If you use Groq from outside the US, your personal data is transferred to and stored in the United States, and Groq asks you to consent to this transfer by simply using the service.
EU, UK, and other non-US users' personal data is sent to the United States where it may have less legal protection, and the policy's reliance on implicit consent through service use may not provide the legal transfer mechanism required under GDPR, potentially leaving users' data transferred without adequate legal basis.
Cross-platform context
See how other platforms handle International Data Transfers and similar clauses.
Compare across platforms →Consent obtained by simply using a service (implicit consent) is not a valid legal basis for international data transfers under GDPR — Groq must rely on Standard Contractual Clauses, adequacy decisions, or another approved mechanism for EU/EEA users.
REGULATORY FRAMEWORK: This provision directly implicates GDPR Chapter V (Arts. 44-49) governing transfers of personal data to third countries, enforced by EU data protection authorities (lead supervisory authority determined by Groq's EU establishment or the user's member state). UK GDPR Chapter V applies for UK users post-Brexit. Acceptable transfer mechanisms include EU Standard Contractual Clauses (SCCs, per EC Decision 2021/914), adequacy decisions (the EU-US Data Privacy Framework as of 2023), or Binding Corporate Rules. The policy's approach of 'consent by using the service' does not satisfy GDPR Art. 49(1)(a) which requires freely given, specific, informed, and unambiguous consent that is not a condition of service.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.