Snowflake collects data about how you use the platform and can use it to improve its products, but agrees not to share it in a form that identifies you.
This analysis describes what Snowflake's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The terms authorize Snowflake to collect behavioral and interaction data from all platform users for internal product development purposes, which is a permitted use that operates without requiring separate consent for each instance of use.
Interpretive note: Whether Usage Data constitutes personal data under GDPR or CCPA depends on its specific content and the aggregation method applied, which is not defined in the agreement text.
The agreement authorizes collection of Usage Data describing platform interactions and its use for service operation and improvement; the protection offered is limited to a commitment that externally disclosed Usage Data will be aggregated and de-identified before disclosure.
Cross-platform context
See how other platforms handle Usage Data License and similar clauses.
Compare across platforms →Monitoring
Snowflake has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Snowflake may collect and use Usage Data to operate, improve, and develop the Snowflake products and services. Snowflake will not disclose Usage Data externally unless it is aggregated and de-identified such that it does not identify Customer or its Users.— Excerpt from Snowflake's Snowflake Terms of Service
REGULATORY LANDSCAPE: This provision may require evaluation under GDPR Article 6 (lawful basis for processing) and Article 13/14 (transparency obligations) if Usage Data constitutes personal data in the applicable context, as well as under CCPA's service provider restrictions if Usage Data includes information that could be linked to California residents. The FTC Act's prohibition on unfair or deceptive practices is also a relevant framework. Enforcement authorities include the European Data Protection Board, national DPAs, the California Privacy Protection Agency, and the FTC. GOVERNANCE EXPOSURE: Medium. The provision authorizes broad collection and internal use of Usage Data without a defined retention period or user-level opt-out mechanism. Whether Usage Data constitutes personal data depends on its content and aggregation method, and that determination will vary by jurisdiction and regulatory guidance. JURISDICTION FLAGS: EU/EEA customers must assess whether Usage Data collected from their users constitutes personal data under GDPR, which could require a valid legal basis and disclosure in privacy notices. California customers should evaluate whether Usage Data falls within CCPA's definition of personal information and whether its use for product improvement is consistent with the service provider relationship. UK GDPR creates parallel obligations. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request clarification on the specific categories of data included in 'Usage Data' and confirm whether the DPA addresses this data stream. The de-identification commitment in the agreement should be evaluated against applicable de-identification standards (e.g., GDPR Recital 26, CCPA regulations) to confirm it is operationally meaningful. COMPLIANCE CONSIDERATIONS: Organizations should update their own privacy notices to disclose that Usage Data may be collected by their cloud service providers. Data mapping exercises should categorize Usage Data and assess whether it requires inclusion in GDPR Article 30 records of processing activities. The absence of a defined retention schedule for Usage Data is a gap that legal teams may wish to address in contract negotiations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The terms authorize Snowflake to collect behavioral and interaction data from all platform users for internal product development purposes, which is a permitted use that operates without requiring separate consent for each instance of use.
The agreement authorizes collection of Usage Data describing platform interactions and its use for service operation and improvement; the protection offered is limited to a commitment that externally disclosed Usage Data will be aggregated and de-identified before disclosure.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Snowflake.