Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Craigslist's practices regarding collection, use, and storage of personal information including name, email, phone number, location, and device data. The policy specifies that personal data is not sold or shared for advertising purposes, but authorizes transfer and storage of user data on United States-based servers regardless of user location. The document states that data security measures are provided on a good faith basis without guarantee of complete protection.
This document is Craigslist's privacy policy (updated May 29, 2024) governing data collection, use, storage, and disclosure across its websites, mobile applications, and related services. The policy explicitly states that Craigslist does not sell user data to third parties, does not share data for marketing purposes, and does not run advertising beyond user-posted classifieds; data is disclosed externally only to payment processors, phone verification service providers, fraud-prevention service providers, and in response to legal process or corporate transactions. Notably, the policy does not respond to 'Do Not Track' signals, makes no guarantee of data security (stating only 'good faith efforts'), and the international data transfer clause operates as a consent-by-use mechanism, which may engage evaluation under GDPR adequacy and transfer requirements for users in the EU and EEA. The policy acknowledges California Consumer Privacy Act rights for California residents, including rights to know, delete, and non-discrimination, with submission mechanisms at a dedicated URL and email address; it also provides a minor-user content removal mechanism under California law. Compliance teams should note the absence of explicit references to GDPR consent bases, data processing agreements, or a formal data retention schedule, which may create exposure for operations affecting EU or UK users.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Craigslist has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle International Data Transfer — Consent by Access and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.