Last modified: January 04, 2021 (archived versions)
Please also read WhatsApp's Terms of Service ("Terms"), which describe the terms under which you use and we provide our Services.
WhatsApp must receive or collect some information to operate, provide, improve, understand, customise, support, and market our Services, including when you install, access, or use our Services. The types of information we receive and collect depend on how you use our Services.
We require certain information to deliver our Services and without this we will not be able to provide our Services to you. For example, you must provide your mobile phone number to create an account to use our Services.
Our Services have optional features which, if used by you, require us to collect additional information to provide such features. You will be notified of such collection, as appropriate. If you choose not to provide the information needed to use a feature, you will be unable to use the feature. For example, you cannot share your location with your contacts if you do not permit us to collect your location data from your device. Permissions can be managed through your Settings menu on both Android and iOS devices.
Your Account Information. You must provide your mobile phone number and basic information (including a profile name of your choice) to create a WhatsApp account. If you don’t provide us with this information, you will not be able to create an account to use our Services. You can add other information to your account, such as a profile picture, and "about" information.
Your Messages. We do not retain your messages in the ordinary course of providing our Services to you. Instead, your messages are stored on your device and not typically stored on our servers. Once your messages are delivered, they are deleted from our servers. The following scenarios describe circumstances where we may store your messages in the course of delivering them:
Undelivered Messages. If a message cannot be delivered immediately (for example, if the recipient is offline), we keep it in encrypted form on our servers for up to 30 days as we try to deliver it. If a message is still undelivered after 30 days, we delete it.
Media Forwarding. When a user forwards media within a message, we store that media temporarily in encrypted form on our servers to aid in more efficient delivery of additional forwards.
We offer end-to-end encryption for our Services. End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them. Learn more about end-to-end encryption and how businesses communicate with you on WhatsApp.
Your Connections. You can use the contact upload feature and provide us, if permitted by applicable laws, with the phone numbers in your address book on a regular basis, including those of users of our Services and your other contacts. If any of your contacts aren’t yet using our Services, we’ll manage this information for you in a way that ensures those contacts cannot be identified by us. Learn more about our contact upload feature here. You can create, join, or get added to groups and broadcast lists, and such groups and lists get associated with your account information. You give your groups a name. You can provide a group profile picture or description.
Customer Support And Other Communications. When you contact us for customer support or otherwise communicate with us, you may provide us with information related to your use of our Services, including copies of your messages, any other information you deem helpful, and how to contact you (e.g., an email address). For example, you may send us an email with information relating to our app performance or other issues.
Usage And Log Information. We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo; "about" information; whether you are online; when you last used our Services (your "last seen"); and when you last updated your "about" information.
Device And Connection Information. We collect device and connection-specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information including phone number, mobile operator or ISP, language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account).
Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as Location sharing. Even if you do not use our location-related features, we use IP addresses and other information, like phone number area codes, to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
Information Others Provide About You. We receive information about you from other users. For example, when other users you know use our Services, they may provide your phone number, name, and other information (like information from their mobile address book) just as you may provide theirs. They may also send you messages, send messages to groups to which you belong, or call you. We require each of these users to have lawful rights to collect, use, and share your information before providing any information to us.
You should keep in mind that in general any user can capture screenshots of your chats or messages or make recordings of your calls with them, and send them to WhatsApp or anyone else, or post them on another platform.
User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user. To find out more about what happens when a user report is made, please see "Advanced Safety and Security Features" here.
Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us. When you message with a business on WhatsApp, it’s important to keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage or otherwise process them for the business.
Third-Party Service Providers. We work with third-party service providers and other Facebook Companies to help us operate, provide, improve, understand, customise, support, and market our Services. For example, we work with them to distribute our apps; provide our technical and physical infrastructure, delivery, and other systems; provide engineering support, cybersecurity support, and operational support; supply location, map, and places information; process payments; help us understand how people use our Services; market our Services; help you connect with businesses using our Services; conduct surveys and research for us; ensure safety, security and integrity; and help with customer service. These companies may provide us with information about you in certain circumstances; for example, app stores may provide us with reports to help us diagnose and fix service issues.
The "How We Work With Other Facebook Companies" section below provides more information about how WhatsApp collects and shares information with the other Facebook Companies. You can also learn more in our Help Center how we work with the Facebook Companies.
Third-Party Services. We allow you to use our Services in connection with third-party services and Facebook Company Products. If you use our Services with such third-party services or Facebook Company Products, we may receive information about you from them; for example, if you use the WhatsApp share button on a news service to share a news article with your WhatsApp contacts, groups, or broadcast lists on our Services, or if you choose to access our Services through a mobile carrier's or device provider's promotion of our Services. Please note that when you use third-party services or Facebook Company Products, their own terms and privacy policies will govern your use of those services and products.
