The policy states that OpenRouter uses first-party and third-party cookies to collect information about user activities over time and across third-party websites and online services, including for the purpose of delivering content tailored to user interests.
This analysis describes what OpenRouter's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes cross-site behavioral tracking through third-party cookies, a data practice that engages both GDPR consent requirements and CCPA opt-out rights, and that the policy links to marketing and content personalization purposes.
This new provision explicitly discloses third-party cookies and cross-site tracking for behavioral purposes, which was previously only vaguely referenced in the general 'Cookies and Cross-Context Behavioral Advertising' provision.
View full change record →Under these terms, OpenRouter and its third-party cookie partners may track user activity across websites and online services over time; users can disable performance and functional cookies through browser settings, though strictly necessary cookies cannot be disabled.
How other platforms handle this
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
OpenRouter has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We use first-party and third-party cookies for the following purposes: to make our Site function properly, to improve our Site and Services, to make login to our Site or Service easier (such as by remembering your User ID), to recognize you when you return to our Site, to track your interaction with the Site, to enhance your experience with the Site and Service, to remember information you have already provided, to collect information about your activities over time and across third party websites or other online services in order to deliver content tailored to your interests; and to provide a secure browsing experience during your use of our Site.— Excerpt from OpenRouter's OpenRouter Privacy Policy
REGULATORY LANDSCAPE: Cross-site behavioral tracking via third-party cookies is subject to GDPR consent requirements under the ePrivacy Directive as implemented in EU member states, requiring opt-in consent prior to placement of non-essential cookies. The CCPA requires disclosure and opt-out mechanisms for sale or sharing of personal information collected through tracking technologies. The FTC Act applies to the adequacy of notice and choice mechanisms for behavioral advertising. GOVERNANCE EXPOSURE: Medium. The policy discloses cross-site tracking but does not enumerate specific third-party cookie providers, making it difficult for users or compliance teams to assess the full scope of data sharing. The absence of a cookie consent banner or granular opt-in mechanism may require evaluation under EU member state implementations of the ePrivacy Directive. JURISDICTION FLAGS: EU and EEA users face heightened exposure given that opt-in consent is generally required for non-essential cookies under ePrivacy rules. California users may exercise CCPA opt-out rights over sharing of personal information via tracking technologies. Other U.S. state privacy laws with similar tracking disclosure requirements, including Colorado, Virginia, and Connecticut, may also apply. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request a current list of third-party cookie and tracking technology vendors, their data retention practices, and the contractual basis for data sharing. The policy's reference to marketing personalization as a use case for third-party cookies may implicate ad-tech vendor due diligence. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether a compliant cookie consent mechanism is in place for EU users, assess whether the CCPA opt-out of sale mechanism covers tracking-based data sharing, and evaluate whether the list of cookie types and purposes disclosed in the policy is current and complete.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes cross-site behavioral tracking through third-party cookies, a data practice that engages both GDPR consent requirements and CCPA opt-out rights, and that the policy links to marketing and content personalization purposes.
Under these terms, OpenRouter and its third-party cookie partners may track user activity across websites and online services over time; users can disable performance and functional cookies through browser settings, though strictly necessary cookies cannot be disabled.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenRouter.