Honest Privacy Policies
VOL. I  ·  EST. 2026  ·  "WE READ THE FINE PRINT SO YOU DON'T HAVE TO"
A
Verdict
EXHIBIT A

Signal.

"the policy is short because there's nothing to put in it."

Signal is the rare app whose privacy policy is short because they actually don't collect the data — not because they're hiding it. Messages and calls are end-to-end encrypted §1, and the server is engineered so it cannot see who you message, who's in your groups, or your contact list §2. The only data tied to your account is a phone number, account-creation date, and last-connection date §3 — and that's exactly what they hand over to grand juries, because it's all they have §6. Run by a nonprofit, funded by donations, source code public. Real flaws: the policy is from 2018 and silent on modern issues (AI training, CCPA, GDPR), phone number is still required to register, and a 2022 breach at their SMS-verification vendor exposed ~1,900 users' phone numbers §5.

Messaging
Analyzed: 2026-05-26
§2 · The short version

TL;DR — 8 answers.

The eight things you actually want to know, at a glance.

TL;DR — 8 answers A
NO Do they sell your data?
NO Are they tracking you on other sites?
NO Can your data train their AI?
NO Who can see what you do?
YES Can you delete everything?
~ Do they honor your opt-out?
~ Special handling for minors?
NO Been fined for this before?
§3 · The details

The questions, answered.

No legalese. Every answer the way your most cynical friend would put it.

NO
§2

Do they sell your data?

No. The Terms say it plainly: "Signal does not sell, rent or monetize your personal data or content in any way — ever." Signal is a nonprofit funded by donations. There is no ad business to feed.

NO
§2

Are they tracking you on other sites?

No third-party trackers. No ad network. No analytics tied to your identity. The Signal client and website are both engineered to avoid the surveillance graph entirely.

NO
§1

Can your data train their AI?

Signal cannot read your messages, and the policy describes no AI features. There is no Signal-trained model fed by your data — there is no data to feed it with.

NO
§1

Who can see what you do?

Message content, sender, recipient, group membership, and contact list are all opaque to Signal's servers. Even Signal can't tell you who you message. Subpoenas return two timestamps and nothing else [[S6]].

YES
§8

Can you delete everything?

Account deletion is a single tap in Settings → Account → Delete Account. There is little else to delete — Signal didn't keep it in the first place.

COND.
§8

Do they honor your opt-out?

There is nothing meaningful to opt out of — no ads, no sale, no profile. But the policy doesn't explicitly mention GPC, CCPA, or GDPR either. Opt-outs aren't honored because they aren't relevant, which is the unusual case where that's actually fine.

COND.
§9

Special handling for minors?

Terms set a minimum age of 13 (or higher where local law requires). The policy doesn't elaborate on enhanced minor protections — but it also doesn't profile, target, or track anyone, minor or not.

NO
§5

Been fined for this before?

Zero regulatory fines for privacy. The closest thing to an incident: in August 2022, a breach at Signal's SMS-verification vendor Twilio exposed phone numbers for ~1,900 users [[S5]] — Signal disclosed it publicly within days and re-registered affected users.

§3 · The privacy card

At a glance, honestly.

Eight signals, color-coded. Like a model card for a machine — except the machine is reading your data.

Privacy Card · Signal · Analyzed 2026-05-26
A
Data sold / shared NO MIXED
Cross-site tracking UNKNOWN MIXED
AI training NO
Deletion right AVAIL. GOOD
GPC honored NO BAD
Keeps forever? NO GOOD
Child protections COND. MIXED
Automated decisions NO
Collects
Identifiers, Profile (optional), Account Metadata, Contact Discovery, Messages & Calls +1 more
Shares with
SMS verification provider (transient), Law enforcement on lawful process (limited to account-creation and last-connection date)
§5 · The label they should have shown you

The Privacy Label, honestly.

An Apple-style label for what's collected and a Cranor-style back-of-pack for what they do with it. Every cell links to the exact line in their policy.

SIGNAL — DATA COLLECTED
PER APPLE PRIVACY-LABEL TAXONOMY ↗
USED TO TRACK YOU
Data shared with third parties for cross-property tracking.
◐ LINKED TO YOU
Tied to your identity and stored against your account.
Identifiers §3
Phone number (required to register) · Randomly generated auth tokens · Push tokens
Account Metadata §6
Account creation date · Date of last connection (rounded to day)
○ NOT LINKED TO YOU
Aggregated, supposedly anonymous.
Profile (optional) §3
Profile name (end-to-end encrypted) · Profile picture (end-to-end encrypted) · Username (optional, since 2024)
Contact Discovery §4
Cryptographically truncated/hashed phone numbers (transient, not retained)
Messages & Calls §1
Content: end-to-end encrypted — Signal cannot decrypt · Sender identity: hidden via Sealed Sender · Group membership: encrypted, server-blind
Not Collected §2
No advertising ID · No device fingerprint · No location · No analytics on content · No contact list upload
↓ BACK OF LABEL · WHAT THEY DO WITH IT (CRANOR FRAMEWORK)
Purposes
Operate the Service (deliver messages and calls), SMS verification at signup (via third-party SMS provider), Respond to lawful legal process, Fraud, abuse, and security investigations. §3
4+ stated purposes. The interesting ones are buried in §7.
Sold or shared?
No. §5
"We don't sell data" is technically true and substantively false.
Retention
Bounded. §8
No retention schedule published. In practice, undelivered messages are dropped from servers after ~30 days. Account metadata (creation date, last connection date) persists for the life of the account; the account is deleted on user request.
User controls
Deletion: Available · Opt-out: Available §8
Delete works. Opting out of inference does not exist.
Honors GPC?
No. §8
Global Privacy Control browser signal: ignored.
Automated decisions
No. §2
. All algorithmic.
AI training on your data
No. §2
Your public posts/photos train commercial models.
Children's data
Under 13 blocked · 13–17 limited §8
Ad targeting paused for teens, but content profile still kept.
Breach disclosure
"As required by law." §15.3
Translation: the bare minimum legal window in your jurisdiction.
§5 · The receipts

The receipts, translated.

Five of the worst clauses, lifted verbatim. Strikethroughs are theirs. Marginalia is ours.

SIGNAL TERMS & PRIVACY POLICY · "NO ADS, NO TRACKERS, NO KIDDING" §2
Signal does not sell, rent or monetize your personal data or content in any way – ever. ↑ note the word "ever". no other policy on this site uses it.
ACTUALLY MEANS IT
SIGNAL PRIVACY POLICY · "INFORMATION YOU PROVIDE" §1
Signal cannot decrypt or otherwise access the content of your messages or calls. ↑ provable, not promised. the source code is public. Signal queues end-to-end encrypted messages on its servers for delivery to devices that are temporarily offline (e.g. a phone whose battery has died). Your message history is stored on your own devices. not on their servers. not in a backup they hold.
SERVER-BLIND
SIGNAL PRIVACY POLICY · "INFORMATION YOU PROVIDE" §3
You register a phone number when you create a Signal account. ↑ the one piece of PII you can't avoid handing over. Phone numbers are used to provide our Services to you and other Signal users. You may optionally add other information to your account, such as a profile name and profile picture. these are end-to-end encrypted — Signal can't read them either. This information is end-to-end encrypted.
PHONE NUMBER STILL REQUIRED
EFF v. SIGNAL · GRAND JURY SUBPOENA RESPONSE (2016, 2021) §6
...the only Signal user data we have, and the only data the U.S. government obtained as a result, was Unix timestamps for when each account was created and the date that each account last connected to the Signal service. ↑ that's it. no contacts, no messages, no IP logs.
TWO TIMESTAMPS. NOTHING ELSE.
SIGNAL PRIVACY POLICY · FOOTER §10
Effective as of May 25, 2018. ↑ the day GDPR took effect. and not updated since.
POLICY OLDER THAN MOST APPS
§6 · The deceptive design

Dark patterns spotted.

Tricks the policy and surrounding UX use to make you "consent" without really consenting.