We use information we have (subject to choices you make and applicable law) to operate, provide, improve, understand, customise, support, and market our Services. Here's how:
Our Services. We use information we have to operate and provide our Services, including providing customer support, completing purchases or transactions; and improving, fixing, and customising our Services. We also use information we have to understand how people use our Services; evaluate and improve our Services; research, develop, and test new services and features; and conduct troubleshooting activities. We also use your information to respond to you when you contact us.
Safety, Security, And Integrity. Safety, security and integrity are an integral part of our Services. We use information we have to verify accounts and activity; combat harmful conduct, protect users against bad experiences and spam; and promote safety, security and integrity on and off our Services, such as by investigating suspicious activity or violations of our Terms and policies, and to ensure our Services are being used legally. Please see the "Law, Our Rights And Protection" section below for more information.
Communications About Our Services And The Facebook Companies. We use information we have to communicate with you about our Services and let you know about our terms and policies and other important updates. We may provide you marketing for our Services and those of the Facebook Companies. Please see "How You Exercise Your Rights" section for more information.
Business Interactions. We enable you and third parties, like businesses, to communicate and interact with each other using our services such as Catalogs for businesses on WhatsApp where you can browse products and services and place orders. Businesses may send you transaction, appointment, and shipping notifications; product and service updates; and marketing. For example, you may receive flight status information for upcoming travel, a receipt for something you purchased, or a notification when a delivery will be made. Messages you receive from a business could include an offer for something that might interest you. We do not want you to have a spammy experience; as with all of your messages, you can manage these communications, and we will honor the choices you make.
Messaging Metadata. Messaging Metadata consists of information that we process to convey your messages or calls and it includes information such as your user ID and the time you send a message. We use Messaging Metadata to transmit the communication, to operate our Services (including general traffic management and the prevention, detection, investigation and remediation of failures), to ensure the safety and security of our Services (which includes their availability, authenticity, integrity and confidentiality, and in particular the prevention, detection, investigation and remediation of security incidents, spam, vulnerabilities, malware, and unauthorised use or access to the Services), for billing (where applicable), and to comply with legal obligations under applicable law.
You share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customise, support, and market our Services.
Send Your Information To Those With Whom You Choose To Communicate. You share your information (including messages) as you use and communicate through our Services.
Information Associated With Your Account. Your phone number, profile name and photo, "about" information, last seen information, and message receipts are available to anyone who uses our Services, although you can configure your Services settings to manage certain information available to other users, including businesses, with whom you communicate.
Your Contacts And Others. Users, including businesses, with whom you communicate can store or reshare your information (including your phone number or messages) with others on and off our Services. You can use your Services settings and the "block" feature in our Services to manage who you communicate with on our Services and certain information you share.
Businesses On WhatsApp. We offer specific services and features to businesses such as providing them with metrics regarding their use of our services.
Third-Party Service Providers. We work with third-party service providers and other Facebook Companies to help us operate, provide, improve, understand, customise, support, and market our Services. We work with these companies to support our Services, such as to provide technical infrastructure, delivery and other systems; market our Services; conduct surveys and research for us; protect the safety, security and integrity of users and others; and assist with customer service. When we share information with third-party service providers and other Facebook Companies in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms. For further information on how the Facebook Companies help us to operate and provide our Services, see "How We Work With Other Facebook Companies" below. You can also learn more in our Help Center on how we work with the Facebook Companies.
Third-Party Services. When you or others use third-party services or other Facebook Company Products that are integrated with our Services, those third-party services may receive information about what you or others share with them. For example, if you use a data backup service integrated with our Services (like iCloud or Google Drive), they will receive information you share with them, such as your WhatsApp messages. If you interact with a third-party service or another Facebook Company Product linked through our Services, such as when you use the in-app player to play content from a third-party platform, information about you, like your IP address and the fact that you are a WhatsApp user, may be provided to such third-party or Facebook Company Product. Please note that when you use third-party services or other Facebook Company Products, their own terms and privacy policies will govern your use of those services and products.
As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook Companies to promote safety, security and integrity across the Facebook Company Products, e.g., to fight spam, threats, abuse, or infringement activities.
WhatsApp also works, and shares information with the other Facebook Companies who act on our behalf to help us operate, provide, improve, understand, customise, support, and market our Services. This includes the provision of infrastructure, technology, and systems, e.g. for providing you with fast and reliable messaging and calls around the world; improving infrastructure and delivery systems; understanding how our Services are used; helping us provide a way for you to connect with businesses; and securing systems. When we receive services from the Facebook Companies, the information we share with them is used on WhatsApp’s behalf and in accordance with our instructions. Any information WhatsApp shares on this basis cannot be used for the Facebook Companies’ own purposes.
