What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy explicitly engages GDPR for EU/EEA data subjects, the UK GDPR, Brazil's LGPD, and the CCPA/CPRA for California residents. Fastly identifies the FTC as a relevant enforcement authority in the context of its Privacy Shield successor commitments. Cross-border data transfers from the EU are stated to rely on Standard Contractual Clauses. The policy's advertising and cookie tracking activities may require evaluation under the EU ePrivacy Directive and national c…

How does Fastly's Fastly Privacy Policy affect users?

The policy permits Fastly to collect personal data across multiple interaction types—website visits, service subscriptions, and business communications—and to share such data with third-party vendors for service delivery, advertising, and analytics functions. Individuals subject to California and EU/EEA privacy regulations may exercise data access, correction, and deletion rights by contacting the designated privacy email address. The scope of data collection and third-party sharing applies to …

How often is Fastly's Fastly Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Fastly updates this document?

Yes. Monitor subscribers ($19/month) can add Fastly to their watchlist and receive same-day email alerts whenever this document or any other Fastly document changes.

CA-D-000676

Fastly Privacy Policy

Fastly

Last change detected May 5, 2026 Privacy policy

SHA-256: 3c71a4823fe9dcef894… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Fastly ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

6 Medium severity

2 Low severity

Summary

This document establishes Fastly's privacy practices for personal data collected from website visitors, service subscribers, and business contacts, including name, email address, company information, usage logs, payment details, and device identifiers. The policy authorizes disclosure of collected data to third-party service providers, advertising partners, and analytics tools. Residents of California and EU/EEA jurisdictions are granted rights to access, correct, or delete personal data upon request submitted to privacy@fastly.com.

Technical / Legal Breakdown

This document is Fastly's Privacy Policy, governing how Fastly collects, uses, shares, and protects personal data from visitors to its website, prospective and current customers, and individuals whose data is processed through its edge cloud services, with stated legal bases including consent, legitimate interests, and contractual necessity under GDPR and equivalent frameworks. The policy states that Fastly collects personal data including contact information, usage data, log data, payment information, and device and browser identifiers, and the terms authorize sharing this data with service providers, business partners, advertising networks, and in the context of corporate transactions such as mergers or acquisitions. A notable structural distinction in this policy is the explicit separation between Fastly's role as a data controller (for website visitors and its own customers) and as a data processor (for personal data passing through customer-configured services), which limits Fastly's direct privacy obligations regarding end-user data handled on behalf of its enterprise clients. The policy references GDPR compliance for EU/EEA residents, CCPA/CPRA rights for California residents, and additional rights for UK, Swiss, and Brazilian data subjects, and states that Fastly relies on Standard Contractual Clauses for cross-border data transfers from the EU. Compliance teams should note that the policy's processor-controller distinction has direct implications for data subject request handling workflows, and that Fastly's advertising and analytics data sharing activities may require evaluation under applicable consent and cookie regulations including the ePrivacy Directive.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

Medium — 6 provisions

Controller vs. Processor Distinction Compare →

When Fastly processes data as part of delivering services for its business clients, the business client is legally responsible for that data, not Fastly. If you are a regular internet user whose data passes through Fastly's network, you need to contact the website or service you were using, not Fastly, to exercise your privacy rights.

Added May 11, 2026 Standard Seen across 284 platforms
Data Sharing with Advertising and Analytics Partners Compare →

Fastly uses third-party advertising and analytics companies that can track your behavior on Fastly's website and potentially across other websites over time. This tracking is used to understand usage patterns and may be used to serve targeted advertising.

Added May 11, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers via Standard Contractual Clauses Compare →

When Fastly moves personal data from the EU, UK, or Switzerland to other countries (such as the US), it uses Standard Contractual Clauses, which are pre-approved legal contracts designed to ensure data protection standards follow the data. This is the primary legal mechanism Fastly uses to authorize international data transfers.

Added May 11, 2026 Standard Seen across 284 platforms
California Resident Rights under CCPA/CPRA Compare →

California residents have specific legal rights to know what data Fastly has collected about them, to request deletion, to correct inaccurate data, and to opt out of any sale or sharing of their personal information for advertising purposes. Fastly states it will not discriminate against you for exercising these rights.

Added May 11, 2026 Standard Seen across 284 platforms
Data Retention Practices Compare →

Fastly keeps your personal data for as long as it needs to for the purposes it was collected, plus any additional time required by law or to resolve disputes. The policy does not specify fixed retention periods for most data categories.

Added May 11, 2026 Standard Seen across 284 platforms
Use of Cookies and Tracking Technologies Compare →

Fastly uses cookies, web beacons, tags, and scripts on its website to collect information about how visitors use the site and to support analytics and advertising purposes. These technologies can identify you across sessions and, through third-party providers, potentially across other websites.

Added May 11, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Data Sharing in Corporate Transactions Compare →

If Fastly is acquired, merges with another company, or undergoes a significant financial transaction, your personal data may be transferred to the new or acquiring entity as part of that deal, potentially even before it is finalized.

Added May 11, 2026 Standard Seen across 284 platforms
EU/EEA and UK Data Subject Rights Compare →

If you are in the EU, EEA, or UK, you have the right to see, correct, delete, or move your personal data held by Fastly, and to object to or limit how Fastly uses it. These are legally enforceable rights under GDPR and UK GDPR.

Added May 11, 2026 Standard Seen across 284 platforms

Monitoring

Fastly has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Controller vs. Processor Dual Role and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 5, 2026 06:36 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000676

Version ID CA-V-001314

Source URL https://www.fastly.com/privacy/

Wayback Machine View external archival references →

SHA-256 3c71a4823fe9dcef89423150ae9436e908ffb74d5c40a1e3f639b91d4d87d224

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Fastly Privacy Policy

Monitor governance changes across the platforms you rely on.