What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy directly engages the EU General Data Protection Regulation, citing Article 27 for the EEA representative designation and relying on legitimate interests under Article 6(1)(f) as the sole stated legal basis for processing metadata and cloud content. UK GDPR applies equivalently for UK users. Intra-group transfers to Telegram Group Inc. and Telegraph Inc. in the British Virgin Islands and Telegram FZ-LLC in Dubai are addressed through standard contractual clauses…

How does Telegram's Telegram Privacy Policy affect users?

The policy establishes that regular cloud chat messages and associated metadata are retained on Telegram's servers and subject to disclosure under judicial process. The policy authorizes users to access Secret Chat features as an alternative mechanism that employs end-to-end encryption and does not store content on Telegram's servers. Users may also manage contact data retention and contact suggestion functionality through the Settings interface as described in the policy.

How often is Telegram's Telegram Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Telegram updates this document?

Yes. Watcher subscribers ($9.99/month) can add Telegram to their watchlist and receive same-day email alerts whenever this document or any other Telegram document changes.

CA-D-000174

Telegram Privacy Policy

Last change detected May 19, 2026 Privacy policy

SHA-256: 277fe42bdbc1360b40a… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Telegram ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

1 High severity

7 Medium severity

2 Low severity

Summary

This privacy policy establishes the categories of personal data Telegram collects from users of its messaging application, including phone numbers, IP addresses, device metadata, and message content. The policy specifies that regular cloud chats are stored on Telegram's servers in a format accessible to Telegram, and that IP addresses and phone numbers may be disclosed to law enforcement pursuant to valid court orders. The policy also describes Secret Chat functionality, which operates as end-to-end encrypted communication with content not stored on Telegram's servers.

Technical / Legal Breakdown

This document is Telegram's Privacy Policy governing data collection, storage, and processing for its cloud-based messaging services, with Telegram Messenger Inc. as data controller; the legal basis asserted is legitimate interests under GDPR Article 6(1)(f), namely service provision and fraud/security protection. The policy states that cloud chat messages, photos, videos, and documents are stored server-side in encrypted form, while secret chats use end-to-end encryption with no server-side storage; the terms authorize sharing of IP address and phone number with law enforcement upon receipt of a valid judicial order, and permit sharing of message text with Google or Microsoft for translation and audio data with Google for voice-to-text transcription. Notably, the policy explicitly states no ad targeting based on user data and no use of cookies for profiling, which distinguishes it from common industry practice among large messaging platforms; however, cloud chat content remains accessible to Telegram in encrypted-but-decryptable form, and third-party bots receive user data including messages and account details with limited Telegram oversight over downstream use. The policy engages GDPR directly, designating EDPO as its Article 27 EEA representative and referencing standard contractual clauses for intra-group transfers to BVI and Dubai entities; UK GDPR, the EU Digital Services Act moderation obligations, and applicable data protection frameworks in jurisdictions where Telegram operates also create material compliance considerations, particularly regarding the adequacy of legitimate interests as a sole legal basis for broad metadata collection and cross-border data transfers.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 19, 2026

low

What changed Telegram's Privacy Policy was updated on May 19, 2026 with minor navigation changes. The word 'Moderation' was replaced with 'Safety' in the top navigation menu and footer links of the policy document. This appears to be a terminology update in the policy's navigation structure rather than a substantive change to privacy practices or data handling.

Why this matters This change updates navigation terminology within Telegram's Privacy Policy document. The word 'Moderation' in the top menu and footer navigation has been replaced with 'Safety' on May 19, 2026. This is a navigational and terminological change that does not alter the substantive content of the privacy policy or the data practices it describes.

View full change record →

High — 1 provision

Third-Party Bot Data Access

When you interact with third-party bots on Telegram, your public account data and messages are shared with the bot's developer, who is independent of Telegram and subject to their own terms.

Added April 18, 2026 Rare

Medium — 7 provisions

Cloud Chat Server-Side Storage

Your regular Telegram messages, photos, and files are stored on Telegram's servers in encrypted form, meaning Telegram holds both the data and the keys needed to access it.

Added May 9, 2026 Rare
Law Enforcement Disclosure of IP and Phone Number Compare →

If a court order identifies you as a criminal suspect for activities that also violate Telegram's rules, Telegram can hand over your IP address and phone number to law enforcement, and will report such disclosures quarterly.

Added May 9, 2026 Standard Seen across 246 platforms
Message Text Sharing with Google and Microsoft for Translation

When you use Telegram's translation feature, the text of the message you translate is sent to Google or Microsoft; both companies are contractually limited to using it only for translation.

Added May 9, 2026 Rare
Legitimate Interests as Sole Legal Basis for Metadata Collection Compare →

Telegram justifies collecting and using your data by saying it needs to do so to run the service and prevent fraud, without asking for your explicit consent.

Added May 9, 2026 Standard Seen across 251 platforms
Intra-Group Data Sharing with BVI and Dubai Entities Compare →

Telegram can share your personal data with its parent company and affiliates in the British Virgin Islands and Dubai, using standard contractual clauses as the legal mechanism for EEA data transfers.

Added May 9, 2026 Standard Seen across 246 platforms
Metadata Retention for Security Purposes Compare →

Telegram may collect and keep your IP address, device information, and username history for up to 12 months to combat spam and security threats.

Added May 9, 2026 Standard Seen across 223 platforms
Payment Dispute Responsibility Waiver Compare →

Telegram says it cannot help you with payment disputes or refunds because it does not store your payment information; you must resolve any issues directly with the bot developer, payment provider, or your bank.

Added May 9, 2026 Common Seen across 150 platforms

Low — 2 provisions

No Ad Targeting Based on User Data Compare →

Telegram explicitly states it does not use your personal data to target you with ads, and any sponsored messages you see are based on the channel topic, not your personal profile.

Added May 9, 2026 Standard Seen across 189 platforms
User Data Rights and Deletion Compare →

You have the right to access, correct, delete, and move your personal data, and to object to how Telegram processes it, with the ability to complain to a data protection authority if needed.

Added April 18, 2026 Standard Seen across 223 platforms