Even though your message content is encrypted and WhatsApp cannot read it, WhatsApp collects extensive metadata about your communications: who you contact, how often, for how long, and when, as well as your device details and IP address.
This analysis describes what WhatsApp's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Metadata about your communication patterns can reveal sensitive information about your relationships, health, religion, or professional activities even when message content remains private, and this metadata is shared with Meta's broader platform.
The updated policy now explicitly discloses that users 'may see other types of ads in Status and Channels,' whereas the prior language stated WhatsApp had 'no intention to introduce' new ad types. Th…
Your communication metadata including contact frequency, timing, and duration of interactions is collected and retained by WhatsApp regardless of end-to-end encryption, and this information may be shared with Meta entities and used for purposes including safety, product improvement, and advertising infrastructure.
How other platforms handle this
User content, such as prompts, photos, images, music, videos, audio, screen sharing, comments, questions, messages, works of authorship, and other content or information that you, or third parties acting on your behalf, input, generate, transmit, upload, or submit to us as part of a contest or live ...
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
Monitoring
WhatsApp has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.— Excerpt from WhatsApp's WhatsApp Privacy Policy
REGULATORY LANDSCAPE: Metadata collection and retention implicates GDPR principles of data minimization and purpose limitation under Article 5, requiring that data collected be adequate, relevant, and limited to what is necessary for specified purposes. The breadth of metadata collection, including interaction frequency, timing, and duration, may require evaluation under legitimate interests assessments where that is the asserted legal basis. In the US, communications metadata has historically engaged ECPA considerations in law enforcement contexts, though private party collection is primarily regulated by FTC Act unfair practices standards. GOVERNANCE EXPOSURE: Medium. The collection of behavioral and interaction metadata is common among large messaging platforms, but the combination of granular interaction metadata with cross-platform sharing to Meta's advertising infrastructure creates compound exposure, particularly in GDPR jurisdictions where each processing purpose requires a distinct legal basis. JURISDICTION FLAGS: EU/EEA and UK users benefit from data minimization and purpose limitation requirements that may constrain the breadth of permissible metadata collection relative to US users. California residents may have rights to know what specific categories of metadata are collected and to request deletion. Metadata that reveals religious practice, political views, health consultations, or legal communications may qualify as sensitive data in some jurisdictions, creating heightened obligations. CONTRACT AND VENDOR IMPLICATIONS: Organizations using WhatsApp for business communications should be aware that interaction metadata about employee or customer communications is collected and retained by WhatsApp even where message content is encrypted. This may be relevant to privilege assessments, records retention policies, and sector-specific communication surveillance obligations. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the metadata categories described in the policy constitute personal data under applicable law in all relevant jurisdictions, and whether data subject rights requests include rights to access or delete metadata as well as message content. Data retention periods for metadata should be mapped and compared against organizational retention policies.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Metadata about your communication patterns can reveal sensitive information about your relationships, health, religion, or professional activities even when message content remains private, and this metadata is shared with Meta's broader platform.
Your communication metadata including contact frequency, timing, and duration of interactions is collected and retained by WhatsApp regardless of end-to-end encryption, and this information may be shared with Meta entities and used for purposes including safety, product improvement, and advertising infrastructure.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by WhatsApp.