Substack updated their Substack Privacy Policy on June 05, 2026. Change detected: 1 sentence(s) removed, 1 sentence(s) modified. Document contained 178 sentences after update.
Impact assessment pending documentation review.
Institutional analysis pending. This change has been verified and documented.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This new provision clarifies the scope limitations of Substack's privacy policy and transfers responsibility for Creator data practices to individual creators, potentially reducing Substack's liability.
Removal of explicit disclosure about staff access to direct message contents may obscure internal monitoring practices from users.
This detailed provision explaining creator data sharing was replaced with the more general 'Creator as Independent Data Controller' provision, potentially reducing transparency around specific data sharing scenarios.
The cookie and tracking disclosure language was removed from the contact syncing provision, potentially obscuring tracking practices from users who only review the address book section.
Severity downgraded from 'high' to 'medium', content remains identical.
Severity escalated from 'low' to 'medium' and excerpt expanded to show additional context with more formal language structure.
Provision remains materially identical with no changes to content or severity.
Severity elevated from 'low' to 'medium', and clarifying language '(each, a "DPF")' was added for definitional purposes.
Provision renamed from 'Privacy Rights and One-Month Response Commitment' to 'Privacy Rights Request and One-Month Response Commitment' with identical content.
Severity upgraded from 'medium' to 'medium' (unchanged), but cookie/tracking language was removed and separated into distinct provision; title changed from generic to address-book-specific.
Provision title changed from 'Data Transfer on Business Sale or Merger' to 'Business Transfer and Asset Sale Data Sharing' with identical content.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff β MonitorThe navigation footer of Substack's privacy policy page was updated on May 19, 2026 to include comparative product links. Specifically, β¦
Substack's Terms of Use footer navigation was updated on May 19, 2026 to add comparative product links. The footer now β¦
Substack updated its privacy policy on May 15, 2026 to disclose that it shares account identifiers with child safety industry β¦
ConductAtlas detected a major restructuring of Metaβs privacy policy that removed detailed consumer rights disclosures and relocated them tβ¦
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can doβ¦
Get alerted when this policy changes again β including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.