EU and EEA residents generally have rights under GDPR to access, correct, delete, and port their personal data, and companies must disclose the legal basis for processing and any international data transfers.
This analysis describes what Weights & Biases's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
EU users interacting with CoreWeave's cloud platform need to know whether their data is processed lawfully and whether adequate safeguards exist for any transfers of their data outside the EU/EEA.
Interpretive note: The actual GDPR-specific clause text was not available in the truncated document; this analysis is based on the policy's stated subject matter and CoreWeave's operational context as a US cloud provider serving international customers.
Consolidation of previously separate provisions into one clarifies GDPR compliance and cross-border transfer mechanisms for European users.
View full change record →If you are based in the EU or EEA, this provision determines what rights you have over your personal data and whether CoreWeave has implemented mechanisms such as Standard Contractual Clauses to legally transfer your data to servers outside Europe.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers and partners operate. By using our Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, in...
Monitoring
Weights & Biases has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: GDPR applies to CoreWeave's processing of personal data of EU/EEA data subjects regardless of where CoreWeave is established, given its offering of services to EU users. Key obligations include lawful basis disclosure under Article 6, data subject rights under Articles 15-22, and cross-border transfer mechanisms under Articles 44-49. The relevant enforcement authorities are the national data protection authorities in the EU member states where data subjects are located. (2) GOVERNANCE EXPOSURE: High for EU-facing operations. CoreWeave as a US-based cloud provider processing EU personal data must have a lawful transfer mechanism in place. Post-Schrems II, Standard Contractual Clauses are the primary mechanism, and their implementation must be accompanied by a Transfer Impact Assessment for transfers to the US. Failure to implement adequate transfer safeguards is a significant enforcement risk. (3) JURISDICTION FLAGS: EU/EEA users represent the highest exposure jurisdiction for this provision. The UK GDPR applies separately for UK data subjects following Brexit. CoreWeave's enterprise customers in the EU should verify whether CoreWeave has appointed an EU representative under GDPR Article 27 if required. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers in the EU must ensure that a GDPR-compliant Data Processing Agreement under Article 28 is in place with CoreWeave before processing personal data on their infrastructure. Standard Contractual Clauses should be incorporated or referenced in that agreement for transfers outside the EEA. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify the specific transfer mechanism CoreWeave relies upon for EU data, confirm that a DPA is available and includes required sub-processor provisions, and assess whether CoreWeave's privacy policy provides the Article 13/14 transparency disclosures required at the point of data collection.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
EU users interacting with CoreWeave's cloud platform need to know whether their data is processed lawfully and whether adequate safeguards exist for any transfers of their data outside the EU/EEA.
If you are based in the EU or EEA, this provision determines what rights you have over your personal data and whether CoreWeave has implemented mechanisms such as Standard Contractual Clauses to legally transfer your data to servers outside Europe.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Weights & Biases.