whatsapp.com privacy policy — score 45/100 (high risk)

Última análise

O conteúdo do relatório (resumo, conclusões, citações) foi gerado em inglês e não está localizado.

Executar uma nova análise noutra política

WhatsApp LLC · whatsapp.com

Detalhes do relatório

high risco

WhatsApp collects extensive metadata on your usage and device and shares it widely across Meta's family of companies, making it a concerning privacy choice despite its end-to-end encrypted messaging.

While WhatsApp provides end-to-end encryption for message content, the policy reveals massive metadata collection and broad data sharing with Meta companies for purposes including marketing and product improvement. The policy lacks transparency on international transfer safeguards and is entirely silent on AI training practices. For EU users, the reliance on WhatsApp Ireland Limited offers some GDPR coverage, but the global data flows and Meta integration present significant privacy risks.

Última análise
FonteURL
Comprimento33,851 caracteres

Avaliação por categoria

Repartição da política pelas principais áreas de conformidade. Bom = sólido, razoável = misto, fraco = preocupante.

Data Minimizationpoor

Collects extensive metadata (battery level, signal strength, online status, interaction frequency) far beyond what is strictly necessary to deliver a messaging service.

Transparencyfair

The policy is clearly written and structured, but obscures the sheer volume of Meta sharing behind broad phrases like 'operate, provide, improve... and market.'

Third-party Sharingpoor

Data is broadly shared across the Meta family of companies for marketing and ad targeting purposes, and with unspecified third-party service providers.

International Transferspoor

Explicitly transfers data to the US and globally but completely omits mentioning the legal safeguards or transfer mechanisms used to protect EU data subjects.

AI/Model Trainingpoor

The policy is entirely silent on whether user data or metadata is used to train AI or machine learning models.

User Rightsfair

Basic rights like access and deletion are mentioned with in-app tools, but the policy lacks a comprehensive, explicit list of GDPR rights (like restriction, objection) and how to exercise them.

Conclusões principais

Cláusulas relevantes, problemas ou boas práticas identificadas (críticas primeiro)

Crítico

Broad Meta Data Sharing

The policy allows extensive data sharing with other Meta Companies for purposes beyond just providing the service, including marketing and showing relevant ads across Meta products, which raises serious GDPR proportionality concerns.

Crítico

Extensive Metadata Collection

Despite end-to-end encryption for message content, WhatsApp collects a vast amount of metadata (device info, usage logs, location, identifiers) which creates a detailed profile of the user's behavior and interactions.

Crítico

Vague International Transfer Safeguards

The policy admits to transferring data globally, including to the US, but fails to specify the legal mechanisms (like Standard Contractual Clauses) used to ensure EU-level data protection during these transfers.

Aviso

Third-Party Contact Upload

The policy states users can upload their address books, meaning non-users' phone numbers are processed without their direct consent, although WhatsApp claims it manages this so individuals cannot be identified.

Resumo para o utilizador

Your messages are private, but everything around them—who you talk to, when, how often, on what device, and where you are—is collected and shared with Meta to profile you and target ads across their platforms.

Postura de conformidade

The policy attempts to comply with GDPR by routing EEA users through WhatsApp Ireland Limited, but the broad data sharing with Meta companies and global transfers without explicit mention of safeguards like Standard Contractual Clauses represent substantial compliance gaps under EU law.

Transferências UE

The policy explicitly states data is transferred to the US and globally using Meta's infrastructure, but fails to mention the legal mechanisms (like SCCs) used to legitimize these transfers post-Schrems II, which is a major red flag for EU compliance.

Sinais detetados

Dados e práticas específicas identificadas no texto

Dados recolhidos
Mobile phone numberProfile nameProfile pictureAbout informationMessages (temporarily up to 30 days if undelivered)Address book contactsStatus informationPayment and transaction dataCustomer support communicationsUsage and log informationDevice and connection informationLocation informationCookie data
Finalidades do tratamento
Providing and improving servicesSafety, security, and integrityMarketing for WhatsApp and Meta CompaniesCommunicating with businessesPersonalizing features and contentShowing relevant offers and ads across Meta Company Products
Partilha com terceiros
Other Meta Companies (Facebook, Instagram, etc.)Third-party service providersBusinesses on WhatsAppLaw enforcement and government requests
Transferências internacionais
United StatesCountries where Meta affiliates are locatedCountries where service providers are locatedGlobal transfers for service provision

Fragmentos de evidência

Citações diretas da política que suportam estas conclusões

We are one of the Meta Companies. You can learn more further below in this Privacy Policy about the ways in which we share information across this family of companies.

We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services...)

Your information may, for example, be transferred or transmitted to, or stored and processed in, the United States; countries or territories where the Meta Companies’ affiliates and partners... are located

You can use the contact upload feature and provide us, if permitted by applicable laws, with the phone numbers in your address book on a regular basis, including those of users of our Services and your other contacts.

Em falta ou pouco claro

  • No mention of whether user data is used for AI or machine learning model training
  • No specific reference to the legal basis for international data transfers (e.g., SCCs or adequacy decisions) required under GDPR
  • No clear explanation of the specific categories of third-party service providers or a link to a subprocessor list
  • No explicit mention of the right to restrict processing or the right to object to profiling beyond the 'delete account' option

Perguntas a fazer

  • What specific legal mechanism (e.g., Standard Contractual Clauses) does WhatsApp rely on to lawfully transfer EU user data to the United States?
  • How can users explicitly opt out of their metadata being used for marketing or ad targeting across the broader Meta Company Products?
  • Is any user data or metadata used to train AI or machine learning models, and if so, how can users object?
  • What exact data points are shared with other Meta companies when a user simply opens the app, versus when they actively use a feature?
Esta análise é gerada por IA e não constitui aconselhamento jurídico. Consulte sempre um profissional jurídico qualificado para decisões de conformidade com o RGPD.

Partilhar esta análise

Qualquer pessoa com esta ligação pode ver o resultado acima.

Criado pela DentroChat

Chat de IA 100% europeu para todos

Converse com IA, trabalhe com ficheiros, gere imagens e pesquise na web. Os dados permanecem na Europa.

Infraestrutura alojada na UETexto, ficheiros, imagens e pesquisa webModos Rápido, Reflexão e CriativoPrivacidade em primeiro lugarNenhum dado sai da Europa
Experimentar grátis →