Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'FTC has jurisdiction over metadata retention practices and representations about data security and collection scope under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Metadata Collection for Security and Spam Prevention clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Metadata Collection for Security and Spam Prevention — Telegram

Share 𝕏 Share in Share 🔒 PDF

What it is

Telegram collects technical data about you — including your IP address, device information, and username history — for up to 12 months to prevent spam and security threats.

Consumer impact (what this means for users)

Telegram retains your IP address and device metadata for up to 12 months, and this is the same data that can be disclosed to law enforcement under a valid judicial order, creating a 12-month window during which your identifying information could be legally compelled.

Cross-platform context

See how other platforms handle Metadata Collection for Security and Spam Prevention and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Your IP address, which can reveal your approximate location and internet provider, is retained for up to a year and is also the data type that can be disclosed to law enforcement under a judicial order.

View original clause language

To improve the security of your account, as well as to prevent spam, abuse, and other violations of our Terms of Service, we may collect metadata such as your IP address, devices and Telegram apps you've used, history of username changes, etc. If collected, this metadata can be kept for 12 months maximum.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages GDPR Art. 5(1)(e) (storage limitation), Art. 6(1)(f) (legitimate interests for security processing), Art. 32 (security measures), and the EU's proposed ePrivacy Regulation regarding metadata retention. For EU users, the CJEU's La Quadrature du Net ruling (C-511/18) constrains blanket metadata retention by communications providers. The UK Investigatory Powers Act 2016 and the US ECPA also govern metadata retention practices. Enforcement authority is the competent EEA national DPA, UK ICO, and potentially national communications regulators.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

FTC has jurisdiction over metadata retention practices and representations about data security and collection scope under FTC Act Section 5.
File a complaint →

Provision details

Document information

Document

Telegram Privacy Policy

Entity

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-002915

Document ID

CA-D-00174

Evidence Provenance

Source URL

https://telegram.org/privacy

Wayback Machine

View archived versions →

SHA-256

379a11aff9a58881ad90b36de1e9479fc26a4085619c34a3087b3bd91bfdaaa1

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Telegram | Document: Telegram Privacy Policy | Record: CA-P-002915
Captured: 2026-04-18 10:46:01 UTC | SHA-256: 379a11aff9a58881…
URL: https://conductatlas.com/platform/telegram/telegram-privacy-policy/metadata-collection-for-security-and-spam-prevention/
Accessed: May 2, 2026

Classification

Severity

Medium

Metadata Collection for Security and Spam Prevention