Respect for your privacy is coded into our DNA. Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind.
Please also read WhatsApp's Terms of Service ("Terms"), which describe the terms under which you use and we provide our Services.
The types of information we receive and collect depend on how you use our Services. We require certain of Your Account Information in accordance with our Terms to deliver our Services and without this we will not be able to provide our Services to you. For example, you must provide your mobile phone number to create an account to use our Services.
Our Services have optional features which, if used by you, require us to collect additional information to provide such features. You will be notified of such a collection, as appropriate. If you choose not to provide the information needed to use a feature, you will be unable to use the feature. For example, you cannot share your Precise Location Information with your contacts if you do not enable location sharing on your device. Permissions can be managed through your device-based settings on both Android and iOS devices.
Information You Provide
Your Account Information. You must provide your mobile phone number and a profile name of your choice to create a WhatsApp account. If you don’t provide us with this information, you will not be able to create an account to use our Services. You can add other optional information to your account, such as a profile picture, and "about" information.
Your Messages, Media within Messages, and Calls: We offer end-to-end encryption for our Services. End-to-end encryption means that your calls, messages, media within messages including content like images, audio, video, documents and files are encrypted to protect against third parties (including WhatsApp) from seeing that content. Learn more about end-to-end encryption and how businesses communicate with you on WhatsApp.
Typically your messages are stored on your device(s) and not on our servers. We temporarily store your messages in encrypted form while they are being delivered. Once your messages are delivered, they are deleted from our servers.
If a message cannot be delivered, we keep it in encrypted form on our servers for up to 30 days while we try to deliver it. If a message is still undelivered after 30 days, we delete it. We cannot see the contents of undelivered messages stored on our servers as they are encrypted.
When a user sends media within a message, we store that media for up to 30 days in encrypted form on our servers to aid in more efficient delivery, such as if recipients choose to forward the media. We cannot see the media as it is encrypted.
Status Information. You can choose to share your Status, which is also end-to-end encrypted.
Precise Location Information. We enable you to share your Precise Location Information from your device when you choose to use location-related features, like when you decide to share your current location with, or send live location to your contacts, or view locations nearby. Precise Location Information that you share with your contacts in your chats is encrypted so WhatsApp cannot see it. You can control your Precise Location Information sharing in your in-app settings (see more information for iPhone and Android) and your device-based settings.
You may also provide content that is not encrypted which means that we can see it. This includes your profile picture, your "about" information and names and descriptions of your communities and groups. When you choose to use certain avatars features, such as using a photo to enable us to suggest an avatar that more closely resembles you, we process the photo and parts of your face or body features in the photo frame. The information we use for this process is not used to identify you.
Your Connections. You can use contact upload and provide us with the phone numbers in your device address book on a regular basis, including those of users of our Services and your other contacts. If any of your contacts aren’t yet using our Services, we’ll manage this information in a way that is designed to ensure that those contacts cannot be identified by us. Learn more about contact upload and about the information we provide to people who do not use WhatsApp here. We also collect information on users who contact you that aren't in your device address book and any users you've blocked or who have blocked you.
Your Community and Group Information. You can create, join, or get added to communities, groups and broadcast lists, and such communities, groups and lists get associated with your account. You give your groups and communities a name. You can provide a community or group profile picture or description. We also collect information about when communities and groups are created or updated.
Customer Support Information And Other Communications. When you contact us for customer support or otherwise communicate with us (for example, through optional surveys), you may provide us with information related to your use of our Services, including copies of your messages, any other information you deem helpful in order for us to understand and resolve your query, and how to contact you (e.g., an email address). For example, you may send us an email with information relating to app performance or other issues. We also collect information on how you use our customer support features (e.g., the searches you make on our Help Center), any feedback you give us on the customer support experience and your responses to surveys or questions on a range of topics (including, for example, what you like or don't like about the Service or Meta Companies).
Account Access Information. When you sign up or log-in to our Service, we verify your WhatsApp account, for example, by sending you a code via SMS or calling you. You can also add a PIN to enable two-step verification and an email address that can be used to reset that PIN. Depending on the circumstances, we ask you for information to prove that you are the true owner of your WhatsApp account.
Automatically Collected Information
Usage Information. We collect information about your usage of our Services. This includes collecting information about your activity (including how you use our Services), how you interact with others using our Services (including when you search for and interact with a business), and the time, frequency, and duration of your activities. This also includes information about the features you use like our messaging (and integrated applications), calling, Status, avatars, communities, groups or business features; whether you are online; timestamps related to your use such as when you last used our Services (your "last seen") and the times you send and receive calls and messages; and when you last updated your "about" information.
