What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR as the primary framework, given DeepL SE's establishment in Germany and its designation as EU data controller; the UK ICO's jurisdiction applies to UK users under UK GDPR. California residents are addressed under CCPA, with rights to know, delete, and opt out of sale of personal information disclosed. The policy does not explicitly invoke HIPAA or FERPA, but enterprise customers in regulated industries transmitting sensitive content through Deep…

How does DeepL's DeepL Privacy Policy affect users?

The agreement establishes a tiered data handling model in which free-tier users' translation inputs may be used to improve DeepL's machine learning systems, while paid subscribers and API users are not subject to this training use and have their inputs deleted after processing. Under these terms, users' account data, device identifiers, IP addresses, and usage information are collected and may be shared with third-party processors for infrastructure, payment, and analytics purposes. You can req…

How often is DeepL's DeepL Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when DeepL updates this document?

Yes. Monitor subscribers ($19/month) can add DeepL to their watchlist and receive same-day email alerts whenever this document or any other DeepL document changes.

CA-D-000448

DeepL Privacy Policy

DeepL

Last change detected June 10, 2026 Privacy policy

SHA-256: 76281e602c1a12738c4… 13 versions captured 13 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at DeepL ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

5 Medium severity

2 Low severity

Summary

This is DeepL's privacy policy, covering how DeepL SE collects and processes personal data across its translation, writing, voice, and API products. The policy states that text submitted by free-tier users may be used to train and improve DeepL's AI models, while paid subscribers and API users have their translation inputs deleted after processing without use for training. The policy also discloses that account registration data, payment information, device identifiers, IP addresses, and usage analytics are collected and may be shared with third-party service providers including cloud hosting, payment processing, and analytics vendors.

Technical / Legal Breakdown

This document is DeepL's privacy policy, governing the collection, processing, and retention of personal data across DeepL's translation, writing, voice, and API services, with GDPR as the stated primary legal framework and DeepL SE (Cologne, Germany) identified as the data controller. The policy states that text and document inputs submitted by free-tier users may be used to improve DeepL's machine learning models, while the terms assert that paid subscribers and API users have their input data deleted after translation without use for training purposes. The policy discloses collection of account data, payment data, device identifiers, IP addresses, browser information, usage data, and communication metadata, and authorizes sharing with third-party processors including cloud infrastructure, payment, analytics, and customer support providers; the distinction between free-tier and paid-tier data handling for training purposes is operationally significant and document-explicit. The policy engages GDPR (as the primary framework, given DeepL SE's German establishment), the UK GDPR post-Brexit, CCPA for California residents, and references data subject rights including access, rectification, erasure, objection, and data portability; applicable law or regulatory guidance may limit how asserted processing rights apply in practice depending on jurisdiction. Material compliance considerations include the adequacy of consent mechanisms for free-tier training use, the legal basis asserted for each processing activity, the sufficiency of data processing agreements with listed sub-processors, and cross-border data transfer mechanisms for data routed outside the EEA.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

13 important changes detected

13 versions captured · Last updated: June 2026

June 10, 2026

low

What changed DeepL's privacy policy was updated on June 10, 2026 with a single sentence modification. A new headline was added to the table of contents: 'Welcome to the new DeepL API experience: More capabilities, more control and more ways of building with DeepL.' Additionally, one sentence referencing 'Real-time, voice-to-voice translation is here, and it's ready to transform global business' was removed from the navigation section. These changes appear to be editorial updates to the policy's header and navigation structure rather than substantive modifications to privacy rights, data handling, or user obligations.

Why this matters This change does not materially affect consumer privacy rights, data handling practices, or obligations under DeepL's privacy policy. The modification involves only the organizational structure and navigation header of the policy document. Users' data practices, consent requirements, and privacy protections remain governed by the substantive terms elsewhere in the policy.

View full change record →

June 9, 2026

low

What changed DeepL reorganized the navigation menu and table of contents structure in their Privacy Policy on June 9, 2026. The change reordered sections from a solutions-first layout (Teams, Localization, Legal, Marketing) to an enterprise-first layout (Enterprise Overview, Use Cases, then vertical solutions). This is a structural and organizational change to how the policy contents are presented, with no modification to substantive privacy rights, data practices, or consumer obligations.

Why this matters This change does not affect the substantive terms of DeepL's privacy practices, data collection, or user rights. The updated policy maintains the same privacy protections and disclosures; only the organizational structure and navigation sequence of the document was revised. No action is required by users.

