What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR through its appointment of Article 27-style EU and UK data representatives (Verasafe Ireland Ltd. and Verasafe United Kingdom Ltd.) and its reliance on EU Commission adequacy decisions or Standard Contractual Clauses for cross-border transfers. The policy also engages the California Consumer Privacy Act (CCPA/CPRA) through its Privacy Snapshot, explicit 'Do Not Share' mechanism, and disclosure of data categories and sharing practice…

How does PlanetScale's PlanetScale Privacy Policy affect users?

The policy establishes that PlanetScale collects identifiers, device data, online activity, and behavioral inferences from users, and authorizes disclosure of identifiers, usage data, and behavioral inferences to advertising partners for interest-based targeting. The policy provides opt-out mechanisms accessible through the website footer and cookie settings. EU and UK users operate under data representative appointment and cross-border transfer safeguards; California residents have explicit op…

How often is PlanetScale's PlanetScale Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when PlanetScale updates this document?

Yes. Monitor subscribers ($19/month) can add PlanetScale to their watchlist and receive same-day email alerts whenever this document or any other PlanetScale document changes.

CA-D-000684

PlanetScale Privacy Policy

PlanetScale

Last change detected May 5, 2026 Privacy policy

SHA-256: 2b2c9ae3a502b44543b… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at PlanetScale ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

6 Medium severity

1 Low severity

Summary

This document establishes PlanetScale's data collection, use, and disclosure practices for personal data obtained through its database platform and website. The policy authorizes PlanetScale to collect identifiers, device data, online activity, and behavioral inferences, and permits sharing of identifiers, usage data, and behavioral inferences with third-party advertising partners for interest-based advertising purposes. Users may opt out of this sharing through the 'Do Not Share My Personal Information' mechanism in the website footer or via cookie settings adjustment.

Technical / Legal Breakdown

This Privacy Policy, last updated October 26, 2023, governs PlanetScale Inc.'s handling of personal information collected through its website, database platform, and related services, treating all covered data as pertaining to individuals acting in a business representative capacity rather than a personal or household capacity. The policy states that PlanetScale collects contact details, account credentials, payment information (processed by Stripe), usage data, device and online activity data, marketing data, and inferences; the terms authorize sharing this information with service providers, advertising partners, professional advisors, law enforcement, and business transferees in merger or acquisition scenarios. Notably, the policy explicitly carves out data processed on behalf of enterprise customers as a service provider or processor, meaning that data falls outside this policy's scope entirely, which is operationally significant for B2B customers assessing their own compliance obligations. The policy engages GDPR and UK GDPR through its appointment of EU and UK data representatives (Verasafe) and reliance on EU Commission and UK government adequacy decisions or contractual safeguards for cross-border transfers; it also participates in the EU-US Data Privacy Framework, the UK Extension, and the Swiss-US Data Privacy Framework, with PlanetScale expressly subject to FTC investigatory and enforcement authority. California residents should note the detailed CCPA-aligned Privacy Snapshot disclosing data categories, collection sources, processing purposes, and sharing limitations, including a 'Do Not Share My Personal Information' opt-out for interest-based advertising, though the policy clarifies that personal information is not sold.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 1 provision

Enterprise Customer Data Processor Carve-Out Compare →

If you are an enterprise customer and PlanetScale processes data on your behalf, that data is not covered by this privacy policy and is governed by a separate agreement.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Interest-Based Advertising Data Sharing Compare →

PlanetScale shares your data with advertising companies like Google so they can show you targeted ads on other websites and platforms, and to find other users similar to you.

Added May 7, 2026 Standard Seen across 252 platforms
EU-US Data Privacy Framework Certification Compare →

PlanetScale has certified under the EU-US Data Privacy Framework, meaning it has committed to specific data protection standards for data transferred from the EU, UK, and Switzerland to the US, and the FTC can enforce these commitments.

Added May 10, 2026 Standard Seen across 284 platforms
Personal Information Rights and Requests Compare →

Depending on where you live, you can request to see, correct, or delete your personal data held by PlanetScale, and opt out of having your data shared for advertising.

Added May 10, 2026 Standard Seen across 284 platforms
International Data Transfers and Cross-Border Safeguards Compare →

Your personal data is stored and processed primarily in the US, and may also be sent to PlanetScale's partners in other countries with potentially weaker privacy protections; PlanetScale commits to using legal transfer mechanisms such as adequacy decisions or Standard Contractual Clauses.

Added May 7, 2026 Standard Seen across 284 platforms
Privacy Policy Modification Without Individual Notice Compare →

PlanetScale can change its privacy policy at any time; if the changes are significant, users are notified only by a date update on the website, not by email or other direct communication.

Added May 10, 2026 Standard Seen across 284 platforms
Job Applicant Data Collection and Use Compare →

If you apply for a job at PlanetScale, the company collects your resume details, professional history, and any diversity information you choose to share, and uses this for recruiting purposes under a legitimate business interests basis.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Do Not Track Non-Response Compare →

If your browser sends a 'Do Not Track' signal, PlanetScale ignores it and will continue to collect and process your data as described in the policy.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

PlanetScale has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Enterprise Customer Data Processor Carve-Out and similar clauses.

Compare across platforms →