Log and Troubleshooting Information. We collect information about how our Services are performing when you use them, like service related diagnostic and performance information. This information includes log files, timestamps, diagnostic or crash data, website performance logs and error messages or reports.
Device And Connection Information. We collect device and connection-specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information including whether you are using wifi or cellular data, mobile operator or internet service provider (ISP), language and time zone, IP address, device operations information and identifiers (including identifiers unique to Meta Company Products associated with the same device or account).
User Choices. We collect information about your in-app settings, privacy settings and records about when you accepted terms. Only you are in control of your privacy settings which can be used to change, for example, who can see your "last seen", profile photo, "about" information, Status updates, read receipts or add you to groups. We also collect information about whether you have enabled push notifications and whether you wish to send disappearing messages.
Authentication Information. To verify and grant appropriate authorisations as you use the Services (such as when you choose to use encrypted backups and create your unique password), we create and store authentication codes which are a security measure to ensure only you are accessing your account. Authentication Information also includes your public encryption keys that our end-to-end encryption protocol uses. Messages are encrypted before they reach our servers which means that we cannot see them.
Information Third Parties Provide About You
Information Others Provide About You. We receive information about you from other users. For example, when other users you know use our Services, they may provide your phone number if they use contact upload just as you may provide theirs. We require each of these users to have lawful rights to collect, use, and share your information before providing any information to us. They may also send you messages, send messages to groups to which you belong, or call you. You should keep in mind that in general any user can capture screenshots of your chats or messages or make recordings of your calls with them and send them to WhatsApp or anyone else, or post them on another platform.
User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is submitted to us through the reporting tools, we receive information from the reporter on both the reporting user and those reported. To find out more about the information we receive when a User Report is submitted to us and what happens when a User Report is submitted, please see About blocking and reporting contacts.
Businesses On WhatsApp. When businesses you interact with while using our Services provide us with information about their interactions with you, we require each of these businesses to act in accordance with applicable law.
Third-Party Services. WhatsApp receives information about bad actors and abuse from Meta Companies and app verification information from anti-abuse services to promote safety, security and integrity. For example, when Meta becomes aware of a scam encouraging individuals to contact a phone number via WhatsApp, they might share that phone number with WhatsApp so we can investigate the WhatsApp account.
We also allow you to use our Services in connection with third-party services and Meta Company Products. If you use our Services with such third-party services or Meta Company Products, we may receive information about you from them; for example, if you use the WhatsApp share button on a news service to share a news article with your WhatsApp contacts, groups, or broadcast lists on our Services. Please note that when you use third-party services or Meta Company Products, the terms and privacy policies of the company that offers those services will govern your use of those services and products.
Information Shared by You and by WhatsApp with Third Parties
You share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customise and support our Services.
Send Your Information To Those With Whom You Choose To Communicate. You share User Content when you communicate through our Services. You are in control of what you are sending when you send your information to the individual or business WhatsApp users you choose to communicate with. Please be mindful that, once you have sent User Content to a WhatsApp user, they can store or reshare it with others on and off our Services.
Information Associated With Your Account. As part of your WhatsApp messaging experience and based on your privacy settings, those users who have your phone number can see Your Account Information (phone number, profile photo, "about" information), and can add you to groups and communities where this information is then potentially visible to others in the group or community. When you send a message to another user or to a group, your chosen profile name will become visible to the recipients of the message, including users who do not have you in their contact list. Users who have your phone number can also see your "last seen" information and your message receipts, depending on your privacy settings. You can configure your privacy settings to manage group membership, and certain information (for example, your "last seen") available to other users. Please see our Help Center for more information on how to change your privacy settings.
Third-Party Services. When you, or other users you interact with, use third-party services or other Meta Company Products that are linked through our Services, the providers of those services or products may receive the information about you that you or others share with them. For example, if you use a data backup service integrated with our Services (like iCloud or Google Drive), they will receive the information you share with them, such as your WhatsApp messages, and if you search the web from WhatsApp for a group profile picture, the search engine provider will receive the search term you use. If you interact with a third-party service or other Meta Company Products through our Services, such as when you use the in-app player to play content from a third-party platform like YouTube or Facebook, information like your IP address and technical information showing that the request comes from a WhatsApp app, may be provided to the provider of such service or products. Please note that when you use third-party services or other Meta Company Products, their own terms and privacy policies will govern your use of those services and products.
Third-Party Service Providers. We work with third-party service providers to help us provide our Services.
When we share information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms.
