You give Snowflake permission to store, copy, and use your data to the extent needed to run the services you have signed up for.
This analysis describes what Snowflake's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The agreement establishes the legal basis for Snowflake's handling of Customer Data; the license is scoped to what is 'reasonably necessary to provide the Services,' which limits use to service delivery purposes rather than broader commercial exploitation.
Interpretive note: The 'reasonably necessary to provide the Services' standard is not exhaustively defined in the agreement, leaving some interpretive flexibility as to the outer boundary of permitted use.
Removed emphasis on Customer's retention of intellectual property rights and replaced 'limited, non-exclusive, royalty-free license to use...solely to provide' with broader 'right to host, copy, transmit, display, and otherwise use' language.
View full change record →This provision authorizes Snowflake to host, copy, transmit, and display Customer Data for service delivery purposes; the scope is expressly limited to actions necessary to provide the contracted services, which is a standard and comparatively bounded grant for a cloud data platform.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
RedCard. We share information with our financial partners to operate the Target RedCard program.
Monitoring
Snowflake has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Customer grants Snowflake the right to host, copy, transmit, display, and otherwise use Customer Data and Customer Applications as reasonably necessary to provide the Services in accordance with this Agreement.— Excerpt from Snowflake's Snowflake Terms of Service
REGULATORY LANDSCAPE: This license grant is relevant to GDPR data processing obligations, as it defines the scope of Snowflake's permitted actions on Customer Data as a data processor. Under GDPR Article 28, a data processor may only act on documented instructions from the controller, and the 'reasonably necessary' standard in this clause should be evaluated against the more specific instruction requirements of Article 28. CCPA's service provider restrictions similarly require that personal data be used only to perform the contracted services. GOVERNANCE EXPOSURE: Medium. The 'reasonably necessary' qualifier is standard but interpretively flexible; what qualifies as necessary to provide the services is not exhaustively defined in the agreement. This creates some ambiguity about the outer boundary of permitted use, though the provision is not facially overbroad. JURISDICTION FLAGS: EU and UK customers must confirm that the DPA, when executed, contains the specific processing instructions required under GDPR Article 28 and that the license grant in the main agreement is read consistently with those instructions. California customers should confirm that the service provider designation under CCPA is documented and that the license grant aligns with service provider use restrictions. CONTRACT AND VENDOR IMPLICATIONS: The license grant should be read in conjunction with the DPA and any security addenda. Procurement teams should ensure the DPA specifies the categories of personal data, processing purposes, and sub-processor authorizations required by GDPR Article 28(3). The main agreement's license grant does not substitute for those specifics. COMPLIANCE CONSIDERATIONS: Data mapping exercises should confirm that all categories of Customer Data loaded onto the platform are covered by the DPA and that the license grant is consistent with the organization's own privacy notices and consent frameworks. Sub-processor lists maintained by Snowflake should be reviewed and updated as part of the vendor management process.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The agreement establishes the legal basis for Snowflake's handling of Customer Data; the license is scoped to what is 'reasonably necessary to provide the Services,' which limits use to service delivery purposes rather than broader commercial exploitation.
This provision authorizes Snowflake to host, copy, transmit, and display Customer Data for service delivery purposes; the scope is expressly limited to actions necessary to provide the contracted services, which is a standard and comparatively bounded grant for a cloud data platform.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Snowflake.