This analysis describes what Substack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The standard for de-identification is contested, and sharing anonymized data with unspecified 'trusted partners' without user consent or the ability to identify the recipients creates meaningful re-identification risk and limits consumer accountability.
Substack now discloses that it shares account identifiers, such as email addresses and usernames, with trusted industry child safety organizations to detect and prevent online child sexual exploitati…
Substack collects a wide range of personal data including payment details, location, device identifiers, and direct message contents, and shares this data with service providers including generative AI services, creators, and industry child safety organizations. The lack of end-to-end encryption on direct messages is a meaningful privacy limitation for users who may assume private communications are protected, as Substack personnel may access message content and recipients can retain messages indefinitely even after deletion requests. You can request access to, correction of, or deletion of your personal data by emailing privacy@substackinc.com, and you can opt out of direct marketing through the unsubscribe mechanism in any marketing communication.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
In order to provide you with services, Valve needs to share some data with the publisher or developer of the game (for example to verify your ownership of the game and register your Steam ID with the publisher), or with other third parties that Valve works with to provide services to you. Valve will...
Zoom may share personal data with third-party advertising partners and analytics providers to deliver targeted advertising and measure the effectiveness of advertising campaigns. This may include sharing identifiers, device information, and behavioral data with partners such as advertising networks.
Monitoring
Substack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"In certain cases, we may anonymize your Personal Information in such a way that you can no longer be identified as an individual, and we reserve the right to use and share such anonymized information to trusted partners not specified here. However, we never disclose aggregated or de-identified information in a manner that could identify you as an individual.— Excerpt from Substack's Substack Privacy Policy
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The standard for de-identification is contested, and sharing anonymized data with unspecified 'trusted partners' without user consent or the ability to identify the recipients creates meaningful re-identification risk and limits consumer accountability.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Substack.