DeepL added a detailed table of contents to its Privacy Policy on May 22, 2026, restructuring how the policy is organized. The update adds 46 sentences of new section headers and organizational structure covering topics like data controller information, scope of data protection, account creation, document translation, website data collection, and cookie usage. This change makes the policy easier to navigate and clarifies which sections address different aspects of DeepL's data handling practices, but does not appear to introduce new substantive data rights or restrictions.
The updated Privacy Policy now includes a detailed table of contents organizing data handling practices into distinct sections. This restructuring does not change what data DeepL collects or how it is used, but makes it simpler for users to locate information about specific practices such as document translation storage, account creation, and cookie usage. No new data collection, retention, or sharing practices were introduced by this organizational change.
The restructured table of contents improves the accessibility of DeepL's privacy disclosures by organizing data handling practices into labeled sections. This makes it easier for users and compliance teams to locate information about specific practices such as how submitted texts are processed, how documents are translated and stored temporarily, and how cookies are used on the website.
Adds navigational structure to privacy disclosures with sections covering account creation, document translation, website tracking, and cookie usage.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
DeepL restructured its Privacy Policy by adding a table of contents and organizing existing content into numbered sections covering data controller information, account creation, document translation, website access data collection, and cookie usage. This is a formatting and navigation improvement with no apparent substantive changes to data handling obligations. No new regulatory exposure or compliance obligations appear to result from this organizational restructuring.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002267.
Provides explicit details about payment data collection and introduces PCI DSS compliance assurance, increasing transparency about sensitive financial data handling.
Establishes a data retention policy with explicit deletion upon account closure, clarifying user data lifecycle and deletion timelines.
Introduces explicit CCPA compliance notice specific to California residents, expanding privacy rights disclosure beyond GDPR to include US state-level regulations.
This specific guarantee for paid tiers was removed as a standalone provision, though similar language was integrated into the expanded free-tier provision.
Removal of specific DeepL Voice privacy commitments suggests either the feature was discontinued or audio privacy protections are no longer explicitly guaranteed.
This provision was removed as a standalone section, though account data collection details are now implied under broader payment and service provisions.
This standalone provision was removed and merged into the revised 'Cross-Border Data Transfers' provision with substantively different framing.
Severity increased from medium to high; expanded to explicitly state paid version protections and changed language from 'store' to 'may be used' while adding specific deletion guarantee for paid tiers.
Language restructured with 'you have the right to request' phrasing added for clarity and specificity, but substantive rights remain identical.
Reframed to focus on service providers based outside EEA rather than conditional transfers, broadening the scope of disclosed data transfers.
Expanded to provide specific examples of collected information (pages, features, interactions) and explicitly added 'personalise your experience' alongside analytics and marketing purposes.
Added 'customer support' as a category of service providers and changed from 'bound by' to 'entered into' language; added reference to 'applicable data protection law' for broader legal compliance.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorDeepL updated its Terms and Conditions on July 8, 2026, with modifications to document navigation and marketing content displayed at …
DeepL updated its Privacy Policy on July 8, 2026 with formatting and navigation changes to its public website. The policy …
DeepL's terms of service homepage added a new 'Resources' section on July 1, 2026, which includes links to a blog, …
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.