8 Total
1 High severity
5 Medium severity
2 Low severity
Summary

This is Telegram's privacy policy, governing how Telegram Messenger Inc. collects and uses personal data including phone numbers, IP addresses, device metadata, contact lists, and cloud-stored messages, photos, and files. The policy states that cloud chat content is stored on Telegram's servers in encrypted form and may be subject to disclosure of IP address and phone number to law enforcement upon receipt of a valid judicial order, while secret chat content is end-to-end encrypted and not stored server-side. The policy also discloses that audio data from voice and video messages may be shared with Google LLC for transcription, and message text may be shared with Google LLC or Microsoft Corporation for translation, both at the user's explicit request.

Technical / Legal Breakdown

This document is Telegram Messenger Inc.'s Privacy Policy governing the collection, storage, processing, and disclosure of personal data in connection with its cloud-based messaging services, with legitimate interests cited as the primary legal basis for processing under GDPR Article 6. The policy states that Telegram collects mobile phone numbers, profile names and pictures, email addresses (for 2FA recovery or login authentication), IP addresses, device metadata, username change history, and contact names and numbers; it explicitly states that user data is not used for ad targeting or profiling, and that sponsored messages are based solely on public channel topics rather than user data. Notably, the policy asserts that cloud chat messages, photos, videos, and documents are stored server-side in encrypted form with encryption keys held by Telegram across multiple jurisdictions, while secret chats use end-to-end encryption with no server-side storage, creating a meaningful operational distinction between chat types that affects the scope of any compelled disclosure. The policy engages GDPR through its designation of EDPO as EEA Article 27 representative, its reliance on Standard Contractual Clauses for intra-group transfers to entities in the British Virgin Islands and Dubai, and its disclosure that law enforcement data requests are limited to IP address and phone number upon receipt of a valid judicial order, with disclosures reported quarterly; applicable law in EEA jurisdictions may impose additional constraints on the legitimate interests basis and the adequacy of transfer mechanisms used. The policy also discloses data sharing with Google LLC and Microsoft Corporation for translation services, and with Google LLC for voice-to-text transcription at user request, both described as restricted-purpose processing under agreements with Telegram.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

2 important changes detected

3 versions captured · Last updated: June 2026

What changed Telegram updated a navigation element in their Privacy Policy on June 28, 2026. The previous version linked to 'Twitter Home' while the updated version links to 'Follow on X Home'. This is a minor update reflecting a platform name or branding change in the navigation UI, with no operational impact on privacy practices or user data handling.
Why this matters This change updates a navigation link in the Privacy Policy document header only. It does not modify any privacy practices, data collection authorizations, retention periods, or user rights. The updated link reflects an external social media platform branding change and has no operational impact on how Telegram handles user data or operates its privacy practices.
View full change record →
What changed Telegram's Privacy Policy was updated on May 19, 2026 with minor navigation changes. The word 'Moderation' was replaced with 'Safety' in the top navigation menu and footer links of the policy document. This appears to be a terminology update in the policy's navigation structure rather than a substantive change to privacy practices or data handling.
Why this matters This change updates navigation terminology within Telegram's Privacy Policy document. The word 'Moderation' in the top menu and footer navigation has been replaced with 'Safety' on May 19, 2026. This is a navigational and terminological change that does not alter the substantive content of the privacy policy or the data practices it describes.
View full change record →

Recent Provision Changes Jun 28, 2026

Removed (2)
Legitimate Interests as Sole Legal Basis for Metadata Collection

Removal of this provision eliminates explicit disclosure of the legal basis ('legitimate interests') for Telegram's metadata collection practices under GDPR.

Payment Dispute Responsibility Waiver

Removal of this provision eliminates explicit disclaimer regarding Telegram's liability for payment disputes involving third-party bot developers and payment processors.

Modified (5)
Law Enforcement Disclosure

Provision name shortened from 'Law Enforcement Disclosure of IP and Phone Number' to 'Law Enforcement Disclosure' but excerpt content remains identical.

Third-Party Bot Data Access

Excerpt significantly expanded to provide detailed technical specification of what data bots can access, including public account data, interactive data, and group message access modes.

Voice and Message Data Sharing with Google and Microsoft

Provision name expanded from 'Message Text Sharing with Google and Microsoft for Translation' to 'Voice and Message Data Sharing with Google and Microsoft' and excerpt extended to include voice data sharing (truncated in excerpt).

Intra-Group Data Transfers to BVI and Dubai Entities

Provision name changed from 'Intra-Group Data Sharing with BVI and Dubai Entities' to 'Intra-Group Data Transfers to BVI and Dubai Entities' (substituting 'Transfers' for 'Sharing') but excerpt content remains identical.

Security Metadata Retention (12 Months)

Provision name expanded from 'Metadata Retention for Security Purposes' to 'Security Metadata Retention (12 Months)' for clarity but excerpt content remains identical.

3 provisions unchanged.

View full change record →
High — 1 provision
Medium — 5 provisions
Low — 2 provisions

Monitoring

Telegram has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Cloud Chat Server Storage and similar clauses.

Compare across platforms →
Archival ProvenanceSource & Archival Record
Last Captured June 28, 2026 00:24 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000174
Version ID CA-V-004271
SHA-256 65490290e7e91f42131f735fb9619fce8d880833dea22bbfcb0f220a026ccc8a
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans