Baseten collects personal identifiers including your name, email address, phone number, and physical address when you use its services, in addition to technical usage data generated by your activity.
This analysis describes what Baseten's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that a broad range of personal identifiers may be collected, and the phrase 'may include, but is not limited to' means the listed categories are not exhaustive.
The policy authorizes collection of name, email, phone number, address, and usage data; the open-ended list means additional categories of personal information may also be collected beyond those explicitly named.
Cross-platform context
See how other platforms handle Personal Data Collection and similar clauses.
Compare across platforms →Monitoring
Baseten has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to: Email address; First name and last name; Phone number; Address, State, Province, ZIP/Postal code, City; Usage Data.— Excerpt from Baseten's Baseten Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages CCPA obligations requiring businesses to disclose categories of personal information collected at or before the point of collection. The FTC Act's prohibition on unfair or deceptive practices is also relevant if collected categories exceed what is disclosed. For EU/EEA users, GDPR data minimization principles may require evaluation of whether all collected categories are necessary for stated purposes. (2) GOVERNANCE EXPOSURE: Medium. The open-ended 'may include, but is not limited to' language in the enumerated data categories creates potential ambiguity about the full scope of collection, which may complicate CCPA category disclosure obligations and GDPR data mapping requirements. (3) JURISDICTION FLAGS: California residents are directly affected by CCPA disclosure requirements. EU/EEA users may have rights under GDPR to receive complete and specific information about data collected. The phrase 'but is not limited to' may require additional specificity in jurisdictions with strict disclosure requirements. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should verify that all data categories actually collected are reflected in data processing agreements with subprocessors and that vendor contracts align with the categories listed in this provision. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data mapping exercise to confirm that all categories of personal information collected are enumerated in the policy and that collection is limited to what is necessary for disclosed purposes. The open-ended list language should be reviewed against applicable regulatory guidance on disclosure specificity.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that a broad range of personal identifiers may be collected, and the phrase 'may include, but is not limited to' means the listed categories are not exhaustive.
The policy authorizes collection of name, email, phone number, address, and usage data; the open-ended list means additional categories of personal information may also be collected beyond those explicitly named.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Baseten.