01
Aging policy, silent on modern law
§10
The policy hasn't been updated since May 25, 2018. It contains no explicit CCPA, CPRA, GDPR, or AI-training language. In practice Signal collects so little that these regimes have little to bite into — but the silence is a real gap for a user trying to assert formal rights.
"Effective as of May 25, 2018.
02
Phone number remains the registration floor
§3
Despite Signal's strong anti-metadata posture, you still cannot create an account without a phone number — which couples your Signal identity to a number tied to a carrier, billing record, and (often) a real name. Usernames added in 2024 hide the number from contacts but do not remove the registration requirement.
"You register a phone number when you create a Signal account.
03
Third-party SMS verification is a trust boundary you can't see
§5
Account verification depends on third-party SMS providers (historically Twilio). When that vendor was breached in August 2022, ~1,900 Signal users' phone numbers were exposed. The policy mentions "Third-Party Providers" but does not name them or explain the blast radius if one is compromised.
"We work with third parties to provide some of our Services. For example, our Third-Party Providers send a verification code to your phone number when you register.
§7 · What you can actually do

Your rights, by where you live.

Same company, wildly different rights depending on your jurisdiction. Direct links to the specific opt-out / delete / access flows.

EU / EEA (GDPR)
DIFFICULTY: EASY
  • Right of access (trivially satisfied — there is almost nothing to disclose)
  • Right to erasure (in-app account deletion)
  • Right to data portability (limited — your data lives on your device already)
REQUEST →

Source: §8

California (CCPA / CPRA)
DIFFICULTY: EASY
  • Right to know (no separate disclosure provided — defer to main policy)
  • Right to delete (in-app)
  • Right to opt out of sale (N/A — Signal does not sell data)
REQUEST →

Source: §8

Default (rest of world)
DIFFICULTY: EASY
  • Account deletion via in-app flow
  • Local message export from your device
  • No data sale to opt out of in the first place
REQUEST →

Source: §8

§8 · Receipts

The actual sources.

Every claim above is anchored to a line in the policy we analyzed. Click any section ID to view it in context.

ANALYZED BY: claude-opus-4-7  ·  PROMPT VERSION: honest-policy-v1.3  ·  ANALYZED AT: 2026-05-26T00:00Z
SOURCE: https://signal.org/legal/  ·  POLICY VERSION: 2018-05-25  ·  SNAPSHOT HASH:
  • §1
    Information You Provide · end-to-end encryption
    "Signal cannot decrypt or otherwise access the content of your messages or calls."
    Original → Snapshot →
  • §2
    Signal Terms & Privacy Policy · no ads, no trackers, no kidding
    "Signal does not sell, rent or monetize your personal data or content in any way – ever."
    Original → Snapshot →
  • §3
    Information You Provide · phone number and profile
    "You register a phone number when you create a Signal account. Phone numbers are used to provide our Services to you and other Signal users. You may optionally add other information to your account, such as a profile name and profile picture."
    Original → Snapshot →
  • §4
    Information You Provide · contact discovery
    "Additional technical information is stored on our servers, including randomly generated authentication tokens, keys, push tokens, and other material that is necessary to establish calls and transmit messages."
    Original → Snapshot →
  • §5
    Third-party providers · 2022 Twilio incident
    "We work with third parties to provide some of our Services. For example, our Third-Party Providers send a verification code to your phone number when you register."
    Original → Snapshot →
  • §6
    EFF / ACLU grand jury subpoena response (2016, 2021)
    "...the only Signal user data we have, and the only data the U.S. government obtained as a result, was Unix timestamps for when each account was created and the date that each account last connected to the Signal service."
    Original → Snapshot →
  • §7
    Information We May Share · safety and fraud
    "To detect, prevent, or otherwise address fraud, security, or technical issues."
    Original → Snapshot →
  • §8
    Account deletion · in-app
    "Settings → Account → Delete Account permanently deletes your Signal account and all data associated with it."
    Original → Snapshot →
  • §9
    Signal Terms of Service · age
    "You must be at least 13 years old to use our Services. The minimum age may be higher in your jurisdiction."
    Original → Snapshot →
  • §10
    Privacy Policy · effective date
    "Effective as of May 25, 2018."
    Original → Snapshot →
Flag an issue

Signal · Grade A

Spotted an error or outdated info? Let us know — we'll review it.

How accurate is this analysis?
Report a shady policy

Know a privacy policy that deserves the treatment? Two ways to tell us:

Option A — Email us

Drop us a line with the company name and policy URL.

✉ report-shady-policies@honestprivacypolicies.org
or
Option B — Quick form