If you’ve ever forwarded a photo, document, or note to your own Telegram account using the “Saved Messages” feature, you’ve used Telegram as personal cloud storage. Millions of people do this daily. It’s quick, cross-platform, and keeps files accessible from anywhere you have Telegram installed.
It also stores your files on Telegram’s servers with encryption keys that Telegram holds — not you.
That distinction matters more than most people realise. And the events of 2024 and 2025 made the privacy limitations of Telegram as personal storage impossible to ignore.
How “Saved Messages” Actually Works
Telegram’s Saved Messages feature is a private chat with yourself. You can forward any message, file, photo, video, or document from any Telegram chat into Saved Messages, and it becomes part of your personal collection, accessible from any device where you’re logged into Telegram.
People use Saved Messages to store:
- Documents and PDFs they want to keep accessible
- Photos they want to back up or reference later
- Passwords and login credentials (commonly, and dangerously)
- Government IDs and financial documents forwarded from other conversations
- Personal notes and voice messages to themselves
- Links and articles to read later
- Files too large to email easily
For all of these uses, Telegram is genuinely convenient. Files are preserved at full quality, the size limit is generous (up to 2 GB per file), and the interface is fast. The problem isn’t the functionality — it’s the encryption model.
Server-Based Encryption vs. End-to-End Encryption
Telegram encrypts your data. The important question is what kind of encryption, and who controls the keys.
Telegram uses an encryption architecture it calls MTProto. For cloud chats — which includes Saved Messages and all regular group and channel chats — data is encrypted on Telegram’s servers. Telegram holds the encryption keys. This means Telegram can technically read the content of your Saved Messages.
End-to-end encryption (E2EE), by contrast, means the content is encrypted with a key that only the two endpoints of a conversation hold. The server that relays the messages cannot decrypt the content because it never has the key. Signal uses this model for all messages. WhatsApp’s core messaging uses this model.
Telegram does offer E2EE, but only in “Secret Chats” — a feature you have to manually initiate with another person. Secret Chats don’t appear in your Telegram Cloud backup, don’t sync across devices, and don’t include Saved Messages. There is no end-to-end encrypted equivalent of Saved Messages.
When you store a file in Saved Messages, you’re storing it in cloud storage where Telegram holds the keys.
What Changed in 2024 and 2025
For years, Telegram’s privacy reputation rested on a combination of its encryption marketing and its stated policy of not cooperating with governments. In 2024, that reputation came under serious pressure.
In August 2024, Telegram CEO Pavel Durov was detained in France as part of an investigation into criminal use of the platform. Following this, Telegram updated its terms of service to state that it would share users’ IP addresses and phone numbers with law enforcement when presented with a valid legal order.
This was a significant policy change. Previously, Telegram had positioned itself as categorically resistant to government data requests. The post-Durov policy shift made explicit what was always theoretically possible: Telegram can and will comply with legal requests for user data.
The implications for Saved Messages are direct. If a court or government agency with valid jurisdiction issues a legal order for your Telegram account data, Telegram can now — and has stated it will — comply. The content of your Saved Messages is part of that data, because Telegram holds the keys to decrypt it.
The 2020 Data Scraping Incident Still Circulates
In 2020, a vulnerability in Telegram’s platform allowed scraping of phone numbers associated with user IDs. The scraped data — reportedly covering hundreds of millions of accounts — continues to circulate in data broker databases and has been repackaged and sold multiple times since.
If you’ve used Telegram for several years, your phone number may already be in databases linked to your Telegram user ID, your account creation date, and in some cases your approximate location. This background data doesn’t include your Saved Messages content, but it affects the baseline privacy profile of any Telegram account.
The Metadata Problem
Even when content is protected by encryption, metadata can be revealing. For Telegram cloud chats, metadata includes:
- When files were uploaded
- File sizes and types
- Who sent files to whom (in non-Saved-Messages contexts)
- IP addresses at the time of access
- Device identifiers
For Saved Messages specifically, the metadata of when you accessed and modified your personal storage is logged. This creates a behavioural record independent of the content itself.
In contexts where what you were doing — not just what you said — is relevant, metadata has been used to establish timelines, associations, and patterns. The content of your Saved Messages might be protected by Telegram’s stated cooperation limits. The metadata of your account is less protected.
What People Actually Store That They Shouldn’t
The most common problematic use of Saved Messages is storing credentials and identity documents.
Credentials stored in Saved Messages — passwords, PINs, two-factor authentication backup codes — are stored in plain readable text in cloud storage where Telegram holds the keys. If your Telegram account is compromised, or if Telegram’s servers are breached, those credentials are exposed. Credentials belong in a dedicated password manager with proper encryption, not in Saved Messages.
