NVIDIA Privacy Policy

This document is NVIDIA Corporation's global Privacy Policy, governing the collection, use, storage, and disclosure of personal information across NVIDIA's websites, applications, products, and services worldwide, with stated legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The policy states that NVIDIA collects identifiers, contact information, device and usage data, financial information, location data, inferences, and in some contexts biometric and health-related information, and the terms authorize sharing this data with service providers, business partners, advertising and analytics vendors, data brokers, and affiliated entities. The policy reserves the right to use personal data for AI and machine learning model training when users interact with NVIDIA AI products and services, a practice that engages ongoing regulatory scrutiny in multiple jurisdictions and that the agreement asserts is subject to opt-out mechanisms, though the practical scope of those mechanisms and the identifiability of data used in training are not fully specified. The policy explicitly addresses GDPR, CCPA/CPRA, and references rights frameworks applicable in the EU, EEA, UK, California, and other jurisdictions, with NVIDIA asserting a range of data subject rights including access, deletion, correction, portability, and objection; compliance practitioners should evaluate whether NVIDIA's stated lawful bases, cross-border transfer mechanisms, and opt-out procedures satisfy applicable regulatory requirements in each operative jurisdiction. The breadth of data categories collected, the scope of third-party sharing authorized, and the AI training use case create material compliance considerations particularly under GDPR Articles 5, 6, 13, 14, and 17, CCPA/CPRA, and the EU AI Act, with enforcement authority distributed across EU Data Protection Authorities, the UK ICO, the FTC, and state attorneys general.