The policy states that Threads collects device identifiers, operating system information, device attributes, device signals, network and connection data, cookie data, and behavioral signals from all connected devices used to access the platform, and that this information is combined across devices.
This analysis describes what Threads's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that Meta collects a broad set of device-level and network-level identifiers and signals from Threads users across all devices, and combines this data across devices. Cross-device identity linking enables persistent tracking of user behavior across sessions, devices, and contexts beyond the Threads application itself.
The updated policy no longer explicitly discloses that user interactions with AI systems will be used to improve Meta's AI, nor does it describe how data is shared or collected in specific detail. Previously, the policy offered a 24/7 AI support assistant and clear pathways to manage or delete account data; these references are now absent. The removal of these disclosures does not necessarily mean the practices have stopped, but users no longer have explicit written confirmation of these features or data uses within the published policy.
View change record →The updated policy establishes that interactions with Meta's AI assistant will be used to improve Meta's AI systems. The policy states that by using the service, users agree to Meta's AI terms. Previously, the policy did not explicitly disclose this use of conversational data for AI training purposes. This means user conversations with the AI support assistant are now expressly authorized for use in improving Meta's broader AI infrastructure.
View change record →The updated policy narrows the terms users explicitly agree to by using the service from a three-part agreement (Meta Terms, AI terms, and Privacy Policy) to AI terms only. The policy now explicitly discloses that interactions with AIs will be used to improve AI at Meta. This means continued use of the service constitutes acceptance of this narrower agreement scope and explicit participation in AI training data use. You should review Meta's AI terms directly to understand what they cover and what controls, if any, are available.
View change record →Newly detailed disclosure of extensive cross-device tracking and technical data collection practices that provides granular specificity about device-level information gathering.
View full change record →Under this clause, Threads collects identifiers, device attributes, network signals, cookie data, and behavioral data from every device used to access the platform, and combines this data across devices to build a cross-device user profile. This cross-device combination is used for advertising and personalization purposes as described elsewhere in the policy.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Threads has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information about the computers, phones, connected TVs and other web-connected devices you use that integrate with our products, and we combine this information across different devices you use. Information we obtain from these devices includes: device attributes, device operations, identifiers, device signals, data from device settings, network and connections, and cookie data.— Excerpt from Threads's Threads Privacy Policy
1. REGULATORY LANDSCAPE: The collection of device identifiers, cookie data, and cross-device tracking signals engages the EU's ePrivacy Directive (cookie consent requirements) as well as GDPR's requirements for a lawful basis for processing. In the US, the FTC has issued guidance on cross-device tracking practices, and several state privacy laws (CCPA/CPRA, Virginia VCDPA, Colorado CPA) include device identifiers within the definition of personal information and may require disclosure of cross-device tracking in privacy notices. 2. GOVERNANCE EXPOSURE: Medium. Cross-device tracking and identity linking is a standard practice among large advertising-supported platforms; however, the breadth of device signals collected and the cross-device combination described in this provision creates a comprehensive behavioral profile that may raise data minimization concerns under GDPR and heightened scrutiny under state sensitive data frameworks where precise location or health-related inferences are possible. 3. JURISDICTION FLAGS: EU/EEA users are protected by both GDPR and the ePrivacy Directive, which requires consent for non-essential cookie placement and device fingerprinting in many member states. California's CPRA includes device identifiers and IP addresses within the definition of personal information, and cross-device tracking data may fall within categories requiring enhanced disclosure. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying the Meta Pixel or similar tracking tools that send device and behavioral data to Meta should assess whether their consent mechanisms cover the cross-device combination described in this provision, and whether their privacy notices accurately describe the scope of device data collected. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit cookie consent mechanisms to confirm they cover the device signals and cross-device tracking described. Data flow maps should reflect the collection of device identifiers and cross-device combination as part of the Threads data graph.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that Meta collects a broad set of device-level and network-level identifiers and signals from Threads users across all devices, and combines this data across devices. Cross-device identity linking enables persistent tracking of user behavior across sessions, devices, and contexts beyond the Threads application itself.
Under this clause, Threads collects identifiers, device attributes, network signals, cookie data, and behavioral data from every device used to access the platform, and combines this data across devices to build a cross-device user profile. This cross-device combination is used for advertising and personalization purposes as described elsewhere in the policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Threads.