What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California's Shine the Light law, California Business and Professions Code Section 22582 regarding minor users, and the California Online Privacy Protection Act (CalOPPA). For EU/EEA users accessing Baseten's services, the General Data Protection Regulation may require evaluation, particularly regarding lawful basis for processing and adequacy of international data …

How does Baseten's Baseten Privacy Policy affect users?

The policy establishes that Baseten retains name, email, phone number, payment information, usage data, and device identifiers, with authorized sharing to analytics, email marketing, and payment processing partners. The policy authorizes data transfer to acquiring entities in merger or acquisition scenarios, which may result in data processing under different terms. For California residents, the policy establishes rights to request access to, deletion of, and opt-out from sale of personal infor…

How often is Baseten's Baseten Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Baseten updates this document?

Yes. Monitor subscribers ($19/month) can add Baseten to their watchlist and receive same-day email alerts whenever this document or any other Baseten document changes.

CA-D-000814

Baseten Privacy Policy

Baseten

Last change detected May 12, 2026 Privacy policy

SHA-256: ad9783b7bfc710cdf80… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Baseten ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

8 Medium severity

2 Low severity

Summary

This document establishes Baseten's data collection and processing practices for users of its AI model inference infrastructure services and website. Baseten collects identifiers (name, email, phone number), payment information, usage data, and device information, and authorizes sharing of this data with analytics providers, email marketing services, and payment processors. The policy permits transfer of personal data to third parties in connection with business transactions including mergers and acquisitions.

Technical / Legal Breakdown

This document is Baseten's Privacy Policy, last updated July 3, 2025, governing the collection, use, retention, transfer, and disclosure of personal data from users of Baseten's services, with stated legal bases including contractual necessity and legitimate interests. The policy states that Baseten collects name, email address, phone number, payment data, usage data, device identifiers, and browsing activity, and the terms authorize sharing with analytics providers, email marketing partners, and payment processors, as well as disclosure in connection with business transactions such as mergers or acquisitions. The policy includes a dedicated CCPA section disclosing categories of personal information collected, business and commercial purposes for use, and disclosure to third parties, and states that Baseten does not sell personal information of minors under 16 without opt-in consent; the policy also addresses a Do Not Track disclosure as required under CalOPPA, though the document does not specify whether Baseten's systems honor Do Not Track signals. The policy engages California Consumer Privacy Act obligations including rights to know, delete, and opt out of sale, and references California's Shine the Light law and California Business and Professions Code Section 22582; compliance exposure is heightened for California residents and, where EU/EEA users access the service, GDPR requirements around data transfer mechanisms and lawful basis may require evaluation. Material considerations for compliance teams include the adequacy of data transfer safeguards for international transfers, the scope of third-party sharing with analytics and marketing vendors, and the policy's treatment of payment data through third-party processors.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

Medium — 8 provisions

Personal Data Collection Compare →

Baseten collects personal identifiers including your name, email address, phone number, and physical address when you use its services, in addition to technical usage data generated by your activity.

Added May 12, 2026 Standard Seen across 284 platforms
Usage Data Collection Compare →

Baseten automatically collects technical data about how you use the service, including your IP address, browser type, pages visited, time spent on pages, and unique device identifiers, without requiring any action from you.

Added May 12, 2026 Standard Seen across 284 platforms
Third-Party Analytics and Email Marketing Compare →

Baseten uses third-party companies to analyze how the service is used and may send you marketing emails, though you can unsubscribe from those emails using the link provided.

Added May 12, 2026 Standard Seen across 252 platforms
Business Transaction Data Transfer Compare →

If Baseten is sold, merged, or its assets are acquired by another company, your personal data may be transferred to the new entity, though Baseten states it will provide notice before this happens.

Added May 12, 2026 Standard Seen across 284 platforms
CCPA Rights and Opt-Out of Data Sale Compare →

If you are a California resident, you have the right under the CCPA to request access to your data, request deletion, and opt out of the sale of your personal information, and Baseten must respond within one month.

Added May 12, 2026 Standard Seen across 284 platforms
Sale of Personal Information of Minors Under 16 Compare →

Baseten states it will not sell the personal data of users under 16 without affirmative opt-in consent from the minor (if aged 13 to 16) or their parent or guardian (if under 13).

Added May 12, 2026 Standard Seen across 284 platforms
Data Retention Compare →

Baseten keeps your personal data for as long as needed for the purposes described in the policy, for legal compliance, resolving disputes, and enforcing its agreements, without specifying a fixed retention period.

Added May 12, 2026 Standard Seen across 284 platforms
International Data Transfer Compare →

Your personal data may be transferred to and processed in other countries where data protection laws may be different from those in your home country, and by accepting this policy you are stated to consent to that transfer.

Added May 12, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Payment Data Processing Compare →

Baseten uses third-party payment processors to handle payment card transactions and states it does not store your payment card information directly; your payment data is governed by the payment processor's own privacy policy.

Added May 12, 2026 Standard Seen across 284 platforms
Do Not Track Policy Compare →

Baseten's service does not honor Do Not Track browser signals, meaning that even if your browser is set to request no tracking, Baseten will not change its data collection practices in response.

Added May 12, 2026 Standard Seen across 284 platforms