Name: Signal Privacy Policy Analysis
Item: Signal
Rating: 87
Author: Privacy Decoded

Question 1

Can Signal read my messages?

Accepted Answer

No — this is a technical guarantee, not a promise. Signal's end-to-end encryption means the company is architecturally incapable of decrypting your messages or call audio. Messages queued for offline devices are stored on Signal's servers in encrypted form Signal cannot read. Message history lives only on your devices. Even under a court order, Signal cannot provide message content — it doesn't have it.

Question 2

What data does Signal actually hold about me?

Accepted Answer

Very little. Signal holds your phone number, the date you registered your account, and the date you last connected to Signal's servers. That's essentially it for identifying data. It also holds technical routing data (encrypted auth tokens, push tokens, keys) necessary to deliver messages to your devices — but this is operational infrastructure, not personal data in any meaningful sense.

Question 3

What happens if police demand my Signal data?

Accepted Answer

Signal has published its responses to legal requests. What they can provide is: your phone number (which you registered with), and the date your account was created and last connected to Signal's servers. That's it. No message content, no contact list, no group memberships, no call records. Signal has demonstrated this publicly in court cases, not just claimed it.

Question 4

Why does Signal need my phone number?

Accepted Answer

Signal uses phone numbers as account identifiers to make it easy to find contacts who also use Signal without exchanging usernames manually. This is the primary privacy trade-off in Signal's design: your phone number links your Signal account to a real-world identity through your phone carrier. Signal has been adding username support to allow users to communicate without sharing phone numbers, partially addressing this. Services like Session eliminate the phone number requirement entirely but sacrifice some usability.

Question 5

Is Signal better than WhatsApp for privacy?

Accepted Answer

Yes — significantly. Both use the Signal Protocol for message encryption (WhatsApp licensed it from Signal). The difference is everything else: WhatsApp is owned by Meta and collects extensive metadata — who you message, how often, your contacts list, device information, location — which feeds Meta's advertising business. Signal is a nonprofit that collects none of that. The messages are equally encrypted; the surrounding data practices are categorically different.

Question 6

Is Signal's privacy policy up to date?

Accepted Answer

This is an honest criticism: Signal's privacy policy was last updated in May 2018 and hasn't been substantively revised since, despite Signal adding major new features and GDPR/CCPA coming into full force. The policy doesn't enumerate GDPR rights, doesn't name a Data Protection Officer, and doesn't specify retention periods for any data category. The product's privacy architecture is excellent — the policy documentation of it has not kept pace.

Signal

Category Breakdown

Frequently asked questions

You might also care about