Messaging App Privacy Grades
4 companies analysed · Sorted by privacy score
End-to-end encryption protects message bodies, but it does not erase the graph of who talks to whom, when, and from which devices—metadata that courts and advertisers have long treated as highly revealing. Some apps sync entire address books to the cloud, log IP and device fingerprints, or fuse chat behaviour with parent-company ad profiles; others cap logs, use privacy-preserving contact discovery, or avoid an ads business altogether. Enterprise or “business” tiers can add another layer—archiving, e-discovery, and admin visibility—that personal users easily miss. When comparing products, look for explicit retention periods, clarity on voice and media backups, and whether linking to a social graph is optional. Our rankings weight collection and sharing of metadata as heavily as the encryption headline. Full scoring rules are explained on the About page.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | A | 87/100 | Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encrypt…Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encryption is architectural, not a promise — but it requires a real phone number to register, is subject to US law, and its privacy policy is conspicuously sparse: it hasn't been substantively updated since 2018 and lacks the specific retention periods, GDPR rights, or DPO contact that more thorough policies provide. | → | |
| 2 | C+ | 62/100 | Zoom explicitly won't use your meeting, chat, or video content to train AI models — a meaningful com…Zoom explicitly won't use your meeting, chat, or video content to train AI models — a meaningful commitment for a communications platform. But your employer or meeting host can access everything you say, record, and type, and Zoom shares data with advertising and analytics partners. The privacy story is split: strong on AI and content use, weaker on employer surveillance and ad-tech. | → | |
| 3 | C+ | 58/100 | Discord collects your messages, activity, device data, and behavioural signals, and uses them for pe…Discord collects your messages, activity, device data, and behavioural signals, and uses them for personalisation and sponsored content targeting — but it doesn't sell your data, encrypts voice and video end-to-end, and gives you genuine in-app controls over most processing. The biggest risks are public server content being used to train AI systems and third-party bots operating largely outside Discord's privacy guarantees. | → | |
| 4 | D | 35/100 | WhatsApp's end-to-end encryption genuinely protects your message content, but everything around it —…WhatsApp's end-to-end encryption genuinely protects your message content, but everything around it — who you talk to, when, how often, your contacts, your device — flows to Meta and is used to build ad profiles across Facebook and Instagram. You can't opt out of the Meta data sharing and still use the app. | → |