Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over unfair or deceptive handling of sensitive consumer data including health and financial information.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'California CPPA enforces CPRA §1798.121 rights to limit use of sensitive personal information.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Sensitive Personal Information Handling clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Sensitive Personal Information Handling — Copy.ai

Share 𝕏 Share in Share 🔒 PDF

What it is

Copy.ai promises to only use sensitive personal information (like health data, financial data, or precise location) for the specific purposes it disclosed, not to build profiles or infer characteristics about you.

Consumer impact (what this means for users)

If you input sensitive personal information into Copy.ai's platform — such as health-related content or financial data — the policy commits to using it only for delivering the requested service, not for profiling or inference.

Cross-platform context

See how other platforms handle Sensitive Personal Information Handling and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

CPRA specifically grants California consumers the right to limit use of sensitive personal information — this clause is Copy.ai's representation that it honors that limit, but enforcement depends on user awareness and opt-out action.

View original clause language

We do not use sensitive personal information for purposes other than those disclosed in this Privacy Notice or as permitted by applicable law, including to infer characteristics about consumers. If you choose to provide sensitive personal information, we will only use it to provide the services you have requested.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision directly implicates CPRA §1798.121 (right to limit use and disclosure of sensitive personal information; enforced by CPPA), GDPR Art. 9 (special category data requiring explicit consent or specific exemption; enforced by EU DPAs), and Virginia CDPA §59.1-571 (sensitive data consent requirements). Sensitive categories under CPRA include SSNs, financial account credentials, precise geolocation, racial/ethnic origin, health data, and sexual orientation.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over unfair or deceptive handling of sensitive consumer data including health and financial information.
File a complaint →
State AG

California CPPA enforces CPRA §1798.121 rights to limit use of sensitive personal information.
File a complaint →

Provision details

Document information

Document

Copy.ai Privacy Policy

Entity

Copy.ai

Document last updated

April 29, 2026

Tracking information

First tracked

April 30, 2026

Last verified

April 30, 2026

Record ID

CA-P-004319

Document ID

CA-D-00478

Evidence Provenance

Source URL

https://www.copy.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

9183ba77b2f278d16e28b621008d3faeb2076ade22123648a918780406964874

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Copy.ai | Document: Copy.ai Privacy Policy | Record: CA-P-004319
Captured: 2026-04-30 08:38:18 UTC | SHA-256: 9183ba77b2f278d1…
URL: https://conductatlas.com/platform/copyai/copyai-privacy-policy/sensitive-personal-information-handling/
Accessed: May 2, 2026

Classification

Severity

Medium

Sensitive Personal Information Handling