The policy states that OpenRouter automatically collects traffic data, location data, log files, browser history, search queries, clicked links, page views, IP address, operating system, browser type, time zone, and other unique device or online identifiers as users interact with the Site or Service.
This analysis describes what OpenRouter's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes collection of a broad set of behavioral and device-level identifiers through automatic technologies, including data categories such as location data and browser history that may constitute personal data or sensitive data under applicable privacy frameworks.
This provision explicitly details automatic data collection of behavioral and device information, significantly expanding transparency about what data is automatically captured beyond just cookies.
View full change record →The agreement establishes that device identifiers, location data, browsing history, and IP addresses are collected automatically without requiring affirmative user action, and these data types may be used in conjunction with cookies to build behavioral profiles or deliver personalized content.
How other platforms handle this
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
OpenRouter has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"As you navigate through and interact with our Site or Service, we may use automatic data collection technologies to collect certain information about your device, browsing actions and patterns, including: Details of your visits to our Site, including, but not limited to, traffic data, location data, log files to understand how our Service is performing, browser history, search, information about links you click, pages you view, and other communication data and the resources that you access and use on the Site. Information about your computer and internet connection, including your IP address, operating system and browser type, time zone setting, and other unique personal or online identifiers.— Excerpt from OpenRouter's OpenRouter Privacy Policy
REGULATORY LANDSCAPE: Automatic collection of IP addresses, location data, and device identifiers constitutes personal data processing under GDPR, requiring a lawful basis for each processing purpose. The CCPA classifies IP addresses, browsing history, and geolocation as personal information categories subject to disclosure and opt-out obligations. The FTC Act's framework for unfair or deceptive data practices applies to the adequacy of disclosures about automatic collection. GOVERNANCE EXPOSURE: Medium. The policy's enumeration of collected data categories is reasonably specific, but the phrase 'including but not limited to' preserves flexibility for additional undisclosed collection. Location data collection in particular may require heightened disclosure or consent under various state privacy laws. JURISDICTION FLAGS: EU and EEA users have heightened exposure given that behavioral tracking and device identifier collection requires a lawful GDPR basis, which the policy does not specify by processing category. California users have CCPA rights over geolocation, browsing history, and IP address data. Illinois users should note that unique biometric or device identifiers may implicate BIPA depending on the specific technologies deployed. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers whose employees use OpenRouter should assess whether automatic collection of device identifiers and behavioral data from corporate devices creates obligations under their own privacy programs or employment agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should request a data inventory from OpenRouter specifying the precise automatic collection technologies in use, retention periods for each data category, and the third parties with whom automatically collected data is shared. The adequacy of cookie consent mechanisms under GDPR's ePrivacy requirements should also be evaluated.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes collection of a broad set of behavioral and device-level identifiers through automatic technologies, including data categories such as location data and browser history that may constitute personal data or sensitive data under applicable privacy frameworks.
The agreement establishes that device identifiers, location data, browsing history, and IP addresses are collected automatically without requiring affirmative user action, and these data types may be used in conjunction with cookies to build behavioral profiles or deliver personalized content.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenRouter.