Medium updated its Privacy Policy on May 18, 2026 to add detailed disclosure about its address book contact feature. The new language explains that when users opt in to this feature, Medium converts contact names and email addresses into encrypted, non-reversible identifiers to match against its member database. Medium does not store names or emails in plain text, deletes identifiers for non-members immediately, and deletes all encrypted identifiers within 30 days. The policy also reorganized its personal information collection disclosure, though the categories themselves (identifiers, commercial information, internet activity, inferences) remain unchanged.
The updated policy adds transparency about Medium's address book feature by explaining the technical process: contact names and emails are converted into encrypted identifiers, matched against Medium's member database, and then deleted. For contacts who are not Medium members, these encrypted identifiers are deleted immediately; all encrypted identifiers are deleted within 30 days regardless. The policy states Medium relies on legitimate interests to offer this feature, specifically its interest in helping users connect with people they know. You can review the specific disclosure in the 'Helping You Connect With People You Know' section of the updated policy.
The updated terms establish explicit disclosure of a previously undescribed contact matching feature. This disclosure documents the technical safeguards (encryption, deletion timelines, plain-text non-storage) and the lawful basis (legitimate interests) Medium asserts for the processing. For users, this clarifies how contact data is handled when they opt into address book features. For regulators and data protection authorities, this disclosure creates a documented record of processing practices and safeguards.
Added new section explaining that contact names and emails are converted to encrypted identifiers, matched against Medium's database, and deleted within 30 days (immediately for non-members).
Stated that Medium relies on legitimate interests under Article 6(1)(f) to offer this feature, citing the interest in helping users connect and supporting freedom of expression.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Medium added explicit disclosure of its address book contact matching feature and the technical safeguards it employs. The change operationalizes consent and technical documentation that may be relevant to GDPR Article 6(1)(f) (legitimate interests), Article 35 (DPIA trigger), and CCPA/CPRA collection and deletion obligations. The disclosure identifies the feature as opt-in and describes encryption, non-storage of plain-text data, and deletion timelines. No material change to Medium's stated processing practices appears to have occurred; the change is primarily disclosure and documentation. Organizations using Medium for user acquisition or account linking should verify whether this feature engages their own data controller or processor obligations.
GDPR (lawful basis for processing under Article 6(1)(f), international data transfers if applicable), CCPA/CPRA (collection and deletion requirements), LGPD (Brazil), and ePrivacy Directive (electronic communications data).
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002165.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherMedium's Terms of Service page now displays a '46K' metric next to the Listen and Share buttons, which appears to …
Medium's privacy policy was updated on April 26, 2026, but the changes appear to be primarily formatting and structural rather …
Medium's Terms of Service were updated on April 26, 2026, but the detected changes appear to be primarily formatting and …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.