This analysis describes what Palantir's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This distinction establishes the legal and operational allocation of data responsibility. As data processor, Palantir's handling of Customer Data is subject to customer instructions and data protection obligations, whereas Website Data falls under Palantir's direct control as data controller, creating different regulatory obligations and compliance frameworks for each category.
Users accessing Palantir's website operate under one data governance structure (Website Data), while customers who upload data into Palantir platforms operate under a processor-controller relationship where the customer retains primary data control authority. This affects which entity bears responsibility for data protection compliance and user data rights enforcement.
Cross-platform context
See how other platforms handle Website Data vs. Customer Data Distinction and similar clauses.
Compare across platforms →Monitoring
Palantir has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Palantir distinguishes between personal data collected from visitors to our website ('Website Data') and personal data that our customers upload or input into Palantir's platforms ('Customer Data'). For Customer Data, Palantir acts as a data processor on behalf of the customer, who is the data controller.— Excerpt from Palantir's Palantir Privacy Statement
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This distinction establishes the legal and operational allocation of data responsibility. As data processor, Palantir's handling of Customer Data is subject to customer instructions and data protection obligations, whereas Website Data falls under Palantir's direct control as data controller, creating different regulatory obligations and compliance frameworks for each category.
Users accessing Palantir's website operate under one data governance structure (Website Data), while customers who upload data into Palantir platforms operate under a processor-controller relationship where the customer retains primary data control authority. This affects which entity bears responsibility for data protection compliance and user data rights enforcement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Palantir.