The policy states that messages, photos, videos, and documents in cloud chats are stored on Telegram servers in encrypted form, with encryption keys held by Telegram across multiple data centers. This is distinct from secret chats, which use end-to-end encryption and are not stored server-side.
This analysis describes what Telegram's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that cloud chat content is retained by Telegram in a form that Telegram controls, meaning it is technically accessible to Telegram and potentially subject to compelled legal disclosure. The policy separately confirms that law enforcement requests may result in disclosure of IP address and phone number, though the policy does not explicitly state whether cloud chat content could be disclosed under a broader or different legal order.
Under these terms, messages, photos, videos, and documents sent in standard (non-secret) chats are stored on Telegram's servers in encrypted form with keys held by Telegram. Users who prefer no server-side retention of message content may use secret chats, which the policy states are end-to-end encrypted with no server storage.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Telegram has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Telegram is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups. All data is stored heavily encrypted and the encryption keys in each case are stored in several other data centers in different jurisdictions. This way local engineers or physical intruders cannot get access to user data.— Excerpt from Telegram's Telegram Privacy Policy
1. REGULATORY LANDSCAPE: This provision engages GDPR data minimization and storage limitation principles, as Telegram retains cloud chat content for the duration of service use. The policy cites legitimate interests as the processing basis. EEA national supervisory authorities and the UK ICO have enforcement jurisdiction. The retention of encryption keys by Telegram means cloud chat content is not technically inaccessible to the data controller, which may be relevant to assessments under GDPR Article 5 and Article 25 (data protection by design). 2. GOVERNANCE EXPOSURE: Medium. The server-side storage of cloud chat content with Telegram-controlled encryption keys means that compelled legal process directed at Telegram could theoretically extend to message content, though the policy's law enforcement disclosure clause (section 8.3) limits stated disclosures to IP address and phone number. The gap between what is technically stored and what the policy commits to disclose warrants compliance review. 3. JURISDICTION FLAGS: EEA and UK users have heightened exposure given GDPR storage limitation requirements and the right to erasure. The policy states that UK and EEA user data is stored in Netherlands data centers, which provides some geographic specificity. Users in jurisdictions with mandatory data retention laws may face additional exposure depending on local law enforcement frameworks. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Telegram for business communications should assess whether cloud chat storage is compatible with their internal data classification and retention policies. The policy notes that data centers are third-party provided but that servers and networks are owned by Telegram, clarifying that data center operators do not receive user data. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether use of cloud chats for sensitive internal communications aligns with organizational data handling requirements. Teams should also evaluate whether the legitimate interests basis adequately covers indefinite retention of message content under GDPR, and whether users have been provided adequate information to make informed choices between cloud and secret chats.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that cloud chat content is retained by Telegram in a form that Telegram controls, meaning it is technically accessible to Telegram and potentially subject to compelled legal disclosure. The policy separately confirms that law enforcement requests may result in disclosure of IP address and phone number, though the policy does not explicitly state whether cloud chat content …
Under these terms, messages, photos, videos, and documents sent in standard (non-secret) chats are stored on Telegram's servers in encrypted form with keys held by Telegram. Users who prefer no server-side retention of message content may use secret chats, which the policy states are end-to-end encrypted with no server storage.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Telegram.