This is Telegram's privacy policy explaining what data the messaging app collects and how it uses it. The most important thing to know is that your regular cloud chat messages, photos, and videos are stored on Telegram's servers in encrypted form and can be accessed by Telegram, while only Secret Chats use true end-to-end encryption that Telegram cannot read. If you want maximum privacy, use Secret Chats for sensitive conversations, and you can delete synced contacts and payment information in Settings > Privacy & Security > Data Settings.
Technical Summary
This document is Telegram's Privacy Policy governing the collection, processing, and sharing of personal data by Telegram Messenger Inc. in connection with its cloud-based messaging services, relying primarily on legitimate interests under GDPR Art. 6(1)(f) as its legal basis for processing. The policy creates obligations for Telegram to store cloud chat messages, photos, videos, and documents on encrypted servers, disclose IP addresses and phone numbers to judicial authorities upon valid legal orders, and share audio data with Google LLC for Premium voice-to-text transcription. Notable deviations from industry standard include the explicit disclaimer that Telegram bears no responsibility for payment disputes (shifting liability entirely to bot developers and payment providers), and the absence of advertising-based data processing, which is atypical for a platform of this scale. The policy engages GDPR (including Art. 27 EEA representative requirement, satisfied via EDPO), UK data protection law, and potentially CCPA for California residents; material compliance considerations include the BVI and Dubai-based group company data transfers relying on EU Standard Contractual Clauses, the absence of a dedicated Data Protection Officer reference, and Telegram's use of legitimate interests rather than consent as its primary lawful basis, which may face scrutiny under GDPR balancing tests.
Telegram stores your regular chat messages, photos, videos, and documents on its own servers in encrypted form, meaning Telegram holds the keys and can technically access this content.
Telegram can hand over your IP address and phone number to law enforcement if a court orders it in connection with criminal activity that also violates Telegram's terms.
Third-party bots on Telegram are run by independent developers who are not controlled by Telegram, and they can receive your public account data, messages, IP address, and group membership information when you interact with them.
Telegram shares your personal data with its parent company in the British Virgin Islands and a related company in Dubai, using EU-approved contract clauses as the legal safeguard for these transfers.
Telegram will not help you if you have a problem with a payment made through a bot — all disputes are between you, the bot developer, your payment provider, and your bank.
If you use Telegram Premium's voice-to-text feature, the audio content of your voice messages is sent to Google to be transcribed — Google contractually agrees not to log or reuse this audio.
Telegram processes all your personal data based on its own business interests — not your consent — unless your privacy rights clearly outweigh those interests.
Telegram collects technical data about you — including your IP address, device information, and username history — for up to 12 months to prevent spam and security threats.
Secret Chats are encrypted so that only you and your recipient can read them — Telegram itself cannot access the content and does not store these messages on its servers.
You have the right to access, copy, delete, correct, and restrict your personal data on Telegram, and to file a complaint with data protection authorities if you believe your rights have been violated.
Added April 18, 2026
Cross-platform context
See how other platforms handle Cloud Chat Server Storage and similar clauses.