The policy establishes that any use or access of Figure AI's services constitutes the user's acknowledgment of and consent to the data collection, use, and disclosure practices described in the policy.
This analysis describes what Figure AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes continued service use as the mechanism of consent for all data collection and disclosure practices described in the policy, including collection of sensitive and sensory data categories. Under certain U.S. state privacy laws and potentially the GDPR if applicable, opt-in or affirmative consent requirements for sensitive data categories may not be satisfied by a consent-by-use mechanism.
Interpretive note: Whether a consent-by-use mechanism satisfies affirmative or opt-in consent requirements under specific U.S. state privacy laws or GDPR depends on jurisdiction and regulatory enforcement interpretation.
Under this clause, accessing or using the services in any manner establishes the user's consent to collection, use, and disclosure of all personal data categories described in the policy. Users who do not affirmatively opt in but access the services are treated as having consented to the described data practices, including collection of sensory data and geolocation data.
Cross-platform context
See how other platforms handle Consent-by-Use Mechanism and similar clauses.
Compare across platforms →Monitoring
Figure AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy.— Excerpt from Figure AI's Figure AI Privacy Policy
1) REGULATORY LANDSCAPE: This provision implicates the CCPA and CPRA, which require opt-in consent for collection and use of sensitive personal data in certain contexts. State laws including the Colorado Privacy Act and Connecticut Data Privacy Act similarly require affirmative opt-in for sensitive data processing. The FTC has enforcement authority over deceptive or unfair consent mechanisms under the FTC Act. Where the GDPR applies, consent must be freely given, specific, informed, and unambiguous, which a consent-by-use mechanism may not satisfy. 2) GOVERNANCE EXPOSURE: Medium. The consent-by-use framing may not satisfy opt-in consent requirements applicable to sensitive personal data categories under CPRA or state equivalents. The provision's enforceability as a consent mechanism is jurisdiction-dependent and may face regulatory scrutiny where affirmative consent is required. 3) JURISDICTION FLAGS: California (CPRA sensitive data opt-in requirements), Colorado, Connecticut, and other U.S. states with explicit consent requirements for sensitive data processing create heightened exposure. EU and UK jurisdictions create additional exposure if services are accessed by users in those regions, as GDPR consent standards are more prescriptive. 4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and compliance teams should assess whether vendor agreements downstream of this consent mechanism adequately reflect the consent basis asserted, particularly for vendors processing sensory or sensitive data categories. If the consent basis is challenged, downstream vendor processing agreements may require amendment. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the consent-by-use mechanism satisfies applicable opt-in requirements for each sensitive data category collected, particularly sensory data. A consent mechanism audit is warranted to assess whether layered or category-specific consent is required under applicable state laws. If EU or UK users access the services, a separate GDPR-compliant consent mechanism should be assessed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes continued service use as the mechanism of consent for all data collection and disclosure practices described in the policy, including collection of sensitive and sensory data categories. Under certain U.S. state privacy laws and potentially the GDPR if applicable, opt-in or affirmative consent requirements for sensitive data categories may not be satisfied by a consent-by-use mechanism.
Under this clause, accessing or using the services in any manner establishes the user's consent to collection, use, and disclosure of all personal data categories described in the policy. Users who do not affirmatively opt in but access the services are treated as having consented to the described data practices, including collection of sensory data and geolocation data.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Figure AI.