What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This document engages COPPA (minimum age 13 for US users, higher thresholds acknowledged for some jurisdictions), the FTC Act (unfair or deceptive practices standard, particularly relevant to the explicit no-sale commitment), and CCPA (California residents' data rights, though not explicitly addressed by name). GDPR applicability to Signal's EU user base is not addressed within the document, despite the policy's May 25, 2018 effective date; the absence of explicit lawful b…

How does Signal's Signal Privacy Policy affect users?

The policy establishes that users provide a phone number as the sole required personal identifier for account creation. The agreement implements end-to-end encryption as the default architecture, which restricts Signal's technical access to message and call content. The agreement includes a $100 aggregate liability cap that limits remedies available to users for service failures, and establishes mandatory jurisdiction in California state courts for dispute resolution.

How often is Signal's Signal Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Signal updates this document?

Yes. Watcher subscribers ($9.99/month) can add Signal to their watchlist and receive same-day email alerts whenever this document or any other Signal document changes.

CA-D-000305

Signal Privacy Policy

Signal

Last change detected April 18, 2026 Privacy policy

SHA-256: 22835e8785154a23468… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Signal ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

8 Medium severity

2 Low severity

Summary

Signal's combined Terms of Service and Privacy Policy establish the operational parameters for the Signal messaging platform, specifying data collection practices and service usage rules. The policy establishes that Signal collects phone numbers for account creation and implements end-to-end encryption for message and call content, which renders message content and call audio inaccessible to Signal's systems. The agreement authorizes users to contact Signal at privacy@signal.org to manage account data and exercise data access or deletion rights.

Technical / Legal Breakdown

This document governs use of Signal Messenger LLC's messaging and calling services, combining Terms of Service and a Privacy Policy under California law, with the stated purpose of operating end-to-end encrypted communications. The terms assert that Signal does not sell, rent, or monetize personal data or content in any way, that message content cannot be decrypted or accessed by Signal, and that minimal technical metadata (authentication tokens, push tokens, keys) is retained only as required to operate the service. Notably, the document's data minimization posture is substantially narrower than typical consumer messaging platforms, reflecting Signal's architectural commitment to collecting only a phone number for registration and hashing contact data for discovery; however, the policy's compelled disclosure provision permits sharing data in response to applicable law, regulation, or enforceable governmental requests without explicit notice to users, which is standard but operationally significant given Signal's user base. The policy engages GDPR, CCPA, COPPA (minimum age 13), and FTC Act consumer protection frameworks; GDPR applicability is not explicitly addressed in the document, though the effective date of May 25, 2018 coincides with GDPR enforcement commencement, suggesting awareness of that framework. The absence of explicit EU/EEA data transfer mechanisms, a Data Protection Officer designation, or a dedicated GDPR lawful basis statement represents a material gap for EU-facing compliance review.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 8 provisions

Compelled Disclosure Carve-Out

Signal may share your data if required to do so by law, court order, or government request.

Added May 10, 2026 Rare
Aggregate Liability Cap of $100 Compare →

If Signal causes you harm, the maximum amount you can recover from them in any legal claim is $100, and you cannot sue them for lost profits, punitive damages, or most other types of financial loss.

Added May 10, 2026 Standard Seen across 228 platforms
California Exclusive Jurisdiction Compare →

Any legal dispute with Signal must be resolved in a California court, under California law, regardless of where you live.

Added May 10, 2026 Standard Seen across 187 platforms
Phone Number Registration and Contact Discovery

Creating a Signal account requires a phone number, and if you choose to use the contact discovery feature, your contacts' phone numbers are cryptographically hashed before being sent to Signal's servers to check who is also on Signal.

Added May 10, 2026 Rare
Unilateral Terms Modification Compare →

Signal can change these terms at any time, and simply continuing to use the app counts as your agreement to the new terms.

Added April 18, 2026 Standard Seen across 178 platforms
Minimum Age Requirement

You must be at least 13 to use Signal, and in some countries the minimum age may be higher; Signal acknowledges that parental approval may be required in certain jurisdictions.

Added May 10, 2026 Rare
Account Termination by Signal Compare →

Signal can suspend or terminate your account at any time and for any reason, including subjective assessments like 'possible legal exposure' or violations of the 'spirit' of the terms.

Added April 18, 2026 Standard Seen across 210 platforms
No Emergency Services Access

Signal cannot be used to call emergency services (such as 911 or 112), and the company advises users to maintain access to traditional phone services for emergencies.

Added May 10, 2026 Rare

Low — 2 provisions

No Data Sale Commitment

Signal makes an unconditional promise never to sell, rent, or make money from your personal data or the content of your messages.

Added May 10, 2026 Rare
End-to-End Encryption and Message Inaccessibility Compare →

Signal is technically unable to read your messages or listen to your calls because they are encrypted in a way that only you and the person you are communicating with can access.

Added May 10, 2026 Standard Seen across 262 platforms