DeepL updated its privacy policy to clarify its corporate structure and data controller responsibilities. Previously, the policy identified only DeepL SE as the data controller responsible for processing personal data. The updated policy now states that 'DeepL' refers to the entity within the DeepL group that acts as the controller, and lists seven legal entities across Germany, UK, Netherlands, Poland, US, and Japan that may process data. The policy also added language disclosing that when users access DeepL through third-party AI tools via DeepL's MCP integration, DeepL receives the user's ID and organization name for authentication purposes.
The updated policy clarifies that DeepL operates through multiple legal entities across Germany, the UK, Netherlands, Poland, the US, and Japan. Previously the policy identified only DeepL SE as the controller, but the revised terms now state that 'DeepL' refers to whichever group entity acts as the controller for your data. Additionally, the policy now discloses that when you use DeepL through ChatGPT, Claude, Cursor, or similar tools via DeepL's MCP (Model Context Protocol) integration, DeepL receives your user ID and organization name for authentication. This is a clarification rather than a new practice authorization; no specific action is required by users.
The updated policy clarifies that DeepL operates as a multi-entity group with data controllers in multiple jurisdictions, and explicitly discloses that data flows occur when DeepL is accessed through third-party AI tools. Organizations using DeepL, particularly through integrations, may need to update their own data processing agreements and privacy disclosures to account for these arrangements.
Policy now identifies seven legal entities across six jurisdictions as potential data controllers rather than DeepL SE alone.
Policy now explicitly states that third-party AI tool integrations (ChatGPT, Claude, Cursor) result in DeepL receiving user ID and organization name.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
DeepL's updated privacy policy makes explicit what was previously implicit: the company operates as a group of legal entities rather than a single entity, and the applicable data controller varies by jurisdiction and service configuration. The policy also discloses data flows associated with MCP integrations. From a compliance perspective, organizations using DeepL (particularly through third-party AI tools) may wish to confirm whether their existing data processing agreements (DPAs) or privacy impact assessments account for multi-jurisdictional data controller arrangements and third-party integration data flows. The changes appear primarily clarificatory rather than substantively expanding collection or processing authorities.
GDPR (Articles 4, 13, 14 regarding controller identification and transparency), CPRA (California Consumer Privacy Act), PDPA (Personal Data Protection Act, applicable to Japan users), UK GDPR
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003132.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorNetflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.