Identity documents — scans of passports, driving licences, national identity cards — are high-value targets for identity theft. Storing these in Telegram means they’re on Telegram’s servers, encrypted with Telegram’s keys, accessible if Telegram is compelled by legal process or breached.
Financial documents, bank statements, tax documents — same analysis. These are exactly the files that should be stored with strong encryption in a service where you control the retention and where the service’s business model doesn’t involve holding data that’s useful for government requests.
Voice messages sent to Saved Messages are stored as audio files on Telegram’s servers. Telegram processes audio for certain features. The audio remains stored on Telegram’s infrastructure until you explicitly delete it.
Telegram’s Storage Policy
Telegram retains cloud chat data — including Saved Messages — indefinitely, or until you delete it. There’s no automatic expiry for personal saved files. Messages you sent to Saved Messages years ago remain on Telegram’s servers unless you’ve explicitly deleted them.
Telegram also retains data after account deletion, subject to legal retention requirements. Deleted accounts may result in data being retained for an extended period under Telegram’s stated policies.
This is a meaningful data retention posture for a service used as personal cloud storage. Files you stop using don’t disappear — they accumulate in cloud storage where Telegram holds the keys.
Signal’s Approach, by Comparison
Signal, often compared to Telegram, has a fundamentally different architecture. All Signal messages are end-to-end encrypted by default, including the Note to Self feature that serves a similar purpose to Telegram’s Saved Messages. Signal processes almost no metadata. Signal’s business model is a non-profit, eliminating advertising or commercial incentives to retain user data.
The tradeoff is that Signal’s file storage features are less developed than Telegram’s. Signal doesn’t offer the generous 2 GB file size limits or the cloud-based cross-device accessibility that Telegram provides. For users who use Saved Messages primarily as a file cabinet, Signal’s Note to Self doesn’t have the same functionality.
The privacy advantage of Signal’s architecture is real, but it doesn’t slot in as a direct substitute for Telegram Saved Messages as a file storage tool.
What Dedicated Private File Storage Offers Instead
For the use cases that Telegram Saved Messages covers — personal document storage, photo backup, notes and files you want accessible cross-platform — dedicated private file storage services offer a cleaner privacy architecture.
The relevant properties to compare:
Encryption key control: Does the service hold the keys, or are your files encrypted in ways the service can’t read? This affects what they can share under legal process and what’s exposed in a breach.
Business model: Is the service free (and if so, what’s the revenue model)? Services funded by subscriptions don’t have the same incentive to retain data or cooperate proactively with requests that aren’t legally required.
Data retention on deletion: When you delete a file, how long does the service retain it? A service with a defined, short deletion cycle is preferable to one with indefinite retention.
No content indexing: Does the service process your files to extract value from their contents — for AI training, advertising, or product improvement? A file storage service shouldn’t be reading your documents.
Minimum data collection: Does the service collect more metadata than necessary to operate? Phone number, exact location, and detailed usage patterns are not necessary to store files.
How Daftei Handles Personal File Storage
daftei is designed specifically for personal memory and file storage. Files stored in daftei are encrypted in transit with TLS 1.3 and at rest with AES-256. This is server-side encryption — daftei is not a zero-knowledge service where technically the files cannot be accessed — but daftei doesn’t run advertising, doesn’t train third-party AI on your content, and doesn’t sell user data.
The business model is subscription-based: 5 GB free, with unlimited storage on Pro at $5.99/month or $44.99/year. Revenue comes from subscriptions, not from the value of your stored content.
When you delete a file in daftei, there’s a 30-day grace window before permanent irreversible erasure. After 30 days, the file is gone.
This is a different model than Telegram Saved Messages, where files accumulate indefinitely on Telegram’s servers with Telegram holding the keys, and where the post-2024 cooperation policy makes legal compliance explicit.
The Convenience Calculation
Telegram Saved Messages is fast, familiar, and already installed on devices most users have. That’s why it became a de-facto personal file cabinet for millions of people — not because it was designed to be one, but because it’s the most frictionless path to “I need to save this file somewhere.”
The convenience is real. The tradeoffs are also real:
- Telegram holds the encryption keys for everything in Saved Messages
- Telegram has explicitly stated it will comply with valid legal requests
- Files accumulate indefinitely on Telegram’s servers
- The service was not designed for private personal file storage and its privacy architecture reflects that
For files you don’t particularly care about — links, memes, casual notes — these tradeoffs may not matter. For files you do care about — documents, identity records, health information, financial details, anything you’d be concerned about if it were accessed without your consent — a dedicated private storage solution is worth the additional friction.
The question to ask before sending something to Saved Messages: would you be comfortable if Telegram held this file, could read it, and might share it with authorities if legally compelled to do so? For casual content, that’s fine. For sensitive personal records, it shouldn’t be the default answer.