WhatsApp's privacy policy explains what information the app collects about you — like your phone number, contacts, usage habits, and device details — and how it shares that data with Meta (Facebook's parent company) and other partners. Even though your messages are encrypted, other data about you (like who you message and when) is shared with Meta and can be used for advertising on Facebook and Instagram. Users in some regions like the EU have stronger rights to control their data than users elsewhere.
Technical Summary
WhatsApp's Privacy Policy governs the collection, use, storage, and sharing of personal data for users of the WhatsApp messaging service, operated by Meta Platforms. The policy details categories of information collected — including account data, device identifiers, usage patterns, location data, contacts, and communications metadata — and describes how this data is shared with Meta companies and third-party partners for service delivery, safety, and advertising purposes on other Meta platforms. Key obligations include consent to data sharing within the Meta ecosystem as a condition of service use, with limited opt-out mechanisms. Notable provisions include the use of end-to-end encryption for messages, the sharing of user data with Meta for targeted advertising (outside the EU/UK), and specific rights afforded to users in certain jurisdictions including data access, portability, correction, and deletion requests.
Institutional Analysis
This policy engages GDPR (for EU/EEA and UK users), CCPA/CPRA (for California residents), and general FTC consumer protection standards. The cross-platform data sharing between WhatsApp and Meta rais…
This policy engages GDPR (for EU/EEA and UK users), CCPA/CPRA (for California residents), and general FTC consumer protection standards. The cross-platform data sharing between WhatsApp and Meta raises significant GDPR Article 6 lawful basis questions, particularly following regulatory enforcement …
🔒
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.
✓ Snapshot stored✓ Text extracted✓ Change verified✓ Cryptographically signed
Change Timeline
March 23, 2026
— Document updated
low
WhatsApp added a new section to their privacy policy on March 23, 2026, specifically for users in Thailand. The new section informs Thai residents about their rights under Thailand's Personal Data Protection Act (PDPA) and provides a link to learn more and exercise those rights. This matters because Thai users now have a clearer path to understanding and acting on their legal data privacy rights.
WhatsApp updated its Privacy Policy on March 20, 2026, changing how it communicates its intentions around ads. Previously, the policy said WhatsApp had no intention to introduce certain ad types but that users might see other types in Status and Channels. Now it says if they ever do introduce such ads, they will update the Privacy Policy first. Additionally, a section providing links to United States Regional Privacy Notice for US consumer privacy rights was removed from the document.
What changed
WhatsApp updated their WhatsApp Privacy Policy on March 23, 2026. Change detected: 1 sentence(s) added. Document contained 182 sentences after update.
Consumer impact
Thai WhatsApp users now have a dedicated section in the privacy policy that outlines their rights under Thailand's Personal Data Protection Act (PDPA). This makes it easier for Thai residents to understand what data rights they have and how to exercise them directly through WhatsApp. You can click the link in WhatsApp's privacy policy under the new Thailand section to learn more about and exercise your PDPA rights.
Why it matters
Thai WhatsApp users now have explicit, accessible information about their legal data privacy rights under the PDPA, empowering them to exercise rights such as access, erasure, and objection directly. This reflects WhatsApp's formal compliance acknowledgment of Thai data protection law.
What changed
WhatsApp updated their WhatsApp Privacy Policy on March 20, 2026. Change detected: 1 sentence(s) removed, 1 sentence(s) modified. Document contained 181 sentences after update.
Consumer impact
WhatsApp has removed a direct reference and link to the United States Regional Privacy Notice, which previously helped US users understand and exercise their consumer privacy rights. Additionally, the policy language around ads has shifted from acknowledging that other ad types may appear in Status and Channels, to a vaguer promise to update the Privacy Policy if ads are ever introduced. This reduces the transparency and accessibility of privacy rights information for US users. You can visit WhatsApp's Help Center or search for the United States Regional Privacy Notice directly on WhatsApp's website to review your privacy rights as a US resident.
Why it matters
US WhatsApp users can no longer directly navigate to their consumer privacy rights notice from the main Privacy Policy, making it harder to understand and exercise rights under CCPA and similar state laws. The softened ad language also removes a specific acknowledgment that other ad types may appear in Status and Channels.
WhatsApp shares your personal information — including your phone number, usage data, and device identifiers — with Meta and other Meta-owned companies like Facebook and Instagram.
WhatsApp requires users to be at least 13 years old (or older in some countries) and states it does not knowingly collect data from children below the minimum age.
Users in the EU and UK have stronger data rights — like the right to object to processing and data portability — than users in most other countries, including the US.
When you message a business on WhatsApp, that business may share your conversation data with third-party providers and Meta for customer service and advertising purposes.