WhatDoTheyCollect
Back to Home
Telegram logo

Telegram Privacy Summary

telegram.orgLast updated: 08/09/2025
Communication
high Risk

Cloud-based messaging app for secure, high-speed messaging with encrypted secret chats, cross-device cloud sync, public channels, bots, and optional payments.

Quick Summary

Telegram prioritizes user privacy by not using data for ads and offering end-to-end encryption for secret chats. Data is shared with law enforcement only under valid orders.

Why You Should Care About Telegram's Privacy Practices

  • Telegram collects identifying metadata (IP addresses and device IDs) used for security and cross-device features — this is sensitive data for privacy audits.
  • Bots and third-party services can access messages and media when granted permission, enabling potential external data exposure.
  • Live Location and shared location features can broadcast your real-time whereabouts; misuse risks stalking or location-based profiling.
  • Paid posts and transaction records may remain in histories, limiting absolute deletion and affecting long-term privacy and reputation.

Privacy Highlights

What They Collect

  • Account information (phone number, username, profile name, profile picture)
  • User content and files (messages, photos, videos, documents in cloud chats; secret-chat content is end-to-end encrypted)
  • Demographic information (optional birthday)
  • Feedback data (spam reports, abuse reports, moderator reviews)
  • Payment information (shipping info, payment tokens; credit card details handled by third-party payment providers)

How They Share Data

  • Business affiliates (Telegram Group Inc., Telegraph Inc., Telegram FZ-LLC and other group companies)
  • Service providers (data centers in the Netherlands, payment providers, cloud/infra providers)
  • Third-party partners (bot developers, mini app developers, Telegram Business chatbot partners)
  • Translation/transcription providers (may share text/audio with Google or Microsoft for user-requested translation/transcription)

Data Retention

Metadata (IP, devices, username-change history) may be kept for up to 12 months; default inactive-account self-destruction is 18 months (user can change); cloud chat data retained until user deletes it; deleted supergroup edits stored for 48 hours; secret-chat keys not stored and random encrypted blobs are periodically purged

Your Rights

  • Access data (request a copy of personal data and transmit to another controller)
  • Rectify data (amend profile and account data)
  • Erase or limit processing (delete account, delete cloud data, restrict processing)
  • Object to processing (right to object or restrict processing where applicable)

Detailed Analysis

Concerning Practices

  • Shares data with third parties and independent bot developers who may access messages and media when granted permission
  • Collects identifying metadata (IP addresses, device info) and retains some metadata for up to 12 months for security/abuse prevention
  • Transfers data internationally across group companies and multiple jurisdictions (BVI, Dubai, Netherlands data centers)
  • Paid-post transaction copies and some records may remain permanently in transaction history, limiting deletion guarantees for paid content
  • Law enforcement disclosure: may disclose IP address and phone number on valid legal orders (transparency reporting occurs)
  • Limited ability to prevent recipients or bots from further sharing your data once you send it to them (user-controlled sharing risk)

Personal Data Types

Account information (phone number, username, profile name, profile picture) User content and files (messages, photos, videos, documents in cloud chats; secret-chat content is end-to-end encrypted) Demographic information (optional birthday) Feedback data (spam reports, abuse reports, moderator reviews) Payment information (shipping info, payment tokens; credit card details handled by third-party payment providers) Profile information (about info, business opening hours, public profile fields) Sales and marketing data (transaction history for paid posts / Stars) Support data (login emails, two-step verification recovery email, account activity metadata) Browser information and cookies for Telegram Web (login cookies to operate service) Geolocation information (shared locations, Live Location, People Nearby) Service usage information and metadata (IP addresses, device identifiers, app versions, username-change history, aggregated usage) Website usage data (web cookies necessary to use Telegram Web) Information from other users (contacts you sync; names and numbers your contacts provide) Publicly available information (public channel and group posts)

Tracking Methods

Essential cookies / login cookies for Telegram Web (only to operate the web service) IP addresses and device identifiers collected as metadata for security, abuse prevention and cross-device features Aggregated usage analytics (internal, anonymized aggregates used to build features like Suggested Contacts) No advertising cookies or profiling cookies for ad targeting (policy states cookies are not used for profiling or advertising)

Third Parties

Business affiliates (Telegram Group Inc., Telegraph Inc., Telegram FZ-LLC and other group companies) Service providers (data centers in the Netherlands, payment providers, cloud/infra providers) Third-party partners (bot developers, mini app developers, Telegram Business chatbot partners) Translation/transcription providers (may share text/audio with Google or Microsoft for user-requested translation/transcription) Advertising partners (sponsored messages in public channels; advertisers use channel topics rather than user profiles) Government authorities and law enforcement (may disclose IP and phone number in response to valid legal orders)

User Controls

Access data (request a copy of personal data and transmit to another controller) Rectify data (amend profile and account data) Erase or limit processing (delete account, delete cloud data, restrict processing) Object to processing (right to object or restrict processing where applicable) Data portability (request copy and transfer to another controller) Withdraw consent / opt-out controls where provided (disable optional features, stop syncing contacts, clear payment & shipping info) Opt-out of marketing (Telegram states it does not use data for ad targeting; control over sponsored message visibility is limited) Delete account (deactivation page; deleting account removes cloud-stored messages, media and contacts) Revoke bot permissions and manage chatbot access (Settings > Telegram Business > Chatbots) Data settings (Settings > Privacy & Security > Data Settings to control syncing, suggested contacts, clear payment info)

Frequently Asked Questions About Telegram

Want updates when Telegram's privacy policy changes?

We'll notify you when there are significant changes to their data practices.

You'll only receive updates for Telegram. We won't spam you.

Legal Disclaimer

This analysis is provided for informational purposes only and should not be used as legal advice. Consult with legal professionals for matters requiring legal guidance.