What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: The policy explicitly engages GDPR and UK GDPR for EEA and UK users, CCPA for California residents, and references data subject rights consistent with these frameworks. The FTC Act is relevant to data sharing and advertising practices described in the policy. The EU AI Act may engage given LangChain's role as a provider of AI development infrastructure, though the policy does not address this framework directly. Primary enforcement authorities include the FTC, EU data prot…

How does LangChain's LangChain Privacy Policy affect users?

Users of LangSmith and related LangChain services operate under terms that authorize collection of submitted AI trace data alongside standard identifiers. The policy permits sharing of collected data with third-party service providers, analytics vendors, advertising partners, and retention or transfer of data in connection with business transactions. Users in California, the EU, and the UK have established rights to request access to, correction of, or deletion of their personal data through th…

How often is LangChain's LangChain Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when LangChain updates this document?

Yes. Monitor subscribers ($19/month) can add LangChain to their watchlist and receive same-day email alerts whenever this document or any other LangChain document changes.

CA-D-000805

LangChain Privacy Policy

LangChain

Last change detected May 12, 2026 Privacy policy

SHA-256: afc560df488063657dd… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at LangChain ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

2 High severity

4 Medium severity

3 Low severity

Summary

This document establishes LangChain's data collection and processing practices for users of its website, LangSmith platform, and related developer tools. LangChain collects personal identifiers (name, email, IP address, device data) and AI trace data submitted through LangSmith, including prompts and model responses, and authorizes sharing this information with analytics vendors, advertising partners, and business partners. The policy establishes data subject rights for California residents and EU/UK users, including mechanisms to request access, correction, or deletion of personal data by contacting privacy@langchain.dev.

Technical / Legal Breakdown

This document is LangChain's privacy policy governing the collection, use, storage, and disclosure of personal information in connection with LangChain's websites, LangSmith platform, open-source frameworks, and related services, with California Consumer Privacy Act (CCPA) and GDPR acknowledged as applicable frameworks. The policy states LangChain collects identifiers (name, email, username), device and usage data (IP address, browser type, operating system, pages visited, clickstream data), payment information processed via third-party processors, and content users submit through the services including AI model inputs and outputs (traces, prompts, completions). The policy authorizes sharing personal information with service providers, business partners, analytics vendors, and advertising partners, and reserves the right to share data in connection with business transfers including mergers, acquisitions, or asset sales; the document also states that LangSmith users' trace data, which may include sensitive AI workflow content such as prompts and model responses, is collected and stored by LangChain as part of the service. The policy engages GDPR and UK GDPR for EEA and UK users, CCPA for California residents, and potentially the EU AI Act given the nature of AI development tooling, with the policy providing rights mechanisms for data access, deletion, correction, and portability dependent on the user's jurisdiction. Material compliance considerations include the scope of AI trace data retention, the adequacy of consent mechanisms for international data transfers, and the operational question of whether LangSmith enterprise customers' data processing agreements are adequately addressed by this public-facing policy.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 2 provisions

AI Trace Data Collection via LangSmith Compare →

When you use LangSmith, LangChain collects the AI trace data you submit, including the prompts you send to AI models and the responses those models return, along with pipeline metadata.

Added May 12, 2026 Standard Seen across 284 platforms
International Data Transfers Compare →

LangChain may move your personal data to the United States or other countries that may have different, potentially less protective, data privacy laws than your home country.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Data Sharing with Third-Party Partners Compare →

LangChain may share your personal data with outside companies that help run its services, including companies that handle advertising, analytics, payments, and cloud hosting.

Added May 12, 2026 Standard Seen across 252 platforms
Business Transfer Disclosure Compare →

If LangChain is sold, merged, or goes through a major corporate change, your personal data including AI trace data, account information, and usage history may be transferred to the new owner.

Added May 12, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

LangChain uses cookies and similar tracking tools to monitor how you use its website and products, collecting data like pages visited, clicks, your IP address, and device identifiers, which may be used for advertising purposes.

Added May 12, 2026 Common Seen across 170 platforms
Data Retention Compare →

LangChain keeps your personal data for as long as it needs to run its services and meet legal requirements, after which it states it will delete or anonymize the data.

Added May 12, 2026 Standard Seen across 284 platforms

Low — 3 provisions

California Resident Rights (CCPA) Compare →

If you live in California, you have the right to see what data LangChain has collected about you, ask for it to be deleted, and opt out of any sale of your data, with no penalty for exercising these rights.

Added May 12, 2026 Standard Seen across 284 platforms
GDPR Rights for EU and UK Users Compare →

If you are in the EU or UK, you have rights under GDPR to see, correct, delete, or transfer your personal data, and to object to how LangChain uses it, and you can contact privacy@langchain.dev to exercise these rights.

Added May 12, 2026 Standard Seen across 284 platforms
Policy Update Notification Compare →

LangChain may change this privacy policy at any time and says it will notify you by email or website notice if the changes are significant, but it encourages you to check the policy regularly.

Added May 12, 2026 Standard Seen across 284 platforms