whatsapp.com privacy policy — score 45/100 (high risk)

Último análisis

El contenido del informe (resumen, hallazgos, citas) se generó en inglés y no está localizado.

Ejecutar un nuevo análisis en otra política

WhatsApp LLC · whatsapp.com

Detalles del informe

high riesgo

WhatsApp collects extensive metadata on your usage and device and shares it widely across Meta's family of companies, making it a concerning privacy choice despite its end-to-end encrypted messaging.

While WhatsApp provides end-to-end encryption for message content, the policy reveals massive metadata collection and broad data sharing with Meta companies for purposes including marketing and product improvement. The policy lacks transparency on international transfer safeguards and is entirely silent on AI training practices. For EU users, the reliance on WhatsApp Ireland Limited offers some GDPR coverage, but the global data flows and Meta integration present significant privacy risks.

Último análisis
FuenteURL
Longitud33,851 caracteres

Evaluación por categoría

Desglose de la política en las principales áreas de cumplimiento. Bueno = sólido, regular = mixto, deficiente = preocupante.

Data Minimizationpoor

Collects extensive metadata (battery level, signal strength, online status, interaction frequency) far beyond what is strictly necessary to deliver a messaging service.

Transparencyfair

The policy is clearly written and structured, but obscures the sheer volume of Meta sharing behind broad phrases like 'operate, provide, improve... and market.'

Third-party Sharingpoor

Data is broadly shared across the Meta family of companies for marketing and ad targeting purposes, and with unspecified third-party service providers.

International Transferspoor

Explicitly transfers data to the US and globally but completely omits mentioning the legal safeguards or transfer mechanisms used to protect EU data subjects.

AI/Model Trainingpoor

The policy is entirely silent on whether user data or metadata is used to train AI or machine learning models.

User Rightsfair

Basic rights like access and deletion are mentioned with in-app tools, but the policy lacks a comprehensive, explicit list of GDPR rights (like restriction, objection) and how to exercise them.

Hallazgos clave

Cláusulas destacadas, problemas o buenas prácticas detectadas (críticos primero)

Crítico

Broad Meta Data Sharing

The policy allows extensive data sharing with other Meta Companies for purposes beyond just providing the service, including marketing and showing relevant ads across Meta products, which raises serious GDPR proportionality concerns.

Crítico

Extensive Metadata Collection

Despite end-to-end encryption for message content, WhatsApp collects a vast amount of metadata (device info, usage logs, location, identifiers) which creates a detailed profile of the user's behavior and interactions.

Crítico

Vague International Transfer Safeguards

The policy admits to transferring data globally, including to the US, but fails to specify the legal mechanisms (like Standard Contractual Clauses) used to ensure EU-level data protection during these transfers.

Advertencia

Third-Party Contact Upload

The policy states users can upload their address books, meaning non-users' phone numbers are processed without their direct consent, although WhatsApp claims it manages this so individuals cannot be identified.

Resumen para el usuario

Your messages are private, but everything around them—who you talk to, when, how often, on what device, and where you are—is collected and shared with Meta to profile you and target ads across their platforms.

Postura de cumplimiento

The policy attempts to comply with GDPR by routing EEA users through WhatsApp Ireland Limited, but the broad data sharing with Meta companies and global transfers without explicit mention of safeguards like Standard Contractual Clauses represent substantial compliance gaps under EU law.

Transferencias en la UE

The policy explicitly states data is transferred to the US and globally using Meta's infrastructure, but fails to mention the legal mechanisms (like SCCs) used to legitimize these transfers post-Schrems II, which is a major red flag for EU compliance.

Señales detectadas

Datos y prácticas específicas identificadas en el texto

Datos recopilados
Mobile phone numberProfile nameProfile pictureAbout informationMessages (temporarily up to 30 days if undelivered)Address book contactsStatus informationPayment and transaction dataCustomer support communicationsUsage and log informationDevice and connection informationLocation informationCookie data
Finalidades del tratamiento
Providing and improving servicesSafety, security, and integrityMarketing for WhatsApp and Meta CompaniesCommunicating with businessesPersonalizing features and contentShowing relevant offers and ads across Meta Company Products
Cesión a terceros
Other Meta Companies (Facebook, Instagram, etc.)Third-party service providersBusinesses on WhatsAppLaw enforcement and government requests
Transferencias internacionales
United StatesCountries where Meta affiliates are locatedCountries where service providers are locatedGlobal transfers for service provision

Fragmentos de evidencia

Citas directas de la política que respaldan estos hallazgos

We are one of the Meta Companies. You can learn more further below in this Privacy Policy about the ways in which we share information across this family of companies.

We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services...)

Your information may, for example, be transferred or transmitted to, or stored and processed in, the United States; countries or territories where the Meta Companies’ affiliates and partners... are located

You can use the contact upload feature and provide us, if permitted by applicable laws, with the phone numbers in your address book on a regular basis, including those of users of our Services and your other contacts.

Ausente o poco claro

  • No mention of whether user data is used for AI or machine learning model training
  • No specific reference to the legal basis for international data transfers (e.g., SCCs or adequacy decisions) required under GDPR
  • No clear explanation of the specific categories of third-party service providers or a link to a subprocessor list
  • No explicit mention of the right to restrict processing or the right to object to profiling beyond the 'delete account' option

Preguntas que hacer

  • What specific legal mechanism (e.g., Standard Contractual Clauses) does WhatsApp rely on to lawfully transfer EU user data to the United States?
  • How can users explicitly opt out of their metadata being used for marketing or ad targeting across the broader Meta Company Products?
  • Is any user data or metadata used to train AI or machine learning models, and if so, how can users object?
  • What exact data points are shared with other Meta companies when a user simply opens the app, versus when they actively use a feature?
Este análisis lo genera la IA y no constituye asesoramiento legal. Consulta siempre a un profesional jurídico cualificado para decisiones de cumplimiento.

Compartir este análisis

Cualquiera con este enlace puede ver el resultado anterior.

Creado por DentroChat

Chat de IA 100 % europeo para todos

Chatea con la IA, trabaja con archivos, genera imágenes y busca en la web. Los datos permanecen en Europa.

Infraestructura alojada en la UETexto, archivos, imágenes y búsqueda webModos Rápido, Reflexión y CreativoPrivacidad por defectoNingún dato sale de Europa
Probar gratis →