Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Vercel's data collection, use, and sharing practices for users of its platform, website, and services. The policy authorizes Vercel to collect account details, usage logs, cookies, and payment information, and to share personal data including usage and behavioral data with third-party advertising partners, analytics vendors, and service providers. Data submitted by end users through applications deployed on Vercel's infrastructure is governed separately under data processing agreements between Vercel and the developer who deployed the application.
This document is Vercel's Privacy Policy, governing how Vercel, Inc. collects, uses, discloses, and retains personal data in connection with its website, platform, and related services, with legal bases including contract performance, legitimate interests, and consent depending on jurisdiction. The policy states that Vercel collects account information, usage data, log data, cookies, payment information, and survey responses, and the terms authorize use of this data for service delivery, marketing, analytics, fraud prevention, and product improvement, including sharing with third-party service providers, business partners, and in the context of corporate transactions. The policy discloses that Vercel may share personal data with third-party advertising and analytics partners and that it uses cookies and tracking technologies for targeted advertising, which is operationally significant for users who may not expect a developer infrastructure platform to engage in behavioral advertising; the policy also distinguishes between Vercel acting as a data controller for its own platform data and as a data processor for customer-deployed application data, a distinction with material legal implications under GDPR and CCPA. The policy acknowledges GDPR applicability for EU/EEA residents and CCPA/CPRA applicability for California residents, granting specific rights including access, deletion, portability, correction, and opt-out of sale or sharing, enforced respectively by EU supervisory authorities and the California Privacy Protection Agency; Vercel designates a DPA at privacy@vercel.com and references standard contractual clauses for international data transfers. Compliance teams should note the dual controller/processor role creates distinct contractual obligations, and the advertising data sharing may require evaluation under GDPR consent requirements and CCPA opt-out of sale mechanisms, particularly given Vercel's primarily B2B and developer-focused user base.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial1 important change detected
2 versions captured · Last updated: June 2026
Monitoring
Vercel AI has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Controller/Processor Distinction for End User Data and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.