Baseten automatically collects technical data about how you use the service, including your IP address, browser type, pages visited, time spent on pages, and unique device identifiers, without requiring any action from you.
This analysis describes what Baseten's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that usage data is collected automatically, meaning this data collection occurs regardless of whether a user actively provides information, and includes device identifiers and behavioral browsing data.
This provision authorizes automatic collection of IP address, browser type and version, pages visited, time and date of visits, time spent on pages, and unique device identifiers from all users accessing the service.
Cross-platform context
See how other platforms handle Usage Data Collection and similar clauses.
Compare across platforms →Monitoring
Baseten has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.— Excerpt from Baseten's Baseten Privacy Policy
(1) REGULATORY LANDSCAPE: Automatic collection of IP addresses and device identifiers engages CCPA definitions of personal information and identifiers. Under GDPR, IP addresses are generally treated as personal data, and the lawful basis for this processing should be specified. The FTC Act applies to collection practices that could be considered unfair or inadequately disclosed. (2) GOVERNANCE EXPOSURE: Medium. Automatic collection of unique device identifiers and behavioral browsing data without explicit consent may require evaluation under GDPR and state privacy laws. The 'including, but not limited to' language again leaves the full scope of collection undefined. (3) JURISDICTION FLAGS: EU/EEA users have rights under GDPR regarding automated processing of data including IP addresses. California residents may request access to and deletion of this category of information under CCPA. Illinois and other states with biometric or device-identifier-specific laws may create additional exposure depending on the specific identifiers collected. (4) CONTRACT AND VENDOR IMPLICATIONS: If usage data is passed to third-party analytics providers, data processing agreements must accurately reflect the categories transmitted. Procurement teams should verify that third-party analytics vendors receiving this data operate under adequate contractual safeguards. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the cookie consent and tracking disclosures align with actual data collection practices for usage data, and that the legal basis for processing usage data is documented for GDPR purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that usage data is collected automatically, meaning this data collection occurs regardless of whether a user actively provides information, and includes device identifiers and behavioral browsing data.
This provision authorizes automatic collection of IP address, browser type and version, pages visited, time and date of visits, time spent on pages, and unique device identifiers from all users accessing the service.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Baseten.