PrivacyOn
Privacy GuideApril 13, 20269 min read

How to Protect Your Privacy on WhatsApp

SC

By Sarah Chen

Head of Privacy Research

How to Protect Your Privacy on WhatsApp

WhatsApp is the most popular messaging app in the world, with over two billion users. Its end-to-end encryption means that only you and the person you are communicating with can read your messages or hear your calls — not even WhatsApp itself. But encryption alone does not make you private. Your profile information, online status, group memberships, and backup files can all expose your personal data if you do not configure WhatsApp's privacy settings deliberately. Here is a complete guide to locking down your privacy on WhatsApp in 2026.

How WhatsApp Encryption Works

WhatsApp uses the Signal Protocol to provide end-to-end encryption for all personal messages and calls by default. When you send a message, it is encrypted on your device and can only be decrypted by the recipient's device. WhatsApp's servers relay the encrypted data but cannot read its contents.

However, encryption only protects messages in transit. It does not protect your profile metadata, your backup files (unless you enable encrypted backups separately), or the personal information you make visible to others. The settings below address those gaps.

Essential Privacy Settings to Change

Open WhatsApp and navigate to Settings > Privacy to find most of these options. Review each one carefully.

Profile Photo, About, and Last Seen

WhatsApp lets you control who can see three key pieces of profile information:

  • Last Seen and Online — shows when you were last active or whether you are currently online.
  • Profile Photo — your account picture.
  • About — the short text description on your profile.

For each of these, you can choose from four visibility levels: Everyone, My Contacts, My Contacts Except, or Nobody. For maximum privacy, set all three to "My Contacts" or "Nobody." The "My Contacts Except" option is useful if you want to hide your information from specific people without removing them from your contacts.

Read Receipts

Blue check marks tell others when you have read their messages. Turn this off under Settings > Privacy > Read Receipts. Note that read receipts cannot be disabled for group chats.

Groups

By default, anyone with your phone number can add you to a group chat — a common tactic used by spammers. Go to Settings > Privacy > Groups and change the setting to "My Contacts" or "My Contacts Except." Anyone outside your selected audience must send a private invitation instead.

Quick Privacy Settings Checklist

Set Last Seen and Online to "My Contacts" or "Nobody." Set Profile Photo to "My Contacts." Set About to "My Contacts." Change Groups to "My Contacts." Turn off Read Receipts. Enable two-step verification. Turn on end-to-end encrypted backups. Review these settings every few months as WhatsApp adds new options.

Advanced Chat Privacy

WhatsApp introduced the Advanced Chat Privacy setting in 2025, which provides additional protections within individual and group conversations. When enabled on a chat, it blocks the ability to export the chat, prevents auto-downloading of media sent in the conversation, and restricts AI features from processing messages in that conversation. You can enable this by opening any chat, tapping the contact or group name, and selecting Advanced Chat Privacy. This is especially useful for sensitive conversations where you want to ensure content stays within the chat.

Chat Lock and Disappearing Messages

Chat Lock

The Chat Lock feature moves specific conversations to a locked folder that requires biometric authentication or your device passcode to access. Locked chats are hidden from your main chat list and notification previews are concealed. To lock a chat, open it, tap the contact name at the top, and select Chat Lock. This is especially useful if you share your phone with family members or if someone might pick up your device.

Disappearing Messages

Disappearing messages automatically delete after 24 hours, 7 days, or 90 days. Enable this per chat by tapping the contact name and selecting Disappearing Messages, or set a default timer for all new chats under Settings > Privacy > Default Message Timer. Keep in mind that recipients can still screenshot messages before they vanish.

End-to-End Encrypted Backups

This is one of the most important and most overlooked WhatsApp privacy settings. By default, WhatsApp backs up your chat history to Google Drive (Android) or iCloud (iPhone). These standard backups are not end-to-end encrypted, which means Google or Apple could technically access them, and they could be exposed in a data breach or compelled by a legal request.

