The policy authorizes sharing of personal data with vendors, service providers, agents, and business partners for purposes including data analytics, business analytics, customer service, marketing, distribution, and promotional offers.
This analysis describes what OpenRouter's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that personal data may be disclosed to an unspecified number of third-party vendors and business partners across analytics, marketing, and distribution functions, without enumerating specific recipients or requiring individual user consent at each disclosure.
Language refined: added 'vendors' and 'agents or contractors,' removed 'advertising services' and 'communicate with users' references, added explicit mention of sharing for 'products, services or promotions' with business partners.
View full change record →Under these terms, personal data including identifiers, behavioral data, and transaction information may be shared with third-party analytics and marketing vendors as well as business partners for promotional purposes, as described in the policy.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
OpenRouter has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal data with our vendors, service providers, agents or contractors who perform services on our behalf, including data analytics, business analytics, customer service, marketing, distribution, and other services. We may also share your personal data with our business partners to offer you certain products, services or promotions.— Excerpt from OpenRouter's OpenRouter Privacy Policy
REGULATORY LANDSCAPE: GDPR requires that data sharing with third-party processors be governed by data processing agreements meeting Article 28 requirements, and that sharing with independent controllers be supported by a separate lawful basis. The CCPA requires disclosure of categories of third parties with whom personal information is shared and preserves opt-out rights for sale or sharing. The FTC Act applies to the adequacy of disclosures about third-party data sharing. GOVERNANCE EXPOSURE: Medium. The policy's reference to sharing with business partners for promotional offers may constitute sale or sharing under CCPA, triggering opt-out obligations. The absence of a specific list of analytics and marketing vendors limits users' ability to assess the scope of data disclosure. JURISDICTION FLAGS: EU users have heightened exposure given GDPR processor and controller allocation requirements for each third-party relationship. California users may have opt-out rights if promotional sharing constitutes sale or sharing under CCPA. Other U.S. state privacy laws with third-party sharing disclosure requirements may also apply. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should request a current sub-processor or vendor list and confirm that data processing agreements are in place. The reference to business partners for promotional purposes should be clarified as to whether it constitutes a sale or sharing under applicable privacy laws and what opt-out mechanisms are available. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the policy's third-party sharing disclosures satisfy CCPA category-level disclosure requirements, and whether the promotional sharing with business partners requires a CCPA opt-out mechanism. EU compliance teams should verify that sub-processor agreements meet GDPR Article 28 requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that personal data may be disclosed to an unspecified number of third-party vendors and business partners across analytics, marketing, and distribution functions, without enumerating specific recipients or requiring individual user consent at each disclosure.
Under these terms, personal data including identifiers, behavioral data, and transaction information may be shared with third-party analytics and marketing vendors as well as business partners for promotional purposes, as described in the policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenRouter.