Replicate · Replicate Privacy Policy

No-Sale / Service Provider Designation

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Replicate says it does not sell your personal data under U.S. state privacy laws, and when it handles customer data, it acts as a processor or service provider rather than the data controller.

Consumer impact (what this means for users)

While this designation limits Replicate's direct obligations to end data subjects, it shifts compliance responsibility onto business customers — meaning individual consumers may need to direct data rights requests to the businesses using Replicate, not Replicate directly.

Cross-platform context

See how other platforms handle No-Sale / Service Provider Designation and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This designation affects which legal obligations apply to Replicate and which remain with the customer — if Replicate is a 'processor,' the customer (the business using the platform) bears primary responsibility for ensuring lawful data use under CCPA and GDPR.

View original clause language
Replicate does not 'sell' or 'share' personal information, as defined by any U.S. state privacy law. Replicate is designated as a 'processor' or 'service provider' when processing customer personal information.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision directly engages CCPA §1798.140(ag) ('service provider' definition), CPRA §1798.100, Virginia CDPA §59.1-571 ('processor' definition), Colorado CPA §6-1-1303, and GDPR Art. 4(8) ('processor') and Art. 28 (processor obligations). The California Privacy Protection Agency and state AGs are primary enforcement authorities. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC Act Section 5 applies if the 'no sale' representation is inaccurate or if data is used in ways inconsistent with the service provider designation.
    File a complaint →
  • State AG
    California CPPA enforces CCPA/CPRA service provider designation requirements and can reclassify entities that fail to meet statutory contract requirements.
    File a complaint →

Provision details

Document information
Document
Replicate Privacy Policy
Entity
Replicate
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004180
Document ID
CA-D-00466
Evidence Provenance
Source URL
https://replicate.com/privacy
Wayback Machine
View archived versions →
SHA-256
9cdbb8a2de7e0e2f508eebe18a715d02c3e2562ab90aa0799793e7b33229af20
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Replicate | Document: Replicate Privacy Policy | Record: CA-P-004180
Captured: 2026-04-30 06:50:53 UTC | SHA-256: 9cdbb8a2de7e0e2f…
URL: https://conductatlas.com/platform/replicate/replicate-privacy-policy/no-sale-service-provider-designation/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document