When you use LangSmith, LangChain collects the AI trace data you submit, including the prompts you send to AI models and the responses those models return, along with pipeline metadata.
This analysis describes what LangChain's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
AI trace data submitted to LangSmith may contain sensitive business information, proprietary logic, or personal data embedded in prompts and completions, and the policy states this data is collected and stored by LangChain as part of the service.
Interpretive note: The policy does not clearly delineate LangChain's role as data controller versus data processor for enterprise customers' trace submissions, creating interpretive ambiguity about the scope of this provision for B2B use cases.
Developers and enterprise users of LangSmith should be aware that the content of AI traces, including prompts, model inputs, and completions they log, is collected by LangChain and subject to the data practices described in this policy, including potential sharing with service providers.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
LangChain has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When you use LangSmith, we collect the data you submit to the service, including traces, which may include inputs and outputs to AI models (such as prompts and completions), metadata about your AI pipelines, and other content you choose to log or submit to LangSmith.— Excerpt from LangChain's LangChain Privacy Policy
REGULATORY LANDSCAPE: Collection of AI trace data implicates GDPR Articles 5 and 6 regarding lawful basis for processing personal data that may be embedded in prompts or completions. If traces contain health, financial, or biometric data submitted by end users of a customer's AI application, additional regulatory frameworks including HIPAA, GLBA, or GDPR Article 9 special categories may apply. The FTC may have jurisdiction over data practices related to this collection under its unfair or deceptive practices authority. GOVERNANCE EXPOSURE: High. The collection of AI trace data creates significant compliance exposure because the content of prompts and completions submitted by enterprise customers may contain end-user personal data, proprietary business information, or regulated data categories. The policy does not distinguish between LangChain's role as data controller versus data processor in the context of enterprise customers' LangSmith deployments, which creates ambiguity about GDPR Article 28 obligations. JURISDICTION FLAGS: EU/EEA users and enterprise customers processing EEA resident data face heightened exposure under GDPR, particularly regarding lawful basis for processing and obligations to ensure downstream processors have adequate safeguards. California enterprise customers should assess whether AI trace data constitutes personal information subject to CCPA. Organizations in healthcare or financial services should evaluate whether trace data may include HIPAA-protected health information or GLBA-covered financial data. CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm whether a Data Processing Agreement exists with LangChain that addresses AI trace data specifically, and whether that agreement satisfies GDPR Article 28 requirements. The public-facing privacy policy does not reference enterprise DPAs, creating a due diligence gap for B2B customers. Standard commercial practice for AI infrastructure providers typically includes explicit DPAs for enterprise tiers. COMPLIANCE CONSIDERATIONS: Compliance teams at enterprise customers should conduct a data mapping exercise to identify whether their LangSmith trace submissions contain personal data or regulated data categories. Legal teams should request and review LangChain's DPA and sub-processor list. Organizations subject to GDPR should confirm the legal basis for any transfer of trace data to LangChain's US infrastructure and ensure Standard Contractual Clauses or equivalent transfer mechanisms are in place.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
AI trace data submitted to LangSmith may contain sensitive business information, proprietary logic, or personal data embedded in prompts and completions, and the policy states this data is collected and stored by LangChain as part of the service.
Developers and enterprise users of LangSmith should be aware that the content of AI traces, including prompts, model inputs, and completions they log, is collected by LangChain and subject to the data practices described in this policy, including potential sharing with service providers.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by LangChain.