The notice expressly excludes Customer Data processed under the Platform Agreement from its scope, meaning the data processing practices of enterprise customers using the Anyscale platform are governed by the Platform Agreement and each customer's own privacy policies, not this notice.
This analysis describes what Anyscale's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a structural boundary between Anyscale's own data processing and the data processing it performs as a service provider to enterprise customers. Individuals whose data is processed by an Anyscale customer through the Platform Services must direct privacy inquiries to that customer, not to Anyscale.
Provision renamed from 'Customer Data Carve-Out' to 'Customer Data Exclusion from Notice Scope' but text remains identical.
View full change record →Under this clause, personal data submitted to or processed through Anyscale's Platform Services by enterprise customers is governed by the Platform Agreement and the enterprise customer's own privacy policies; this notice and the rights it describes do not apply to that data. Individuals seeking to exercise rights over data held by an Anyscale customer should contact that customer directly.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Anyscale has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"This Privacy Notice does not apply to (i) Customer Data (as defined in the Platform Agreement); or (ii) any products, services, websites, or content that are offered by third parties or that have their own privacy notice. Our Customers' respective privacy policies govern their collection and use of Customer Data. Any questions or requests relating to Customer Data should be directed to our customer.— Excerpt from Anyscale's Anyscale Privacy Policy
(1) REGULATORY LANDSCAPE: This provision reflects the controller-processor distinction under GDPR, where Anyscale acts as a data processor for Customer Data and the enterprise customer acts as the controller. Under GDPR, data subjects must exercise rights against the controller (the enterprise customer), not the processor (Anyscale). CCPA similarly distinguishes between businesses and service providers, with service provider data subject to contract rather than the service provider's own privacy policy. (2) GOVERNANCE EXPOSURE: Medium. Enterprise customers using Anyscale's Platform Services bear primary controller obligations under GDPR and CCPA for Customer Data. The exclusion clause reinforces this allocation but also means that Anyscale's data protection commitments for Customer Data are found solely in the Platform Agreement and any associated Data Processing Addendum. (3) JURISDICTION FLAGS: EU and UK enterprise customers must ensure that the Platform Agreement includes Standard Contractual Clauses or other GDPR-compliant transfer mechanisms and data processing terms where applicable. California enterprise customers should ensure the Platform Agreement includes CCPA-compliant service provider terms. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should review the Platform Agreement and any DPA to verify that Anyscale's obligations as a processor are adequately defined, that sub-processor lists are disclosed, and that audit rights are available. The exclusion of Customer Data from this notice means that this document cannot be relied upon as evidence of Anyscale's data protection commitments for platform-processed data. (5) COMPLIANCE CONSIDERATIONS: Enterprise customers should confirm that their own privacy notices accurately disclose Anyscale as a service provider; that data subject request workflows direct individuals to the appropriate controller; and that the Platform Agreement's DPA addresses GDPR processor obligations, CCPA service provider restrictions, and applicable cross-border transfer mechanisms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a structural boundary between Anyscale's own data processing and the data processing it performs as a service provider to enterprise customers. Individuals whose data is processed by an Anyscale customer through the Platform Services must direct privacy inquiries to that customer, not to Anyscale.
Under this clause, personal data submitted to or processed through Anyscale's Platform Services by enterprise customers is governed by the Platform Agreement and the enterprise customer's own privacy policies; this notice and the rights it describes do not apply to that data. Individuals seeking to exercise rights over data held by an Anyscale customer should contact that customer directly.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Anyscale.