If you are in the EU or UK, you have rights under GDPR to see, correct, delete, or transfer your personal data, and to object to how LangChain uses it, and you can contact privacy@langchain.dev to exercise these rights.
This analysis describes what LangChain's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
EU and UK users have enforceable rights under GDPR and UK GDPR including data access, erasure, portability, and the right to object to processing, and the policy provides a contact mechanism and acknowledges the right to complain to a supervisory authority.
EU and UK users can contact privacy@langchain.dev to exercise GDPR rights including access to, correction of, deletion of, or portability of their personal data, and can lodge complaints with their national data protection authority if they believe their rights have been violated.
Cross-platform context
See how other platforms handle GDPR Rights for EU and UK Users and similar clauses.
Compare across platforms →Monitoring
LangChain has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area or the United Kingdom, you have the right to access, rectify, or erase your personal information, the right to restrict or object to our processing of your personal information, and the right to data portability. You also have the right to lodge a complaint with a supervisory authority. To exercise these rights, please contact us at privacy@langchain.dev.— Excerpt from LangChain's LangChain Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR (EU) 2016/679 and UK GDPR, enforced by EU national data protection authorities and the UK Information Commissioner's Office respectively. The provision must operationally satisfy GDPR requirements including response within one month (extendable to three months), provision of information in a concise and intelligible format, and no fee for standard requests. The policy does not identify the lawful basis for each processing activity, which is a transparency requirement under GDPR Article 13 and 14. GOVERNANCE EXPOSURE: Medium. The provision acknowledges GDPR rights but does not address the lawful basis for each processing activity, the identity of the EU or UK data controller representative, or the mechanism for international data transfers from the EEA or UK to LangChain's US infrastructure. These gaps may create regulatory exposure with EU supervisory authorities. JURISDICTION FLAGS: EU/EEA users benefit from the full GDPR rights framework including the right to erasure and portability, which are more comprehensive than US equivalents. UK users have substantively similar rights under UK GDPR. LangChain's apparent operation from the US requires an adequacy decision, Standard Contractual Clauses, or other transfer mechanism for EEA-to-US data flows. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers processing EEA or UK resident data through LangSmith must confirm a GDPR-compliant DPA is in place with LangChain as data processor. The absence of a disclosed EU or UK representative and transfer mechanism in this policy creates due diligence gaps for EU enterprise procurement teams. COMPLIANCE CONSIDERATIONS: Legal teams should request documentation of LangChain's GDPR transfer mechanisms for US-bound data flows, including Standard Contractual Clauses if applicable. The policy should be reviewed for GDPR Article 13 compliance, particularly the disclosure of lawful basis for each processing category. Compliance teams should verify that LangChain's request handling infrastructure can satisfy GDPR's one-month response timeline.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
EU and UK users have enforceable rights under GDPR and UK GDPR including data access, erasure, portability, and the right to object to processing, and the policy provides a contact mechanism and acknowledges the right to complain to a supervisory authority.
EU and UK users can contact privacy@langchain.dev to exercise GDPR rights including access to, correction of, deletion of, or portability of their personal data, and can lodge complaints with their national data protection authority if they believe their rights have been violated.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by LangChain.