Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has jurisdiction over automatic collection of personal data including IP addresses and location data under FTC Act Section 5 if collection practices are inconsistent with disclosed privacy practices.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Information We Automatically Collect clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Information We Automatically Collect — Hugging Face

Share 𝕏 Share in Share 🔒 PDF

What it is

Every time you use Hugging Face, it automatically records your location, IP address, device type, browser, operating system, and login activity — without you actively providing this information.

Consumer impact (what this means for users)

Simply browsing Hugging Face results in automatic collection of your IP address, geographic location, device specifications, and session activity, which together can be used to identify and profile you even without account registration.

Cross-platform context

See how other platforms handle Information We Automatically Collect and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Automatic collection of IP address and location data means Hugging Face builds a detailed profile of when and where you access the platform, even if you never consciously share personal information.

View original clause language

The Company automatically records information from your use of the Services such as: information about your Use of the Services, your session (date, location), your IP address, information from cookies, especially your login information, your preferences, information about your device: type, model, version, operating system, browser.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: IP addresses and device fingerprint data constitute personal data under GDPR Recital 30 and Art. 4(1) (confirmed by CJEU in Breyer v. Germany, C-582/14). This triggers GDPR Arts. 5, 6, and 13 obligations for lawful, transparent collection. Location data derived from IP addresses may constitute sensitive inference data in some contexts. CCPA §1798.140 includes IP addresses in the definition of personal information. FTC Act Section 5 applies to deceptive practices in automatic data collection. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has jurisdiction over automatic collection of personal data including IP addresses and location data under FTC Act Section 5 if collection practices are inconsistent with disclosed privacy practices.
File a complaint →

Provision details

Document information

Document

Hugging Face Privacy Policy

Entity

Hugging Face

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003745

Document ID

CA-D-00332

Evidence Provenance

Source URL

https://huggingface.co/privacy

Wayback Machine

View archived versions →

SHA-256

497c505a01512cafb742e94806b72cf15ec677bfabc6cb905f6ed30aa2fb9b85

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Hugging Face | Document: Hugging Face Privacy Policy | Record: CA-P-003745
Captured: 2026-04-28 05:39:29 UTC | SHA-256: 497c505a01512caf…
URL: https://conductatlas.com/platform/hugging-face/hugging-face-privacy-policy/information-we-automatically-collect/
Accessed: May 2, 2026

Classification

Severity

Medium

Information We Automatically Collect