CA-C-002267
DeepL — DeepL Privacy Policy
Entity
Date detected
May 22, 2026
Effective date
May 22, 2026
Severity
Low
Direction
Neutral
Affected users
all users
Changes
+46 sentences added · 2 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch DeepL Get alerts when this policy changes.
Watch — Free

Event Summary

DeepL added a detailed table of contents to its Privacy Policy on May 22, 2026, restructuring how the policy is organized. The update adds 46 sentences of new section headers and organizational structure covering topics like data controller information, scope of data protection, account creation, document translation, website data collection, and cookie usage. This change makes the policy easier to navigate and clarifies which sections address different aspects of DeepL's data handling practices, but does not appear to introduce new substantive data rights or restrictions.

LOW

Consumer Impact

The updated Privacy Policy now includes a detailed table of contents organizing data handling practices into distinct sections. This restructuring does not change what data DeepL collects or how it is used, but makes it simpler for users to locate information about specific practices such as document translation storage, account creation, and cookie usage. No new data collection, retention, or sharing practices were introduced by this organizational change.

Governance Analysis

The restructured table of contents improves the accessibility of DeepL's privacy disclosures by organizing data handling practices into labeled sections. This makes it easier for users and compliance teams to locate information about specific practices such as how submitted texts are processed, how documents are translated and stored temporarily, and how cookies are used on the website.

Key Clauses Affected

Table of contents addition

Adds navigational structure to privacy disclosures with sections covering account creation, document translation, website tracking, and cookie usage.

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch DeepL — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
fcb3de40345e89e4af51abe0725ffbaeabd8b4d346d5a23f1dd60314892bed9e
May 11, 2026 15:45 UTC
✓ Verified
Current Version
b96d27109f5463a06e392794b4cfee715b56ff5ba8f0a751ae2edd6b8e22b24c
May 22, 2026 00:52 UTC
✓ Verified
Change Detected
May 22, 2026 00:52 UTC
Analysis Methodology
✓ Verified
Source Document
https://www.deepl.com/en/privacy
Citation Record
Entity: DeepL
Document: DeepL Privacy Policy
Record ID: CA-C-002267
Captured: 2026-05-22 00:52:14 UTC
URL: https://conductatlas.com/change/2026-05-22-deepl-deepl-privacy-policy-2267/
Accessed: July 8, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
For legal and compliance teams

Institutional Analysis

Assessment

DeepL restructured its Privacy Policy by adding a table of contents and organizing existing content into numbered sections covering data controller information, account creation, document translation, website access data collection, and cookie usage. This is a formatting and navigation improvement with no apparent substantive changes to data handling obligations. No new regulatory exposure or compliance obligations appear to result from this organizational restructuring.

Regulatory Exposure

GDPR, CCPA

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002267.

Clause-Level Changes

New Provisions Added
Payment Data Processing
Low

Provides explicit details about payment data collection and introduces PCI DSS compliance assurance, increasing transparency about sensitive financial data handling.

Full clause text available with Compliance. See Compliance →
Data Retention Periods
Medium

Establishes a data retention policy with explicit deletion upon account closure, clarifying user data lifecycle and deletion timelines.

Full clause text available with Compliance. See Compliance →
CCPA Rights for California Residents
Medium

Introduces explicit CCPA compliance notice specific to California residents, expanding privacy rights disclosure beyond GDPR to include US state-level regulations.

Full clause text available with Compliance. See Compliance →
Provisions Removed
Paid Pro and API No-Storage Guarantee
Low

This specific guarantee for paid tiers was removed as a standalone provision, though similar language was integrated into the expanded free-tier provision.

Removed clause text available with Compliance. See Compliance →
DeepL Voice Real-Time Audio Processing
Medium

Removal of specific DeepL Voice privacy commitments suggests either the feature was discontinued or audio privacy protections are no longer explicitly guaranteed.

Removed clause text available with Compliance. See Compliance →
Account Registration Data Collection
Low

This provision was removed as a standalone section, though account data collection details are now implied under broader payment and service provisions.

Removed clause text available with Compliance. See Compliance →
International Data Transfers and Standard Contractual Clauses
Medium

This standalone provision was removed and merged into the revised 'Cross-Border Data Transfers' provision with substantively different framing.

Removed clause text available with Compliance. See Compliance →
Provisions Modified
Free-Tier Translation Input Used for AI Model Training
High

Severity increased from medium to high; expanded to explicitly state paid version protections and changed language from 'store' to 'may be used' while adding specific deletion guarantee for paid tiers.

Before/after clause text available with Compliance. See Compliance →
Data Subject Rights (Access, Erasure, Portability, Objection)
Low

Language restructured with 'you have the right to request' phrasing added for clarity and specificity, but substantive rights remain identical.

Before/after clause text available with Compliance. See Compliance →
Cross-Border Data Transfers
Medium

Reframed to focus on service providers based outside EEA rather than conditional transfers, broadening the scope of disclosed data transfers.

Before/after clause text available with Compliance. See Compliance →
Cookies and Tracking Technologies
Medium

Expanded to provide specific examples of collected information (pages, features, interactions) and explicitly added 'personalise your experience' alongside analytics and marketing purposes.

Before/after clause text available with Compliance. See Compliance →
Sub-Processor and Third-Party Data Sharing
Medium

Added 'customer support' as a category of service providers and changed from 'bound by' to 'entered into' language; added reference to 'applicable data protection law' for broader legal compliance.

Before/after clause text available with Compliance. See Compliance →

Cross-platform context

See how other platforms handle similar provisions across the ConductAtlas archive.

Compare across platforms → Browse regulations →

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff — Monitor

Document Context

Version history → Policy drift analysis → Document page →
Document
DeepL Privacy Policy
Entity
DeepL
Captured
May 22, 2026
Source URL
https://www.deepl.com/en/privacy
Other changes to DeepL Privacy Policy
Previous change May 11, 2026
DeepL's Privacy Policy footer navigation was updated on May 11, 2026 to include a link to 'Community' in the Resources …
Low Neutral
Next change May 29, 2026
DeepL updated their DeepL Privacy Policy on May 29, 2026. Change detected: 1 sentence(s) modified. Document contained 634 sentences after …
View full version history →
More from DeepL
Jul 8, 2026 Low
DeepL Terms and Conditions

DeepL updated its Terms and Conditions on July 8, 2026, with modifications to document navigation and marketing content displayed at …

Jul 8, 2026 Low
DeepL Privacy Policy

DeepL updated its Privacy Policy on July 8, 2026 with formatting and navigation changes to its public website. The policy …

Jul 1, 2026 Low
DeepL Terms and Conditions

DeepL's terms of service homepage added a new 'Resources' section on July 1, 2026, which includes links to a blog, …

Related Analysis
Privacy · May 8, 2026
Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…

Privacy · May 7, 2026
TikTok Rewrote Its Privacy Policy After a $600M EU Fine

ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.

Privacy · April 16, 2026
23andMe Is Bankrupt. What Happens to Your DNA Now?

Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…

Track DeepL policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 352+ platforms every Sunday.