Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Palantir's privacy practices for its website, recruitment activities, and corporate operations, specifying procedures for collection and use of personal data through these channels. The document explicitly states that its provisions do not apply to personal data processed within Palantir's Gotham or Foundry software platforms; data handling in those systems is governed instead by contractual arrangements between Palantir and its clients. The document authorizes individuals in the EU, UK, and California to submit requests for access to, correction of, or deletion of personal data by contacting privacy@palantir.com.
This document is Palantir's Privacy and Security Statement, governing the collection and processing of personal data by Palantir Technologies Inc. in connection with its website, marketing activities, recruitment, and business operations — it does not govern data processed within Palantir's enterprise software products on behalf of customers, which are covered by separate agreements. The statement asserts that Palantir collects personal data including contact information, professional details, device and usage data, and recruitment-related information; the terms authorize use of this data for marketing communications, analytics, recruitment evaluation, and compliance with legal obligations. Notably, the statement's scope is explicitly limited to Palantir's own corporate and marketing operations rather than its core data analytics products (Foundry, Gotham, AIP), which means the document governs a narrower perimeter than the full extent of Palantir's data processing activities; the bulk of Palantir's commercially and politically significant data operations — which involve government and enterprise client data — are addressed contractually with those clients rather than through this public-facing statement. The statement references GDPR and UK GDPR compliance for EU and UK data subjects, including lawful basis disclosures, data subject rights, and cross-border transfer mechanisms; CCPA/CPRA applicability is implied for California residents through data subject rights disclosures. Compliance teams should note the absence of explicit detail on international data transfer mechanisms and the reliance on legitimate interests as a lawful basis for several processing activities, which may require further scrutiny under GDPR enforcement practice.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial1 important change detected
2 versions captured · Last updated: June 2026
Monitoring
Palantir has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle International Data Transfers and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.