Databricks shares your personal data with a range of vendors and service providers who help run its business, covering a broad list of operational functions from hosting to payment processing to email delivery.
This analysis describes what Databricks's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of service provider categories means your data may flow to numerous third parties, and the protections applied to your data depend on Databricks' contracts with each of those vendors.
Provides transparency about routine sharing with service providers performing standard business functions, distinguishing this from advertising/analytics partner sharing.
View full change record →Your personal information collected by Databricks may be shared with multiple third-party vendors operating in various service categories, and the security and handling of your data by these vendors depends on Databricks' vendor management practices rather than being directly visible to you.
How other platforms handle this
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
We may share your information with third parties that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with business partners who offer products or services that...
Monitoring
Databricks has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third-party service providers that perform services on our behalf, such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.— Excerpt from Databricks's Databricks Privacy Notice
REGULATORY LANDSCAPE: Under GDPR Article 28, sharing with service providers who process personal data on Databricks' behalf requires written data processing agreements with each processor. Under CPRA, service providers must be bound by written contracts limiting downstream data use. The FTC has authority over inadequate vendor data protection practices. Relevant enforcement authorities include EU supervisory authorities, the California Privacy Protection Agency, and the FTC. GOVERNANCE EXPOSURE: Low to Medium. Service provider sharing for operational purposes is standard practice and expected in enterprise software contexts. The risk is in the adequacy of downstream contracts and the scope of permitted secondary uses by vendors. JURISDICTION FLAGS: EU/EEA and California create the highest compliance requirements for documented processor agreements with service providers. Healthcare and financial services contexts may impose additional restrictions on vendor sharing under HIPAA and GLBA respectively. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers whose data flows to Databricks should request the list of sub-processors as typically required under GDPR-compliant DPAs, and should assess whether any sub-processor categories create elevated risk for their specific data types. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Databricks' vendor agreements with listed service providers include appropriate data processing restrictions, confidentiality obligations, and security requirements, and that Databricks maintains an up-to-date sub-processor list consistent with DPA commitments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of service provider categories means your data may flow to numerous third parties, and the protections applied to your data depend on Databricks' contracts with each of those vendors.
Your personal information collected by Databricks may be shared with multiple third-party vendors operating in various service categories, and the security and handling of your data by these vendors depends on Databricks' vendor management practices rather than being directly visible to you.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Databricks.