Messaging App Privacy Grades
4 companies analysed · Sorted by privacy score
End-to-end encryption is not the whole story. Most messaging apps encrypt message content, which means the company cannot read what you send. What varies enormously is the metadata they collect: who you message, how often, when, your contact list, your location, and your device fingerprint. Signal leads this category by a significant margin — not because of its encryption (WhatsApp uses the same protocol) but because of how little metadata it retains.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | A | 87/100 | Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encrypt…Signal is a nonprofit that genuinely cannot read your messages or listen to your calls — the encryption is architectural, not a promise — but it requires a real phone number to register, is subject to US law, and its privacy policy is conspicuously sparse: it hasn't been substantively updated since 2018 and lacks the specific retention periods, GDPR rights, or DPO contact that more thorough policies provide. | → | |
| 2 | C+ | 62/100 | Zoom explicitly won't use your meeting, chat, or video content to train AI models — a meaningful com…Zoom explicitly won't use your meeting, chat, or video content to train AI models — a meaningful commitment for a communications platform. But your employer or meeting host can access everything you say, record, and type, and Zoom shares data with advertising and analytics partners. The privacy story is split: strong on AI and content use, weaker on employer surveillance and ad-tech. | → | |
| 3 | C+ | 58/100 | Discord collects your messages, activity, device data, and behavioural signals, and uses them for pe…Discord collects your messages, activity, device data, and behavioural signals, and uses them for personalisation and sponsored content targeting — but it doesn't sell your data, encrypts voice and video end-to-end, and gives you genuine in-app controls over most processing. The biggest risks are public server content being used to train AI systems and third-party bots operating largely outside Discord's privacy guarantees. | → | |
| 4 | D | 35/100 | WhatsApp's end-to-end encryption genuinely protects your message content, but everything around it —…WhatsApp's end-to-end encryption genuinely protects your message content, but everything around it — who you talk to, when, how often, your contacts, your device — flows to Meta and is used to build ad profiles across Facebook and Instagram. You can't opt out of the Meta data sharing and still use the app. | → |
How we grade·Each company is scored 0–100 across four pillars: data collection, third-party sharing, user controls, and policy promises. The overall grade maps to the score band. → Read the full methodology