We work with the following different types of third-party service providers:
telecommunications technology providers to send you SMS messages, or call you, to verify your account. To be able to provide these services, these providers receive Your Account Information (phone number) and Account Access Information (verification codes to enable you to verify a new phone number or device connected to your account). The providers we currently use are located in Sweden, the Netherlands, the UK and the United States.
a content safety technology service provider that helps us to maintain the safety and integrity of the Services by detecting and helping us to prioritise harmful material for our reviewers to assess. To provide these services, this provider receives certain images from User Reports (e.g. images), Your Account Information (e.g. profile picture) and Your Community and Group Information (e.g. community or group profile picture). The provider we currently use is located in the United States.
a location data provider to enable you to share your location or a nearby place with other WhatsApp users. To be able to provide these services, this provider receives Precise Location Information (your current location and other locations you choose on the map). The provider we currently use is located in the United States.
WhatsApp is one of the Meta Companies. The Meta Companies provide technology products and services for both individuals and businesses.
We work with other Meta Companies that act as our service providers and help us provide and improve our Services. When Meta Companies act as our service providers, we require them to use your information on our behalf in accordance with our instructions and terms.
We work with Meta Companies in the United States and Ireland that assist us with the operation of our Services. To receive these services we share Information We Collect.
We work with Meta Companies and other companies which are owned by Meta in the United States that provide data hosting and infrastructure services, including the use of data centers together with related services and equipment which are used to operate the Services. We share the Information We Collect with these companies.
We work with a Meta Company in the United States that provides services to:
help carry out two factor authentication; and
provide technical engineering support and trouble-shooting in relation to our interaction with mobile phone networks.
We share Your Account Information (phone number) and Account Access Information (verification code) in order to obtain this service.
We work with other Meta Companies in:
the United States that provide us with operational, administrative and customer support services to help us:
operate, improve, and develop the Services;
develop, fix and customise the Services;
respond to user/non-user queries and provide support relating to the queries;
ensure accounts are kept safe and secure;
with contract administration, project management, planning and any related purposes; and
carry out surveys.
the UK, United States that provide us with:
product research and testing (features of) services to help us improve our Services; and
troubleshoot technical issues, and ensure the Services operate smoothly.
the UK, Ireland, Germany and United States, that provide us with legal advice and legal support services to help us:
in litigation and other dispute processes;
regulatory investigations and other statutory processes;
with handling complaints and/or requests from data subjects;
with responding to government and other legal requests;
with our legal administration;
with the management of privacy-related queries, including development of tooling and record repositories; and
with other legal support as requested from time to time.
Ireland, the United States and Singapore, that provide us with assistance when we respond pursuant to applicable law or regulations, to legal requests and government requests, including in emergency situations, with:
disclosing relevant personal information to law enforcement, government authorities, regulators or others; and
disclosing personal information to third parties in the context of civil legal proceedings.
the United States and UK, that provide administrative services to help us with our efforts to ensure that the Services are safe and secure by:
investigating any suspicious activities or violations of our policies; and
removing violating accounts.
Ireland, the United States and Singapore, that provide us with services to help us to guard against violations of our intellectual property by:
reviewing accounts for violation of WhatsApp policies;
assisting with enforcement against those accounts;
providing periodic reports to us on individual accounts that have been reviewed and enforced upon; and
escalating any cases requiring legal review to us.
For receiving the services listed above and depending on the service that is provided, we share the Information We Collect.
If you would like further details about the Meta Companies that currently act as our service providers, please click here.
How and Why We Process Your Information and Our Legal Basis For Processing
For each legal basis below, we describe the purposes of our processing (why we process your information) and our processing operations (how we process your information to achieve each purpose). We also list the categories of your information that we process for each purpose.
You also have particular rights available to you depending on which legal basis we use, and we've explained these below. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your information. To exercise your rights, see the How To Exercise Your Rights section.
Information that we process to convey your messages or calls (which includes information like your phone number, the time and date you make a call or send a message, or the duration of your calls) is subject to and handled in accordance with the specific rules and requirements under the EU Directive 2002/58/EC, where applicable.
