Ledger substantially rewrote its privacy policy on April 19, 2026, removing 188 sentences while adding only 11 new ones. The updated policy is shorter and restructured, with the opening section reorganized and language about policy updates and service exclusions removed. Notably, the policy no longer explicitly mentions that Ledger Recover and Ledger Multisig services are not covered by this privacy policy, and no longer directs users to separate privacy policies for those services.
The updated policy removes explicit language stating that Ledger Recover and Ledger Multisig services are excluded from this privacy policy. Previously, users were directed to separate privacy policies for those services; that direction is now absent. This creates ambiguity about whether this policy now covers those services or whether separate policies still apply. The dramatic reduction in policy length (from 224 to 36 sentences) suggests substantial content was removed, though the specific implications depend on what other sections were condensed or eliminated. You should review the full updated policy to confirm what data practices and service exclusions remain in effect for all Ledger services you use.
The removal of explicit service exclusions and cross-references to separate privacy policies creates regulatory compliance risk and user confusion about what data practices apply to each Ledger service. Under GDPR and CCPA, privacy policies must clearly disclose the scope of services covered; the absence of this disclosure may not satisfy those requirements.
→ Review the full updated privacy policy to understand what services are now covered.
→ If you use Ledger Recover or Multisig, search for separate privacy policies for those services on Ledger's website or contact Ledger support to confirm where their privacy terms are disclosed.
→ Compare the updated policy to what you understood before to identify any new or changed data practices that affect you.
→ You may unknowingly subject data from Ledger Recover or Multisig to practices disclosed only in this policy (if scope expanded) or practices disclosed nowhere (if scope is genuinely ambiguous).
→ If separate privacy policies for Recover and Multisig still exist but are not clearly linked, you may miss material privacy disclosures affecting those services.
→ Regulatory bodies may treat the removal of clear service-scope language as non-compliance with transparency requirements, potentially resulting in enforcement action against Ledger that affects user rights.
This is the 2nd significant Transparency Removal change Ledger has made since ConductAtlas began monitoring.
ConductAtlas has recorded 2 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
2 of Ledger's significant changes have been classified as negative for consumers.
Removed explicit language excluding Ledger Recover and Multisig from this policy and eliminated direction to separate privacy policies for those services, creating ambiguity about current coverage.
Modified language about unilateral policy updates; changed from 'we may update this Privacy Policy whenever needed or if the law requires it' plus notice of continued use as consent, to 'If you continue to use our services after updates, you're agreeing to the new terms,' which is functionally similar but removes the prior statement that law can require updates.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Users can no longer clearly see in this policy that certain Ledger services may be governed by separate privacy rules.
Users are no longer directed to where to find privacy information for Recover and Multisig services, creating confusion about where to look for those service-specific disclosures.
Ledger removed 188 sentences from its privacy policy while adding only 11, resulting in a document that is 84% shorter than before. Most significantly, the policy no longer explicitly states that Ledger Recover and Ledger Multisig are excluded from coverage, nor does it direct users to separate privacy policies for those services. This removal creates potential regulatory exposure under GDPR, CCPA, and other privacy frameworks that require clear, transparent notice of what services are covered by which privacy policies. Organizations that rely on Ledger as a vendor or integrate Ledger services into their own products should clarify with Ledger whether separate privacy policies still govern Recover and Multisig, and whether this master policy now applies to those services. If ambiguity persists, it may trigger data processing agreement review and potential breach notification obligations depending on how the scope of coverage is interpreted.
GDPR, CCPA, LGPD, UK GDPR, EDPB guidance on transparency and privacy policy scope
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001106.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherLedger's privacy policy was updated on April 3, 2026 with a minor formatting change to the section heading 'With whom …
Ledger significantly restructured its privacy policy on April 2, 2026, removing 188 sentences and adding 11 new ones. The policy …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.