LangChain modified the title and scope of a data protection clause in its Terms of Service on June 4, 2026. The clause previously specified that data protection rules applied only when customers used the LangSmith Platform for 'Cloud or Hybrid Deployments'. The updated language removes the deployment-type qualifier, stating the Data Processing Addendum now applies whenever customers process Personal Data subject to applicable data protection laws, regardless of deployment method. This broadens when the DPA requirements become contractually binding.
The updated terms clarify that the Data Processing Addendum now applies whenever you process Personal Data using the LangSmith Platform, regardless of whether you use Cloud or Hybrid Deployments. Previously, the clause explicitly limited this protection to those two deployment types. The change broadens the scope of when data protection rules contractually bind the parties, which may provide clearer governance if you use other deployment methods.
The updated language clarifies that LangChain's Data Processing Addendum applies whenever customers process Personal Data on the LangSmith Platform, regardless of deployment method. This removes potential ambiguity about which data protection obligations apply to on-premises or other non-Cloud/Hybrid deployments, creating more uniform data governance expectations across all platform uses.
Broadened to apply DPA requirements to all Personal Data processing on LangSmith Platform, removing deployment-type limitation.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If you process personal data on LangSmith, the data protection rules now apply regardless of how you deploy the platform.
LangChain removed a qualifier restricting data protection obligations to Cloud and Hybrid Deployments only. The revised language now triggers DPA applicability whenever Personal Data processing occurs under applicable data protection laws, without deployment-type limitation. This clarification may reduce ambiguity about which processing activities require DPA compliance and could affect how organizations scope vendor assessments and data processor agreements. The change appears to be a clarification rather than a material expansion, but organizations using LangSmith should verify their DPA terms align with this broader application.
GDPR Article 28 (data processor obligations); CCPA; UK DPA 2018; similar sectoral data protection frameworks where Personal Data processing triggers controller-processor relationship requirements
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002673.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorLangChain updated its Terms of Service on May 22, 2026 to clarify deployment options and data protection commitments. The company …
561 arbitration provisions across 197 platforms. ConductAtlas tracks how dispute resolution is being restructured across the internet.
Coinbase's User Agreement includes a mandatory arbitration clause that most users may not have reviewed. Here is what the clause states and…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.