Processing necessary to perform our contract with you
We process information as necessary to conclude and perform our contract with you, our Terms. The categories of information used and why and how they are processed is set out below:
Why And How We Process Your Information
Information Categories Used
To operate, provide, customise, and support our Services as described in the About Our Services section of our Terms which includes providing ways for you to connect and communicate with other WhatsApp users including businesses, WhatsApp:
Assists you in creating and managing your WhatsApp account by:
verifying your WhatsApp account by, for example, sending you a verification code via SMS or by calling you.
checking the operating system and other features of your device to set up WhatsApp correctly on your device, and running security checks to make sure you don’t already have an account or a phone number that is banned from WhatsApp.
recording your User Choices, including the terms you accepted, your privacy settings and the users you’ve blocked.
facilitating you adding additional information such as an avatar or Account Information such as a profile picture, “about” information which is displayed to people who have your phone number, in line with your privacy settings.
changing the phone number associated with your WhatsApp account when you update it.
in order to maintain security, limit data retention and protect your privacy, checking for activity every 30 days and deleting your account where your phone has not been online for 120 days (in general). Learn more in our Help Center here.
deleting your account, at your request (see how to delete your account on your iPhone and on your Android device) or in accordance with our Terms. We may take steps to ban your account if there is a breach of our Terms, for example a breach of our "Acceptable Use of Our Services" terms.
enabling you to re-register your account when it has been deactivated or locked.
To assist you in creating and managing your WhatsApp account:
enable you to reply to, forward and delete messages, or to send different types of messages such as voice messages, “View Once” or disappearing messages.
if the recipient’s device is online on WhatsApp, deliver messages directly to their device. If your device or the recipient’s device is offline, we store the encrypted message for up to 30 days as we attempt to deliver the message and send a push notification to the device.
show when you are online or indicate activity to recipients in a chat, such as displaying your ‘last seen’ to recipients according to your User Choices.
enable you to search the web for images to use as a community or group profile picture or to share videos from third-party services such as YouTube. Where that link is a video, we display a preview and allow the recipient to view it within the chat.
allow you to broadcast your Status updates with contacts of your choice. Status updates disappear after 24 hours.
take precautions to ensure your messages are conveyed correctly.
optimise the sending of media files by storing them temporarily for up to 30 days in encrypted form on our servers to aid in more efficient delivery.
enable you and third parties, like businesses, to communicate and interact with each other using our services such as catalogs for businesses on WhatsApp where you can browse products and services and place orders.
To generally operate and provide our Services, we:
analyse log information to resolve crashes and user issues.
collect information for troubleshooting, diagnostics and debugging.
collect and aggregate activity, system events and metrics (such as messaging volume and latencies) to monitor service performance, reliability, and efficiency, so we can ensure and optimise service quality.
test out and experiment with new features to see if they work as expected
For making, receiving, joining or leaving voice and video calls, we:
establish an end-to-end encrypted connection for audio/video information between you and the other call participant (or participants if you are in a group call) after checking the participant’s privacy settings to see if they have blocked you.
enable you to create and send call links.
send you a push notification if you are receiving or have missed a call.
notify participants in a group call when:
another user has been invited but has not accepted the call,
another user starts to ring,
another user joins the call,
a call participant has left, and
the call is over.
When you change your in-app settings or take certain actions in a call, we let the other call participant(s) know the following:
whether your video is on or off.
when you invite other users to switch from an audio to a video call (or vice versa).
when you have not heard from the other call participant(s).
when you turn mute on or off.
when your battery is below 5% and not charging.
when you get an incoming call that interrupts your ongoing call on WhatsApp.
To optimise call quality, we:
swap to alternative networks interfaces where your existing connection is limited, and collect aggregated call metrics (for iOS only).
track metrics such as failed calls, number of calls ended due to disconnection and measure network link conditions to identify and resolve call quality issues.
store performance information on your device after the call, so it is easier to set up a call with the same user(s) again.
collect metrics about calls and aggregate them to optimise call quality.
back up your data usage and time spent on a call.
exchange network and other information during a call to adjust audio, video and network quality.
For making, receiving, joining or leaving voice and video calls:
To help you discover if your contacts are WhatsApp users when you choose to sync your device’s address book using contact upload, we:
regularly identify other WhatsApp users in your address book, add them to your WhatsApp contact list and store cryptographic hash values of the phone numbers of your contacts who are not WhatsApp users, so we can quickly update your WhatsApp contacts if those contacts sign-up to WhatsApp at a later date. Learn more here.
remove contacts from your WhatsApp contact list if one of your contacts no longer has an account.
at your request, block phone numbers of other users to prevent them contacting you on WhatsApp.
