Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes WhatsApp's data collection, use, and sharing practices, including the categories of personal information processed and the mechanisms through which data flows to Meta Companies. The policy authorizes WhatsApp to collect phone numbers, device identifiers, usage data, and contact lists, and to share these categories with Meta Companies for use in ad personalization on Facebook and Instagram. The policy specifies data subject rights procedures differentiated by jurisdiction: EU and UK users may exercise access, correction, deletion, and data portability rights through in-app settings or direct request; California users may submit data access requests through designated channels.
This document is WhatsApp's global Privacy Policy, governing the collection, use, storage, and sharing of personal data by WhatsApp LLC (and WhatsApp Ireland Limited for EU/UK users), with stated legal bases including contract performance, legitimate interests, legal obligations, and user consent depending on jurisdiction. The policy states that WhatsApp collects account registration information (phone number, profile name, picture), device identifiers, IP addresses, battery level, signal strength, browser type, mobile network, connection information, location-related data, usage and log information, cookies and tracking technologies, payment and financial transaction data, contacts from user address books, status information, and the content of messages to the extent necessary to deliver services (noting end-to-end encryption for personal messages). The policy authorizes sharing of user information with the broader Meta Companies family of products for infrastructure, safety, research, and product improvement purposes, as well as with third-party service providers, business partners, and in response to legal requests; this cross-company data sharing with Meta platforms (including Facebook and Instagram) is operationally distinct from messaging-only service expectations and has been subject to regulatory scrutiny in multiple jurisdictions. The policy engages GDPR (for EU and UK users, with WhatsApp Ireland Limited as data controller), CCPA (for California residents), and various national data protection frameworks; EU users retain specific rights including access, rectification, erasure, portability, and objection, while the policy designates the Irish Data Protection Commission as lead supervisory authority for EU matters. Material compliance considerations include the scope of Meta-group data sharing, the adequacy of consent mechanisms for cross-platform data integration, the treatment of contacts data uploaded by users (implicating third-party data subject rights), and WhatsApp's use of data to inform advertising shown on Meta platforms even where WhatsApp itself does not display third-party ads.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial10 important changes detected
11 versions captured · Last updated: June 2026
WhatsApp removed language stating it has no intention to introduce ads in Status and Channels, replacing it with a more conditional statement that reserves the right to introduce ads in …
View change record →WhatsApp's privacy policy was updated on June 5, 2026, with three sentences modified in the document. The updated language maintains the core structure of the policy while updating HTML metadata …
View change record →WhatsApp's privacy policy was updated on June 4, 2026 to add a new section titled 'Privacy Rights for United States Residents' directing users to a separate California-specific privacy notice for …
View change record →WhatsApp modified its language about potential future ad formats in Status and Channels. Previously, the policy stated it had no intention to introduce other types of ads but acknowledged users …
View change record →WhatsApp modified two sections of its Privacy Policy on April 19, 2026. First, the policy changed language about advertising on the platform, removing a statement that WhatsApp had 'no intention' …
View change record →WhatsApp added a single sentence to its Privacy Policy on March 23, 2026, providing Thai residents with a direct reference to learn about their rights under Thailand's Personal Data Protection …
View change record →WhatsApp modified language describing potential future advertising on its Status and Channels features. The previous version stated the company had no intention to introduce other ad types but said users …
View change record →WhatsApp's privacy policy was updated on March 19, 2026 to reflect changes in how ads function on the platform. Previously, the policy stated WhatsApp had no intention to introduce certain …
View change record →Monitoring
WhatsApp has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Children's Privacy and Age Restrictions and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.