View full change record →

June 5, 2026 low

DeepL's privacy policy document header was updated on June 5, 2026, removing a promotional reference to 'DeepL Spring Launch: 3 breakthroughs to accelerate language workflows' and adding a new promotional …

View change record →

June 2, 2026 unknown

DeepL updated their DeepL Privacy Policy on June 02, 2026. Change detected: 1 sentence(s) added, 1 sentence(s) removed, 1 sentence(s) modified. Document contained 634 sentences after update.

View change record →

May 29, 2026 unknown

DeepL updated their DeepL Privacy Policy on May 29, 2026. Change detected: 1 sentence(s) modified. Document contained 634 sentences after update.

View change record →

May 22, 2026 low

DeepL added a detailed table of contents to its Privacy Policy on May 22, 2026, restructuring how the policy is organized. The update adds 46 sentences of new section headers …

View change record →

May 11, 2026 low

DeepL's Privacy Policy footer navigation was updated on May 11, 2026 to include a link to 'Community' in the Resources section. The previous version did not list this navigation item. …

View change record →

May 6, 2026 low

DeepL's privacy policy page was updated on May 6, 2026 with minor changes to the header and navigation elements. One marketing tagline was added, and two sentences were modified, but …

View change record →

May 5, 2026 low

DeepL updated a headline on their privacy policy webpage from 'This is a test' to 'The hidden cost of caption churn in multilingual meetings.' This appears to be a minor …

View change record →

May 5, 2026 low

DeepL's privacy policy page was updated on May 5, 2026 with minor content changes to the introductory marketing text. The change removed some case study references and added a new …

View change record →

May 1, 2026 low

DeepL's privacy policy was updated on May 1, 2026 to revise promotional messaging in the document header. Two sentences promoting DeepL's Spring Event were removed, and the remaining promotional language …

View change record →

April 30, 2026 low

DeepL's privacy policy was updated on April 30, 2026 with a single sentence modification in the introductory marketing content. The change replaced a reference to 'DeepL's Flagship Report' with a …

View change record →

April 29, 2026 low

DeepL updated its Privacy Policy homepage on April 29, 2026 by replacing promotional content in the header section. The previous version featured event promotion language; the updated version now directs …

View change record →

Recent Provision Changes Jun 10, 2026

8 provisions unchanged.

View full change record →

High — 1 provision

Free-Tier Translation Input Used for AI Model Training Compare →

The policy states that translation inputs submitted by free-tier users may be used to train and improve DeepL's AI systems, while paid subscribers' inputs are deleted after translation and not used for training.

Added May 9, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Sub-Processor and Third-Party Data Sharing Compare →

The policy discloses that DeepL shares personal data with third-party service providers including cloud infrastructure, payment processors, customer support vendors, and analytics providers, and states that data processing agreements are in place with these providers.

Added May 7, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

The policy states that personal data may be transferred outside the EEA to third-party service providers, and asserts that appropriate safeguards such as Standard Contractual Clauses are used to govern these transfers.

Added May 20, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

The policy states that cookies and similar tracking technologies are used to collect browsing activity, feature usage, and interaction data for service improvement, personalization, analytics, and marketing purposes.

Added May 9, 2026 Standard Seen across 284 platforms
Data Retention Periods Compare →

The policy states that personal data is retained for as long as necessary to provide services and meet legal obligations, and that account closure triggers deletion within a reasonable period subject to legal retention requirements.

Added May 20, 2026 Standard Seen across 284 platforms
CCPA Rights for California Residents Compare →

The policy states that California residents have CCPA rights including the right to know, right to delete, right to opt out of sale of personal information, and the right to non-discrimination for exercising these rights.

Added May 20, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Data Subject Rights (Access, Erasure, Portability, Objection) Compare →

The policy states that users have GDPR data subject rights including access, rectification, erasure, restriction, portability, and objection, as well as the right to lodge a complaint with a supervisory authority.

Added April 30, 2026 Standard Seen across 284 platforms
Payment Data Processing Compare →

The policy states that credit card details, billing addresses, and transaction history are collected at the point of purchase and processed by PCI DSS-compliant third-party payment service providers.

Added May 20, 2026 Standard Seen across 284 platforms

Monitoring

DeepL has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Free-Tier Translation Input Used for AI Model Training and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured June 10, 2026 15:34 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000448

Version ID CA-V-003646

Source URL https://www.deepl.com/en/privacy

Wayback Machine View external archival references →

SHA-256 76281e602c1a12738c4381eafe941651bf95b56a2de50754e7eeff46ff30498f

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

DeepL Privacy Policy

June 10, 2026

June 9, 2026

Recent Provision Changes Jun 10, 2026

Monitor governance changes across the platforms you rely on.