To allow you to create, join, leave and connect in communities and groups to communicate with multiple contacts at the same time, we:
check that phone numbers you are trying to add to a group are WhatsApp users and check to ensure that their admission to the group is in line with their privacy settings.
check to ensure that the community or group name and optional community or group description meets WhatsApp requirements.
store information about the community or group and its participant users (including any pending or past participant users) for example, to ensure that the appropriate privileges are applied and assign the creator of the community or group as an admin so that they can control and personalise the community's or group’s information, membership and settings.
when a community or group is active, log when you send invites to new community or group participants and for groups, expire non-accepted invitations within a set period.
notify participants in the group of certain key changes to the community or group, such as changes to the community or group name, description or profile picture or when a message is deleted. After you exit a group, your phone number will appear in the past participants list of the group for up to 60 days from the time you exited the group.
temporarily store information to protect you from being re-added to groups you chose to leave and store the phone numbers of participants who are banned for example, from groups to ensure that they cannot rejoin. This information is also used to help identify any suspicious users or abusive behaviour where there is a high turnover of participants.
allow you to appoint other community admins to a community you’ve created or you are a community admin of and appoint a new group admin or community admin when the current admin (or admins) leave the group or community or delete their account.
delete a group when its last member leaves.
suspend, or deactivate a community, and add or disconnect groups within the community.
Assists you to create backups of your chat history (and media within the chat history), when you request it by:
enabling you to upload a backup of your chat history to a third-party cloud-based service (like Google Drive or iCloud).
end-to-end encrypt your chat history with a randomly generated encryption key or password you create. You can upload these encrypted backups of your chat history to a third-party cloud-based service (like Google Drive or iCloud).
using an encryption key or your password to retrieve an encryption key to decrypt your backed-up chat history.
For allowing you to create, access and restore backups and encrypted backups:
To ensure safety, security, and integrity of our Services. We use information we have and apply automated data processing techniques and, in some instances, conduct manual (human) review to:
verify accounts on an ongoing basis, and check that user sign-ups are genuine.
log events and aggregated counts about community, group and user actions on our Services (like the number of groups joined) and related sequences like patterns in registration and repetitive or identical User Reports to identify and investigate suspicious users, threats to the security of our Services or where a fake WhatsApp app or an imitation of our Services is being used.
investigate and address violations of our Terms. For example, we may ban your account when we learn that you are engaged in infringing activities.
detect, prevent and combat harmful or unlawful behaviour which threatens the security of our users' information or the Service, such as to combat scraping by bad actors at scale, or our efforts to detect and prevent spam.
collect app verification information from anti-abuse services to aid our efforts to e.g. prevent malicious actors from trying to take over your account.
To ensure the safety, security and integrity of our Services:
Transfer, store or process your information outside the European Economic Area. As the WhatsApp service operates globally, with users and businesses around the world, we need to share information we collect globally, both internally within the Meta Companies and where the data centers we rely on are located and externally with our Third-Party Service Providers. We carry out necessary transfers outside the European Economic Area, including to the United States and other countries to:
operate and provide our Services. We also allow you to share information and connect with your family and friends around the globe; and
allow us to fix, analyse and improve our Services.
Communicate with you on Services-related issues, we:
identify relevant Service-related notifications for you, send them to you on WhatsApp and keep a log when you have received the notification. For example, when our Terms are updated we’ll provide a notification about the update (as appropriate).
For sending you notifications or updates about our Services:
The other legal bases we rely on when processing your information and the circumstances in which we rely on them are set out below:
We process information for the purposes described below when you have given us your consent to enable particular product features in your device-based settings. The categories of information used and why and how it’s processed are set out below:
Why And How We Process Your Information
Information Categories Used
For collecting information through the device-based settings which you have enabled, for example:
sharing your device’s Precise Location Information if you choose to use our location-related features. You can share your current location with, or send your live location to your contacts or view a nearby place on your map. When your live location is being shared, the live location control in your privacy settings shows which chats your live location is being shared in. Precise Location Information which you share in your chats is end-to-end encrypted which means that it cannot be seen by WhatsApp.
accessing your camera and / or photo gallery if you choose to share photos or media with your WhatsApp contacts or use optional features like avatars. Photos and media that you share in your personal chats are end-to-end encrypted.
We process information to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request. Examples of Irish and EU laws that could give rise to a legal obligation requiring us to process information are set out below. New laws may be enacted or other obligations may become binding on our processing and we will update the list of laws from time to time.
Why And How We Process Your Information
Information Categories Used
The actual information used depends on the specific legal obligation, but could include any of the following:
For processing information when we comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others or to implement appropriate security measures. For example, a search warrant or production order from Irish law enforcement to provide information in relation to an investigation, such as your profile picture or IP address.
Examples of Irish and EU laws enforceable in Ireland are laws that could give rise to an obligation requiring us to process information we hold about you are:
Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
Criminal matters: to comply with requests from Irish law enforcement to provide data in relation to an investigation, such as under Section 10 of the Criminal Justice (Miscellaneous Provisions) Act 1997 as amended by 6(1)(a) of the Criminal Justice Act 2006 or to take steps to report information to law enforcement where required.
Consumer matters: to comply with our obligations under consumer law such as the Competition and Consumer Protection Act 2014 such as where the Irish Competition and Consumer Protection Commission requests information.
Corporate and taxation matters: to comply with our obligations under companies legislation and tax law such as the Companies Act 2014 such as where the Irish Revenue requests information.
Regulatory matters: to comply with our obligations to engage with regulators, such as the Data Protection Commission under the General Data Protection Regulation and the Data Protection Act 2018.
Information security: to implement appropriate technical and organisational security measures, such as under the General Data Protection Regulation, EU Directive 2002/58/EC and the European Electronic Communications Code established under Directive (EU) 2018/1972.
See here for the current list of laws which are enforceable in Ireland that give rise to a legal obligation for WhatsApp which results in the processing of information. New laws may be enacted or other obligations may become binding on our processing of your information which may require us to process your information and we will update this list from time to time.
Protection Of Your Vital Interests Or Those Of Another Person
Why And How We Process Your Information
Information Categories Used
The actual information used depends on the factual circumstances, but could include any of the following:
For protecting your vital interests or those of another person.
We apply automated processing techniques and conduct manual (human) review. We share information with law enforcement and others, in circumstances where someone’s vital interests require protection, such as in the case of emergencies. These vital interests include protection of your or someone else’s life, physical or mental health, wellbeing or integrity or that of others.
In protecting such vital interests we aim to combat harmful conduct and promote safety, integrity and security. For example, we investigate reports of harmful conduct and take appropriate action, such as taking action on user accounts (e.g. banning them) or sharing information with relevant authorities, where there is a risk of imminent harmful conduct such as an attack or where a person’s safety is at risk. We also compare profile pictures, community and group pictures and reported images against a database of known hashed child sexual abuse material (CSAM) and use a combination of automated processing techniques and human review to detect previously unknown CSAM in these images. If we detect apparent CSAM, we report it to the National Center for Missing & Exploited Children (learn more about how we work to help fight child exploitation here).
We rely on our legitimate interests or the legitimate interests of a third-party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"):
Why And How We Process Your Information
Legitimate Interests Relied On
Information Categories Used
Business intelligence and analytics:
we count users and events for reporting to identify how many users WhatsApp has (and similar metrics) so we can share these metrics with affiliates, regulators and the public. This includes metrics like how many unique users WhatsApp has across the Meta Companies by establishing which of our users don't use other Meta apps.
validate metrics and analyse the feedback you provide (e.g. via surveys), to understand how and how often our Services are used, and how this compares to usage across the Meta Companies, to gain insights, inform business planning and forecasting.
In our interest to measure the use of our Services and count the people who interact with the WhatsApp services in order to inform business decisions and to enable provision of accurate and reliable reporting.
We preserve and share information with others including law enforcement and to respond to legal requests.
This includes responding to legal requests where we are not compelled by applicable law but have a good faith belief it is required by law in the relevant jurisdiction or sharing information with law enforcement or industry partners/peers such as other online platforms and technology companies to combat abusive or illegal behaviour. For example, we preserve a snapshot of user information when requested by law enforcement where necessary for the purposes of an investigation.
We may also report illegal or infringing content to law enforcement, government or other authorities.
It is in our interest and in the interest of WhatsApp users to prevent and address fraud, unauthorised use of WhatsApp, violations of our Terms and policies, or other harmful or illegal activity.
It is in our interest to protect ourselves (including our rights, personnel, property or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
The general public and industry partners/peers such as other online platforms and technology companies have a legitimate interest in having abusive or illegal behaviour investigated and combated.
The actual information used depends on the factual circumstances, but could include any of the following:
We preserve and share information when we seek legal advice or seek to protect ourselves in the context of litigation and other disputes. This includes matters such as violations of our Terms and policies.
It is in our interest and in the interest of WhatsApp users to respond to complaints, prevent and address fraud, unauthorised use of WhatsApp, violations of our Terms and policies, or other harmful or illegal activity.
It is in our interest to seek legal advice and protect ourselves (including our rights, personnel, property or products), our users or others, including as part of investigations or regulatory inquiries and litigation or other disputes.
The actual information used depends on the factual circumstances, but could include any of the following:
To promote safety, integrity and security outside of the performance of our contract with you. We use information we have and apply automated data processing techniques and, in some instances, conduct manual (human) review to:
log User Reports, user’s feedback about other users, aggregated events and actions to identify and understand the techniques being used by the bad actors that may interfere with the Services, including your use of the Services.
identify, analyse and investigate patterns of suspicious, harmful or fraudulent behaviour like scams or other potential violations of our policies and Terms. We may ban your account when we learn that you are engaged in infringing activities.
check to ensure that User Reports are genuine and that community or group name, description or profile picture comply with WhatsApp’s Terms and policies.
invite you to take surveys or provide feedback and analyse your responses to resolve issues.
in limited circumstances request a copy of your id documentation or other authentication information, or ask that you take certain actions to verify you are the true owner of a specific WhatsApp account.
It is in our interest and in the interest of WhatsApp users to secure WhatsApp systems, user's accounts, and fight threats, abuse, or infringement activities and promote safety, integrity and security on the Services. It is also in our interest to ensure our Services are used in accordance with the Terms.
It is in our interest to ensure our Services are used in accordance with the Terms and policies.
For ensuring the safety, security and integrity of our Services:
To improve the WhatsApp Service by developing new features or updating existing features, we:
generate and validate metrics to understand how and how often our Services are used and how this compares to usage across the Meta Companies, in order to inform and improve product direction and development and forecast future adoption of the service or features.
undertake experiments to evaluate the impact of new features.
invite you to take surveys or provide feedback and analyse your responses to gain insights into users’ views (for example, about the Service and Meta Companies).
It is in our interest and in the interest of WhatsApp users to evaluate the use of the services and adoption of new features to inform the development of future features and improve product direction and development.
Under applicable data protection law, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information.
This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are pursuing our legitimate interests or those of a third-party. We will consider several factors when assessing an objection including: your reasonable expectations; the benefits and risks to you, us, other users, third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportionate effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
You have the right to object to and restrict our processing of your information. To submit an objection use this form and select “How can I make an objection to the processing of my information”. Learn more about submitting an objection and the way we use your information by going here. If we use your information for direct marketing, you can always object and opt out of future direct marketing messages using the unsubscribe link in such communications, or by using our in-app "block" feature.
You can access or port your information using our in-app Request Account Info feature (available by tapping your profile photo to go to your settings > Account). You can access tools to rectify, update, and delete your information directly in-app as described in the Retention of Your Information section.
When we process information you provide to us based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, visit your device-based settings or in-app settings.
You have the right to lodge a complaint with WhatsApp's lead supervisory authority under the GDPR, the Irish Data Protection Commission, or any other competent data protection supervisory authority.
The nature of the information and why it is collected and processed. The length of time we will keep your information will generally be determined by how long we need that information to provide you with our Services, including any optional features you use and to provide customer support.
As described above, we require certain of Your Account Information to deliver our Services. We need to keep it for the lifetime of your account so that we can maintain your account.
In certain cases, we need to keep your information for longer for legal reasons as described under the Legal Reasons section below.
Legal Reasons. In certain cases, we also keep your information for legal reasons, including after your account has been deleted.
We keep your information:
To respond to a legal request or to comply with applicable law when we have a legal obligation to retain information. For example, if we receive a valid legal request, such as a preservation order or search warrant, related to your account, we preserve your information after you delete your account.
To deal with and resolve requests and complaints. For example, we generally retain correspondence relating to data subject requests under GDPR for a year, in case those requests are not resolved and this correspondence is required in order to handle any resulting complaints. In such cases, the correspondence is then retained while those complaints are being resolved.
For litigation or regulatory matters. For example, we preserve your information where it is reasonably necessary for reasons related to a legal claim or complaint, such as where we are subject to a regulatory investigation or we need to defend ourselves in legal proceedings about a claim related to your information or respond to a regulator in relation to a complaint made by you or someone else.
Issues relating to the safety, security and integrity of our Services and to protect rights, property and users. For example, we keep information where it is necessary to investigate misuse of our Services, such as spam and other bad experiences. If we disable an account for violating our Terms, we also preserve information about that user for safety, security and integrity purposes.
The actual information that we keep and how long we keep it for depends on the nature of the reason in question.
Operational Retention Needs. We need to store information in certain cases for operational needs. For example, if a message cannot be delivered immediately, we keep it in encrypted form on our servers for up to 30 days as we try to deliver it. We also store information where necessary for troubleshooting and debugging issues with the Services. We keep the information that we store for this purpose for up to 90 days, provided longer storage is not necessary for investigating and resolving a specific issue, or for legal reasons.
Messaging. We retain the information that we process to convey your messages or calls (which includes information like your phone number, the time and date you make a call or send a message, or the duration of your calls) in accordance with the specific rules and requirements under the EU Directive 2002/58/EC, where applicable, as long as it is needed for transmitting the communication, operating our Services, ensuring the safety and security of our Services, or to comply with legal obligations under applicable law. When we do not need the information for any of these purposes anymore, we delete or anonymise it.
