AI21 Labs · AI21 Labs Privacy Policy

Session Replay and Behavioral Analytics (Amplitude)

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Amplitude records a sample of user sessions on AI21's platform — capturing your mouse movements, clicks, and potentially keystrokes — to analyze how people use the service. This happens in about 1 in 5 sessions without specific notice at the time of recording.

Consumer impact (what this means for users)

When you interact with AI21's platform, there is a 20% chance your session — including every click, scroll, and potentially every character you type into AI prompt boxes — is being recorded and sent to Amplitude, a US-based analytics company.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Use the OneTrust cookie consent tool on AI21's website to reject analytics cookies, which should disable Amplitude session replay tracking. Look for 'Cookie Settings' or 'Manage Preferences' in the site footer or the consent banner.

Cross-platform context

See how other platforms handle Session Replay and Behavioral Analytics (Amplitude) and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Session replay tools can inadvertently capture sensitive information typed into AI prompt fields, including passwords, personal information, and confidential business content, creating significant privacy risks beyond standard analytics.

View original clause language
We use Amplitude for analytics and session replay. Amplitude may record your interactions with our Services, including mouse movements, clicks, and keystrokes, to help us understand how users engage with our Services. Session replay data is collected for approximately 20% of sessions.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Session replay implicates GDPR Art. 5(1)(c) (data minimization), Art. 6 (lawful basis — likely legitimate interests, requiring balancing test), Art. 9 (if sensitive data is inadvertently captured), and Art. 35 (DPIA required for systematic monitoring). CCPA/CPRA §1798.140 'personal information' definition encompasses behavioral data captured by session replay. Illinois BIPA (740 ILCS 14) may be triggered if biometric identifiers are captured. UK GDPR and PECR apply for UK users. FTC Act Section 5 applies to undisclosed behavioral recording. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority over undisclosed session replay and behavioral surveillance practices under Section 5 of the FTC Act as unfair or deceptive acts affecting consumers.
    File a complaint →

Provision details

Document information
Document
AI21 Labs Privacy Policy
Entity
AI21 Labs
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004117
Document ID
CA-D-00460
Evidence Provenance
Source URL
https://www.ai21.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
4abc7ff0d7779bee955894a99670d17aadf5332ce2786437f3a3b85a2497adc3
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: AI21 Labs | Document: AI21 Labs Privacy Policy | Record: CA-P-004117
Captured: 2026-04-30 06:15:21 UTC | SHA-256: 4abc7ff0d7779bee…
URL: https://conductatlas.com/platform/ai21-labs/ai21-labs-privacy-policy/session-replay-and-behavioral-analytics-amplitude/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document