You also have particular rights available to you depending on which legal basis we use, and we've explained these below. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your data. To exercise your rights, see the "How You Exercise Your Rights" section below.
We collect, use, and share the information described in the "Information We Collect" section:
as necessary to operate and provide the messaging and communication services, described in the "Our Services" section of our Terms. Learn more here;
where applicable (including where consent is legally required), if you have given your consent, which you can revoke at any time. Learn more here;
as necessary to comply with legal obligations such as when we are required to respond to a legal request from law enforcement. Learn more here;
when and as necessary, to protect your vital interests, or those of others such as in the event of an emergency where there is a threat to your life or someone else’s. Learn more here;
as necessary for our (or others') legitimate interests, including our interests in providing an innovative, relevant, safe, and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data; for example, to prevent our Services being used for harmful or illegal activity. Learn more here;
where it is necessary in the public interest. Learn more here.
You can learn more here about the ways and purposes for which we process your data and our legal bases for doing so.
We process the data we have about you (as described in the "Information We Collect" section) as necessary to perform our contract with you (the Terms). The categories of data we process will depend on the data you choose to provide and the manner in which you use our Services (which determines the information we collect automatically). The processing purposes necessary to provide our contractual services are:
Why And How We Process Your Data:
To operate, provide, improve, customise, and support our Services as described in the "Our Services" section of our Terms which includes providing ways for you to connect and communicate with other WhatsApp users including businesses. This includes collecting information from you to create a WhatsApp account, connecting you with businesses reachable via WhatsApp, analysing your use of our Services, providing customer support in response to an issue or deleting your data if you choose to close your account.
We use Messaging Metadata for the transmission of the communication; the operation of the Services, including general traffic management and the prevention, detection, investigation and remediation of failures; and for billing, where applicable.
To ensure the safety, security, and integrity of our Services by taking action for example on spammers using multiple accounts. This could involve verifying the data you have provided when you created an account or analysing suspicious activity in connection with your account to prevent our Services from being used illegally.
We use Messaging Metadata to ensure the safety and security of our Services, (which includes their availability, authenticity, integrity and confidentiality, and in particular the prevention, detection, investigation and remediation of security incidents, vulnerabilities, malware and factors that could negatively affect the availability of our Services such as spam or enable unauthorised access to or use of the Services or user devices. To learn more, visit the WhatsApp Security.
To transfer, or transmit to, store or process your data in third countries, including the United States and other countries or territories as explained under "Our Global Operations".
To communicate with you on Services-related issues, such as sending you a notification about an update or to respond to you when you contact us.
The other legal bases we rely on in certain instances when processing your data are set out below:
We process data for the purposes described below when you have given us your consent to do so. We rely on your consent:
Why And How We Process Your Data:
For collecting and using information you allow us to receive through the device-based settings you enable (such as access to your location, camera, or photos), so we can provide the services described when you enable the settings; for example, sharing your device’s precise location information if you are using our location features to share your location with your contacts or accessing your camera or photo gallery if you choose to share photographs or media with your contacts.
Why And How We Process Your Data:
For processing data when we comply with a legal obligation including, for example, if there is a valid legal request for certain data such as an order from law enforcement to provide data in relation to an investigation, such as your name, profile picture or IP address. We will disclose data pursuant to the legal obligation.
Why And How We Process Your Data:
For processing data for protecting your vital interests or those of another person. The vital interests we rely on for this processing include protection of your life, physical integrity, or safety, or that of others, and we rely on it to combat harmful conduct and to promote safety, security and integrity, including, for example, when we are investigating reports of harmful conduct or when someone needs help. This could include the promotion of safety, security, and integrity by providing law enforcement with data in the event of an emergency where it is requested and is necessary to protect a person’s life or safety, for example where there is a risk of imminent harmful conduct such as an attack or where a person’s safety is at risk.
We rely on our legitimate interests or the legitimate interests of a third party where they are not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"):
Why And How We Process Your Data:
For providing measurement, analytics, and other business services where we are processing data as a controller.
Legitimate Interests Relied On:
For providing marketing communications to you.
Legitimate Interests Relied On: The legitimate interests we rely on for this processing are: To promote Facebook Company Products and send direct marketing.
Legitimate Interests Relied On:
To share information with the Facebook Companies to promote safety and security and integrity. See also "How We Work with Other Facebook Companies" for more information.
Legitimate Interests Relied On: To secure systems and fight spam, threats, abuse, or infringement activities and promote safety and security across the Facebook Company Products.
