What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This document engages GDPR Arts. 6, 13, 17, and 28 (Palantir acts as controller for website data, processor for customer data); CCPA/CPRA §§1798.100–1798.199 (California residents' rights to access, deletion, and opt-out of sale/sharing); UK GDPR (post-Brexit UK data subjects covered by Palantir Technologies UK Limited); ePrivacy Directive (cookie consent obligations for analytics and tracking cookies deployed site-wide). Primary enforcement authorities are the ICO (UK), re…

How does Palantir's Palantir Privacy Statement affect users?

Palantir collects browsing data from website visitors including IP addresses, device identifiers, and behavioral analytics, and shares this with third-party services including Google Analytics and LinkedIn's Insight Tag. Enterprise customers' data is treated more protectively — Palantir commits not to use it for AI training or sell it — but website visitors have fewer explicit protections against third-party data flows. You can exercise data access, deletion, or opt-out rights by emailing priva…

How often is Palantir's Palantir Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Palantir updates this document?

Yes. Watcher subscribers ($9.99/month) can add Palantir to their watchlist and receive same-day email alerts whenever this document or any other Palantir document changes.

Palantir Privacy Statement — Palantir

9 Total

2 High severity

5 Medium severity

2 Low severity

Summary

This is Palantir's privacy policy explaining how the company — a major data analytics and AI platform serving governments and corporations — collects and uses personal data from people who visit its website. The most important thing for everyday visitors to know is that Palantir uses third-party tracking tools including Google Analytics and LinkedIn's Insight Tag on its own website, meaning your browsing behavior is shared with those companies even when reading this privacy policy. If you are a California resident or EU/UK data subject, you have specific rights to access, delete, or object to processing of your personal data by contacting privacy@palantir.com.

Technical Summary

This document is Palantir's Privacy and Security Statement governing the collection, use, and disclosure of personal data submitted to or collected via Palantir's website and related services, with legal basis rooted in legitimate interests, contractual necessity, and consent as applicable under GDPR and other frameworks. The most significant obligation Palantir creates is its commitment to not sell personal data to third parties and its explicit promise that customer-uploaded data is not used to train Palantir's AI/ML models without consent. Notably, the document distinguishes between 'Website Data' (collected from site visitors) and 'Customer Data' (uploaded by enterprise clients), a structural separation that is more rigorous than typical SaaS privacy policies but leaves some ambiguity around inference and derived data. The policy engages GDPR (with Palantir acting as data controller for website visitors and processor for customer data), CCPA/CPRA for California residents, and UK GDPR post-Brexit, with Palantir Technologies UK Limited serving as the EEA/UK representative. Material compliance considerations include the adequacy of Standard Contractual Clauses for international data transfers, the sufficiency of Palantir's cookie consent mechanism, and the scope of third-party analytics tools (Google Analytics, LinkedIn Insight Tag) deployed on the privacy policy page itself.

Evidence Provenance

Captured April 29, 2026 08:21 UTC

Document ID CA-D-000496

Version ID CA-V-001065

Source URL https://www.palantir.com/privacy-and-security/

Wayback Machine View archived versions →

SHA-256 dab672c851e174be4c6a40bc7ece3bc1494db1a50a81958dc3ff4c2ce282cd91

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 29, 2026 — Initial capture

Initial snapshot — monitoring begins

dab672c8…

View full version history (0 captures) →

High Severity — 2 provisions

Third-Party Analytics and Tracking Cookies

Palantir uses Google Analytics, LinkedIn's tracking pixel, and other tools to monitor how you use its website, which means your browsing data is shared with these third-party companies.

Added April 30, 2026
International Data Transfers

If you're in the EU, UK, or Switzerland, Palantir may transfer your personal data to the US, using legal contracts approved by the EU to make this transfer lawful.

Added April 30, 2026

Medium Severity — 5 provisions

AI/ML Training Data Prohibition

Palantir commits that it will not use data uploaded by its enterprise customers to train its AI systems unless the customer explicitly agrees.

Added April 30, 2026
Data Subject Rights (Access, Deletion, Objection)

You have the right to ask Palantir to show you, correct, or delete your personal data, and you can do this by emailing privacy@palantir.com.

Added April 30, 2026
Website Data vs. Customer Data Distinction

Palantir treats data from website visitors differently from data its enterprise clients put into its platform — for client data, Palantir is just the processor following the client's instructions.

Added April 30, 2026
Data Retention

Palantir keeps your personal data for as long as needed for the purposes described in this policy, or longer if the law requires it.

Added April 30, 2026
Security Measures

Palantir takes security precautions to protect your data but acknowledges that no online system is 100% secure.

Added April 30, 2026

Low Severity — 2 provisions

No Sale of Personal Data

Palantir promises it will never sell your personal data to other companies or share it for advertising purposes.

Added April 30, 2026
Contact and Complaints Mechanism

You can contact Palantir about privacy concerns by email, and EU/UK users can also complain to their national data protection regulator.

Added April 30, 2026

Cross-platform context

See how other platforms handle International Data Transfers and similar clauses.

Compare across platforms →