Hugging Face Privacy Policy — Hugging Face

10 Total

1 High severity

6 Medium severity

3 Low severity

Summary

This is Hugging Face's privacy policy — the document that explains what personal information the company collects when you use its AI tools and website, how it uses that information, and who it might share it with. Hugging Face collects things like your email, IP address, payment details, and how you use the platform, and uses this to run the service, improve it, and communicate with you. If you are in the EU, you have rights to access, delete, or move your data, and you can contact privacy@huggingface.co to exercise them.

Technical Summary

This Privacy Policy, effective March 28, 2023, governs Hugging Face, Inc.'s collection, use, and sharing of Personal Information from users of its AI/ML platform services. The policy establishes legal bases for processing under GDPR (consent, contractual necessity, and legitimate interests), describes data collection categories including account data, usage data, cookies, and third-party sourced data, and outlines sharing with affiliates, service providers, and government authorities. Notable provisions include a 10-day policy change notice period with implied consent upon continued use, GDPR-aligned user rights (access, correction, deletion, portability, and objection), and explicit commitments to honor Do Not Track signals and refrain from selling personal data. The policy designates privacy@huggingface.co as the primary contact for data rights requests and discloses that data may be transferred internationally with appropriate safeguards.

Institutional Analysis

This policy explicitly engages GDPR (EU) 2016/679 as its primary regulatory framework, citing consent, contractual necessity, and legitimate interests as processing bases, and enumerates data subject rights including access, rectification, erasure, restriction, portability, and objection. Complianc…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured March 19, 2026 15:12 UTC

Document ID CA-D-000332

Version ID CA-V-000204

Source URL https://huggingface.co/privacy

Wayback Machine View archived versions →

SHA-256 21b510842ea58147a5984cf4c302d743f50c6d0c51a5529825736caf360aa8d7

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

March 19, 2026 — Initial capture

First snapshot archived

21b51084…

High Severity — 1 provision

Company Access to Private Content
Even if you mark your content as private, Hugging Face reserves the right to access it with or without your consent for security purposes or to comply with legal obligations.

Added March 20, 2026

Medium Severity — 6 provisions

10-Day Policy Change Notice with Implied Consent
Hugging Face can update this privacy policy at any time, and if you keep using the service 10 days after the change is posted, you are considered to have accepted the new terms.

Added March 20, 2026
GDPR Data Subject Rights
If you are in the EU, you have the right to access, correct, delete, export, or restrict the processing of your personal data, and you can object to how Hugging Face uses your information.

Added March 20, 2026
Sharing with Affiliates and Third-Party Service Providers
Hugging Face may share your personal data with its affiliated companies and with outside companies that help run the service, including in cases of merger or acquisition.

Added March 20, 2026
Legitimate Interests Processing Basis
Hugging Face may process your personal data without your specific consent when it decides it has a 'legitimate interest' in doing so, such as for security, research, or business operations.

Added March 20, 2026
Cookies Required for Service Access
Hugging Face uses cookies that are necessary to run the service, and if you disable them you will lose access to the platform entirely.

Added March 20, 2026
International Data Transfers
Hugging Face may transfer your personal data to other countries, including ones that may have different (potentially lower) privacy protections than your home country.

Added March 20, 2026

Low Severity — 3 provisions

Do Not Track Signal Compliance
Hugging Face says it honors Do Not Track signals from your browser and will not use tracking cookies or advertising when that signal is active.

Added March 20, 2026
No Sale of Personal Data
Hugging Face commits that it will not sell, rent, or lease your personal information to third parties, except as otherwise described in the policy.

Added March 20, 2026
Government and Legal Disclosure
Hugging Face may share your personal data with government authorities or law enforcement if required by law, or to protect the safety or rights of users and the company.

Added March 20, 2026