What Happens To Your Information When Your Account Is Deleted? When you delete your WhatsApp account or when it is deleted as a result of inactivity (see About inactive account deletion for information on inactive accounts), we delete the information we have about you, apart from the information listed below which we retain in limited circumstances.
Deleted Information. Your Account Information and any undelivered messages to you are deleted from our servers. You will be removed from all WhatsApp communities and groups. Note that for technical reasons it takes up to 90 days from the beginning of the deletion process to delete or de-identify your WhatsApp information. Copies of your information may also remain after the 90 days for a limited time in the backup storage that we use to recover lost information in the event of a disaster, software error, or other information loss event.
Information We Retain After Your Account is Deleted.
If we are analysing or investigating a security incident, in order to maintain the security of our Services, we need to retain Log and Troubleshooting Information associated with the incident that we are reviewing past the normal 90 day deletion period.
Copies of certain log records remain in our database but are disassociated from personal identifiers which are used for example to measure performance, reliability and efficiency and to operate and improve our Services.
Your account initially was linked to these records by a randomly generated identifier. To disassociate this information when your account is deleted, we delete the link between this identifier and your account as part of the account deletion process.
Copies of your information may also be retained for legal reasons after you delete your account in the circumstances described. The information that may be retained and length of time we need to retain it will depend on the specific legal reason we need to retain it for.
If you would like to manage, change, limit, or delete your information, you can do that through the following tools:
Settings. You can change your settings to manage certain information available to other users. You can manage your contacts, groups, and broadcast lists, or use our "block" feature to manage who you communicate with on our Services.
Changing Your Mobile Phone Number, Profile Name And Picture, And "About" Information. If you change your mobile phone number you must update it using our in-app change number feature and transfer your account to your new mobile phone number. You can also change your profile name, profile picture, and "about" information at any time.
Deleting Your WhatsApp Account. You can delete your WhatsApp account at any time using our in-app delete my account feature in your in-app settings. Once you initiate the deletion process for your account, that account can no longer be used (i.e. you cannot log in or re-register or access any content (including message history) as it will be deleted). See Deleting Your Information section for more detail on what happens to your information when you delete your account.
Be mindful that if you only delete WhatsApp from your device without selecting the in-app delete my account option in your in-app settings, the Information We Collect will be stored on our servers for a longer period. WhatsApp accounts are generally deleted after 120 days of inactivity. Users are not alerted when this occurs. See our Help Center article About inactive account deletion for more information.
Please remember that when your account is deleted, it does not affect your information related to the communities or groups you created (such as community or group names), or the information other users have relating to you, such as their copy of the messages you sent them.
respond pursuant to applicable law or regulations, court orders, legal process, or government requests. For example, sharing with regulators, law enforcement, or other government agencies in response to legal requests or sharing with civil litigants pursuant to court orders;
detect, investigate, prevent, or address fraud and other illegal activity or security and technical issues. For example, we access and share information with law enforcement, other government agencies, or industry partners such as other online platforms and technology companies to identify and prevent bad actors using our Services for illegal purposes; or
protect the rights, property and safety of our users, WhatsApp, the Meta Companies, or others, including to prevent death or imminent bodily harm. For example, sharing with law enforcement, in emergency situations where we learn that a person’s life is at risk.
The processing we carry out will depend on the circumstances. Further information on the different categories of information affected and the legal bases we rely on is set out in the How and Why We Process Your Information and Our Legal Basis for Processing section under the Processing necessary to perform our contract with you, Compliance with a Legal Obligation, Protection of Your Vital Interests or Those of Another Person and Legitimate Interests headings.
Transferring information outside the EEA as part of Our Global Operations
Why is information transferred to countries outside of the European Economic Area and where?
How do we safeguard your information?
When information controlled by WhatsApp is transferred or transmitted to, or stored and processed in, the United States or other third countries outside of the European Economic Area, we rely on the following transfer mechanisms:
Adequacy Decisions: We rely on decisions from the European Commission where they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal information. These decisions are referred to as “adequacy decisions”. We transfer Your Account Information, Device and Connection Information, Usage Information and User Choices (see Information We Collect) from the European Economic Area to Israel in reliance on the European Commission’s adequacy decision for Israel.
While transfers to countries that don’t have an adequacy decision typically take place on the basis of the standard contractual clauses, in certain circumstances, transfers can also take place on the basis of exemptions provided for under data protection law. For example, sharing with law enforcement, in emergency situations where we learn that a person’s life is at risk.
If you have any questions about the standard contractual clauses you can contact us.