 (unfair or deceptive trade practices); state privacy laws requiring clear service-specific disclosures.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001214.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherLedger substantially rewrote its privacy policy on April 19, 2026, removing 188 sentences while adding only 11 new ones. The …
Ledger's privacy policy was updated on April 3, 2026 with a minor formatting change to the section heading 'With whom …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.