DeepL · DeepL Privacy Policy

International Data Transfers and Standard Contractual Clauses

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

DeepL may send your personal data to service providers in the US and other countries outside the EU, but uses standard legal contracts (SCCs) to try to ensure your data stays protected.

Consumer impact (what this means for users)

Your personal data processed by DeepL may be transferred to and processed in the United States or other countries with different privacy standards, protected only by contractual safeguards that may be subject to US government access requests.

Cross-platform context

See how other platforms handle International Data Transfers and Standard Contractual Clauses and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Transfers of personal data to the US and other non-adequate countries carry inherent legal risk, and the effectiveness of SCCs depends on a case-by-case Transfer Impact Assessment that users cannot independently verify.

View original clause language
Some of our service providers are based outside the EU/EEA, including in the United States. Where we transfer personal data outside the EU/EEA, we ensure that an adequate level of data protection is guaranteed. We use EU Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard such transfers.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: International transfers are governed by GDPR Chapter V, specifically Arts. 44–49. SCCs are authorized under Commission Implementing Decision (EU) 2021/914. The EU-US Data Privacy Framework (adequacy decision, July 2023) may also apply to US-based processors that are DPF-certified. UK transfers require UK SCCs (IDTA) or the UK Addendum. Enforcement is by LDI NRW and member state DPAs. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces compliance with the EU-US Data Privacy Framework for US-based companies and may investigate inadequate data transfer safeguards under Section 5 of the FTC Act.
    File a complaint →

Provision details

Document information
Document
DeepL Privacy Policy
Entity
DeepL
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004052
Document ID
CA-D-00448
Evidence Provenance
Source URL
https://www.deepl.com/en/privacy
Wayback Machine
View archived versions →
SHA-256
1d621c54ed3a19fc9ce7b2fc58fa1eb740cb4e4b7669ebdc020370950f152344
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: DeepL | Document: DeepL Privacy Policy | Record: CA-P-004052
Captured: 2026-04-30 05:39:12 UTC | SHA-256: 1d621c54ed3a19fc…
URL: https://conductatlas.com/platform/deepl/deepl-privacy-policy/international-data-transfers-and-standard-contractual-clauses/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document