AI21 Labs · AI21 Labs Privacy Policy

Disclosure to Third Parties and Service Providers

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

AI21 shares your personal data with external companies that help run its business — like cloud hosts, analytics firms, and payment processors. These companies are supposed to use your data only for the agreed purpose, but AI21 also shares data with business partners for joint offerings.

Consumer impact (what this means for users)

Your personal data may be shared with an unspecified number of business partners beyond just technical service providers, and those partners may have independent rights to use your data — the policy does not name these partners or describe their data use.

Cross-platform context

See how other platforms handle Disclosure to Third Parties and Service Providers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The inclusion of 'business partners for joint offerings' as a separate category from 'service providers' is significant — business partners may have independent data use rights beyond just processing on AI21's behalf, which could constitute data sharing or selling under CCPA.

View original clause language
We may share your personal information with third-party service providers who perform services on our behalf, such as cloud hosting, data analytics, customer support, email delivery, and payment processing. These service providers are authorized to use your personal information only as necessary to provide services to us. We may also share personal information with business partners with whom we jointly offer products or services.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 28 requires written Data Processing Agreements with all processors; Art. 26 requires Joint Controller Agreements when business partners jointly determine processing purposes. CCPA/CPRA §1798.140 defines 'service providers' (restricted use) versus 'third parties' (potentially constituting 'sale' or 'sharing'). FTC Act Section 5 applies to deceptive disclosure practices regarding third-party sharing. GDPR Art. 13(1)(e) requires disclosure of categories of recipients at collection. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC enforces against deceptive or undisclosed data sharing practices with third parties under Section 5 of the FTC Act.
    File a complaint →
  • State AG
    California Privacy Protection Agency enforces CPRA requirements for opt-out of data sharing with business partners for cross-context behavioral advertising.
    File a complaint →

Provision details

Document information
Document
AI21 Labs Privacy Policy
Entity
AI21 Labs
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004118
Document ID
CA-D-00460
Evidence Provenance
Source URL
https://www.ai21.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
4abc7ff0d7779bee955894a99670d17aadf5332ce2786437f3a3b85a2497adc3
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: AI21 Labs | Document: AI21 Labs Privacy Policy | Record: CA-P-004118
Captured: 2026-04-30 06:15:21 UTC | SHA-256: 4abc7ff0d7779bee…
URL: https://conductatlas.com/platform/ai21-labs/ai21-labs-privacy-policy/disclosure-to-third-parties-and-service-providers/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document