WhatsApp offers optional end-to-end encrypted backups that protect your backup with a password or a 64-digit encryption key that only you know. To enable this:

  1. Go to Settings > Chats > Chat Backup > End-to-End Encrypted Backup.
  2. Tap Turn On.
  3. Choose whether to protect your backup with a password or a 64-digit key.
  4. Confirm your choice and wait for the encrypted backup to complete.

Do Not Lose Your Encryption Password

If you enable end-to-end encrypted backups and forget your password or lose your 64-digit key, WhatsApp cannot recover your backup for you. There is no reset option. Store your password in a password manager or write down the 64-digit key and keep it in a physically secure location. Losing access to your encryption credentials means losing your entire chat history permanently.

Two-Step Verification

Two-step verification adds a six-digit PIN that you must enter when re-registering your phone number with WhatsApp. This prevents someone who obtains your SIM card or intercepts your SMS verification code from taking over your account. Enable it under Settings > Account > Two-Step Verification. Without this protection, anyone who gains access to your phone number through a SIM swap could register WhatsApp on a new device and receive your incoming messages.

Advanced Network and AI Privacy

Protect Your IP Address in Calls

WhatsApp calls are normally peer-to-peer, which means the other caller can see your IP address. Go to Settings > Privacy > Advanced > Protect IP Address in Calls to relay calls through WhatsApp's servers instead. Call quality may decrease slightly, but your location and ISP are hidden from the other party.

Disable Link Previews

When you receive a URL, WhatsApp may fetch data from that website to generate a preview, potentially exposing metadata about your activity. Under Settings > Privacy > Advanced, you can disable link previews to eliminate this tracking vector.

Opt Out of Meta AI

WhatsApp has integrated Meta AI features. While your encrypted messages are not used for AI training, interactions with AI assistants are not covered by end-to-end encryption. Review Settings > Privacy to opt out of AI data usage, and be cautious when using any Meta AI chatbot features within the app.

New in 2026: Strict Account Settings

In early 2026, WhatsApp introduced Strict Account Settings, a mode designed for high-risk users such as journalists, activists, public figures, and anyone who faces elevated threats to their digital safety. When enabled, Strict Account Settings apply several protections simultaneously:

  • Blocks attachments from unknown senders — files, images, and documents from people not in your contacts are blocked automatically, reducing the risk of malware or spyware delivery.
  • Silences calls from unknown numbers — incoming calls from numbers not in your contacts are silenced without notification.
  • Restricts other settings — several settings are automatically hardened, including tighter profile visibility and group invitation controls.

You can enable Strict Account Settings under Settings > Privacy > Strict Account Settings. Even if you are not a journalist or public figure, this mode is worth considering if you receive frequent spam, unwanted contact, or if your phone number has been exposed in a data breach.

Why WhatsApp Privacy Is Not Enough on Its Own

WhatsApp's privacy features protect the content of your conversations, but they do not address the root cause of many privacy problems: your personal information being publicly available online. If your phone number is listed on data broker and people search sites, bad actors can find and contact you regardless of how locked down your WhatsApp settings are. A scammer who finds your phone number on a people search site can add you on WhatsApp and use additional personal details — your full name, address, and employer — to craft a convincing social engineering message.

PrivacyOn addresses this upstream problem by continuously removing your personal information from over 100 data broker and people search sites. When your phone number is no longer publicly listed, you become significantly harder to find on any messaging platform. PrivacyOn also includes dark web monitoring, alerting you if your credentials surface in places that WhatsApp's encryption cannot reach. Locking down your WhatsApp settings is essential, but pairing it with a data removal service creates a far more complete privacy shield.

SC
Sarah Chen

Head of Privacy Research

CIPP/US CertifiedIAPP MemberB.S. Computer Science

CIPP/US-certified privacy researcher with over a decade of experience helping consumers remove their personal information from data brokers.

Related Articles

Privacy Guide

How to Protect Your Privacy on Social Media

Security

How to Set Up Two-Factor Authentication Everywhere

Privacy Guide

How to Make Your Phone Number Private

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.