Why And How We Process Your Data:
For undertaking research and to promote safety, security, and integrity as described in more detail under the "How We Use Information" section, where this is necessary in the public interest, as further specified by applicable law (e.g. in European Union law).
We will take steps to ensure that we are transparent, as appropriate, when we undertake processing on this basis.
Under applicable data protection law, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information.
This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest, or pursuing our legitimate interests or those of a third party. We will consider several factors when assessing an objection including: our users' reasonable expectations; the benefits and risks to you, us, other users, third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportionate effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
You can object to our processing of your information and learn more about your options to restrict the way we use your information by going here. Where we use your information for direct marketing, you can always object and opt out of future direct marketing messages using the unsubscribe link in such communications, or by using our in-app "block" feature.
You can access or port your information using our in-app Request Account Info feature (available under Settings > Account). You can access tools to rectify, update, and erase your information directly in-app as described in the "Managing and Retaining Your Information" section.
When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, visit your device-based or in-app settings.
You have the right to lodge a complaint with WhatsApp's lead supervisory authority, the Irish Data Protection Commission, or any other competent data protection supervisory authority.
Legal Obligations And Issues. For example, we also keep your information for legal reasons such as when we have a legal obligation to retain data, to enforce and prevent violations of our Terms or if necessary to protect rights, property and users. Our "Law, Our Rights And Protection" section provides more information on this.
Operational Retention Needs. For example, we do not retain your messages when providing our Services (except in the limited circumstances set out above), and so once your messages are delivered they are deleted from our servers. However, as stated above, if a message cannot be delivered immediately, we keep it in encrypted form on our servers for up to 30 days as we try to deliver it, after which it is deleted.
Deletion of Messaging Metadata. Messaging Metadata is deleted or anonymised when it is no longer needed for transmitting the communication, operating our Services, ensuring the safety and security of our Services, for billing (where applicable), or to comply with legal obligations under applicable law.
If you would like to further manage, change, limit, or delete your information, you can do that through the following tools:
Services Settings. You can change your Services settings to manage certain information available to other users. You can manage your contacts, groups, and broadcast lists, or use our "block" feature to manage who you communicate with on our Services.
Changing Your Mobile Phone Number, Profile Name And Picture, And "About" Information. If you change your mobile phone number you must update it using our in-app change number feature and transfer your account to your new mobile phone number. You can also change your profile name, profile picture, and "about" information at any time.
Deleting Your WhatsApp Account. You can delete your WhatsApp account at any time using our in-app delete my account feature. Once you initiate the deletion process for your account, that account can no longer be used (i.e. you cannot log in or re-register).
When you delete your WhatsApp account, we delete the information we have about you, apart from the information listed below which we retain in limited circumstances.
Deleted Information. Your undelivered messages, your account info and profile photo are deleted from our servers. You will be removed from all WhatsApp groups. Note that it takes up to 90 days from the beginning of the deletion process to delete your WhatsApp information. Copies of your information may also remain after the 90 days for a limited time in the backup storage that we use to recover lost data in the event of a disaster, software error, or other data loss event.
Be mindful that if you only delete the WhatsApp app from your device without using our in-app delete my account feature, your information will be stored with us for a longer period. Please remember that when you delete your account, it does not affect your information related to the groups you created, or the information other users have relating to you, such as their copy of the messages you sent them.
We access, preserve, and share your information described in the "Information We Collect" section, including sharing with regulators, law enforcement, other government agencies, industry partners and others in accordance with the "Our Legal Basis for Processing Data" section if we have a good-faith belief that it is necessary to: (a) respond pursuant to applicable law or regulations, legal process, or government requests; (b) enforce our Terms and any other applicable terms and policies, including for investigations of potential violations; (c) detect, investigate, prevent, or address fraud and other illegal activity or security and technical issues; or (d) protect the rights, property, and safety of our users, WhatsApp, the Facebook Companies, or others, including to prevent death or imminent bodily harm.
Further information on the different legal bases we rely on to carry out this processing depending on the circumstances is set out in the "Our Legal Basis for Processing Data" section, including under the "Provision Of The Services In Accordance With The Terms", "Legitimate Interests" and "Vital Interests" headings.
These transfers are necessary and essential to enable us to provide the Services set forth in our Terms and globally to operate and provide our Services to you. For transfers to third countries, we utilise standard contractual clauses approved by the European Commission (see an explanation of what these are here), or rely on the European Commission's adequacy decisions about certain countries, by which the European Commission recognises that a third country, territory, or one or more specified sectors within that third country ensure an adequate level of protection, or use equivalent mechanisms provided under applicable data protection law, as applicable. For data transfers from the European Economic Area to the United States, we rely on standard contractual clauses.