What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This notice engages GDPR for EU/EEA data subjects, CCPA and CPRA for California residents, and references compliance with other applicable data protection frameworks. The notice's disclosure of third-party AI model provider data sharing may require evaluation under GDPR Article 28, which mandates written data processing agreements with processors; the adequacy of sub-processor chains disclosed in the notice warrants review. The FTC's jurisdiction over unfair or deceptive d…

How does Copy.ai's Copy.ai Privacy Policy affect users?

The policy establishes that content submitted to the platform—including prompts, generated outputs, and user-provided data—may be transmitted to third-party AI model providers and other service providers outside Copy.ai's infrastructure as part of normal platform operation. Users in California and the EU are authorized to submit data access requests, deletion requests, or opt-out requests regarding data sale or sharing by contacting privacy@copy.ai or using region-specific in-app mechanisms. Th…

How often is Copy.ai's Copy.ai Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Copy.ai updates this document?

Yes. Monitor subscribers ($19/month) can add Copy.ai to their watchlist and receive same-day email alerts whenever this document or any other Copy.ai document changes.

CA-D-000478

Copy.ai Privacy Policy

Copy.ai

Last change detected April 29, 2026 Privacy policy

SHA-256: 14e05e333531a8d3a9b… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Copy.ai ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

6 Medium severity

1 Low severity

Summary

This document establishes Copy.ai's data collection, use, and sharing practices for users of its AI-powered sales and marketing platform. The policy authorizes Copy.ai to collect account details, usage behavior, payment information, and content submitted as prompts or generated outputs, and to share this data with third-party AI model providers, service providers, analytics vendors, and advertising partners for processing and service delivery. The policy establishes data subject rights for California residents and EU users, including mechanisms to request access, deletion, or opt-out of data sale or sharing through privacy@copy.ai.

Technical / Legal Breakdown

This document is Copy.ai's Privacy Notice, governing the collection, use, and disclosure of personal data by Copy.ai in connection with its GTM AI platform and related services, with legal bases including contract performance, legitimate interests, and consent depending on jurisdiction. The notice states that Copy.ai collects account information, usage data, device and browser identifiers, payment information, and user-submitted content including prompts and outputs; the terms authorize sharing of personal data with service providers, business partners, advertising networks, and analytics vendors, and disclose the use of tracking technologies including cookies, pixel tags, and session replay tools. The notice acknowledges that user-submitted content may be processed by third-party AI model providers, which represents a materially significant disclosure for enterprise users who may input proprietary or sensitive business information into the platform. The notice references compliance obligations under GDPR for EU/EEA users, CCPA/CPRA for California residents, and other applicable data protection laws, with jurisdiction-specific rights sections addressing access, deletion, portability, and opt-out of sale or sharing. Enterprise and business account holders face heightened exposure through the potential processing of employee, customer, and prospect data via the platform, which may trigger data processing agreement obligations, GDPR Article 28 processor arrangements, and CCPA service provider contract requirements.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 1 provision

User Content Processed by Third-Party AI Model Providers Compare →

When you type prompts or receive AI-generated outputs on Copy.ai, that content may be sent to and processed by external AI companies that Copy.ai partners with, not just Copy.ai itself.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Behavioral Tracking and Session Replay Technologies Compare →

Copy.ai and its partners use tools that can record your actions on the platform, including which pages you visit, what you click, and in some cases a replay of your actual session activity, to analyze how users engage with the service.

Added May 10, 2026 Standard Seen across 284 platforms
California Resident Rights and Opt-Out of Sale or Sharing Compare →

California residents have specific legal rights under California privacy law to access, delete, and correct their data, and to stop Copy.ai from selling or sharing their personal information with third parties for cross-context behavioral advertising.

Added May 10, 2026 Standard Seen across 284 platforms
GDPR Rights for EU/EEA Users Compare →

Users in the EU, UK, and Switzerland have rights under GDPR and equivalent laws to see what data Copy.ai holds about them, correct it, delete it, restrict how it is used, and object to certain types of processing.

Added May 10, 2026 Standard Seen across 284 platforms
Data Sharing with Advertising and Analytics Partners Compare →

Copy.ai shares your usage and behavioral data with advertising and analytics companies, which may use that data to show you targeted ads and track your behavior across other websites and services beyond Copy.ai.

Added May 10, 2026 Standard Seen across 252 platforms
Data Retention Compare →

Copy.ai keeps your personal data for as long as needed to run the service and meet legal requirements, and deletes or anonymizes it afterward, but the notice does not specify precise retention periods for each data category.

Added April 30, 2026 Standard Seen across 284 platforms
International Data Transfers Compare →

If you use Copy.ai from outside the US, your data will be transferred to and stored in the United States, and using the service is treated as consent to that transfer.

Added April 30, 2026 Standard Seen across 284 platforms

Low — 1 provision

Children's Data and Age Restriction Compare →

Copy.ai's platform is not for children under 13, and the company states it does not intentionally collect data from that age group, with a commitment to delete such data if inadvertently collected.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Copy.ai has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI Model Training Data Use and similar clauses.

Compare across platforms →