This analysis describes what Upwork's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause defines the scope of first-party data collection and specifies the categories of sensitive information the platform is authorized to collect, including government-issued identification and financial identifiers necessary for identity verification and payment processing operations.
Upwork's privacy policy previously disclosed that it complied with the U.S. Data Privacy Framework and certified adherence to its Principles regarding how it processes personal data from EU, UK, and Swiss residents. The updated policy removes nearly all of this language, including the explicit commitment to Data Privacy Framework Principles and the statement that those Principles would govern in case of conflict with other policy terms. Users in the EU, UK, and Switzerland no longer have a clear, policy-level statement of the legal framework protecting their data when transferred to the U.S., which may reduce transparency about data protection safeguards. You may contact Upwork to request copies of the data transfer mechanism documents it uses.
View change record →The updated policy now explicitly states that Upwork complies with the U.S. Data Privacy Framework and has certified to the U.S. Department of Commerce that it adheres to DPF principles when processing personal data from EU, UK, and Swiss residents. The policy establishes that if any conflict exists between Upwork's privacy policy and DPF principles, the DPF principles will govern. This creates an explicit legal hierarchy for data protection standards applicable to residents of those jurisdictions. Users from affected regions can visit https://www.dataprivacyframework.gov/ to view Upwork's certification and learn more about the DPF program.
View change record →Users operating on the platform provide sensitive personal and financial information as part of account setup and service use. The terms establish that Upwork collects and processes these categories of data as part of standard account operations and service delivery.
Cross-platform context
See how other platforms handle Identity Verification and Sensitive Document Collection and similar clauses.
Compare across platforms →Monitoring
Upwork has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide directly to us, such as when you create or modify your account, request services, contact us for support or otherwise communicate with us. This information may include: name, email, phone number, postal address, profile photo, taxpayer identification or Social Security number, government-issued identification, payment information, and any other information you choose to provide.— Excerpt from Upwork's Upwork Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause defines the scope of first-party data collection and specifies the categories of sensitive information the platform is authorized to collect, including government-issued identification and financial identifiers necessary for identity verification and payment processing operations.
Users operating on the platform provide sensitive personal and financial information as part of account setup and service use. The terms establish that Upwork collects and processes these categories of data as part of standard account operations and service delivery.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Upwork.