The policy discloses that users in certain jurisdictions, including California and EU/UK, have rights to access, correct, delete, and obtain copies of their personal information, as well as rights to restrict processing, object to processing, and opt out of data sale or sharing.
This analysis describes what Whatnot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the mechanism and scope of data subject rights available under CCPA, CPRA, GDPR, and UK GDPR, and the operational availability of these rights depends on Whatnot's implementation of request intake, verification, and response workflows.
The updated Influencer Engagement Agreement now requires all disputes between influencers and Whatnot to be resolved through binding arbitration under the Terms of Service Section 21, rather than through California state or federal courts. This replaces the previous language permitting influencers to pursue legal claims in Los Angeles courts and waives jury trial rights. The agreement also removes language that explicitly limited dispute resolution to claims arising solely from the Influencer Agreement, extending arbitration to disputes relating to Whatnot Platform use and the influencer-platform relationship.
View change record →Under the updated agreement, Australian sellers can no longer resolve disputes through court proceedings in Los Angeles. Instead, all disputes related to the Whatnot platform or the seller relationship must be resolved through mandatory individual arbitration under Whatnot's main Terms of Service. The updated terms eliminate the jury trial waiver provision and replace court access with binding arbitration, with limited exceptions only as expressly permitted in the main Terms of Service.
View change record →The updated terms require all disputes arising from the Strategic Seller Agreement or a seller's relationship with Whatnot to be resolved through arbitration as defined in the main Terms of Service, rather than through litigation in California courts. Previously, sellers could bring claims in federal or state courts located in Los Angeles; under the revised language, this option is eliminated except where the Terms of Service arbitration section expressly permits court proceedings. The change applies to the relationship between individual sellers and Whatnot, affecting how contract disputes, payment disagreements, or other claims are processed and adjudicated.
View change record →This new provision consolidates data subject rights for multiple jurisdictions (California, EU, UK) in a single statement, improving clarity about location-based privacy rights.
View full change record →Under this provision, eligible users can submit requests to access, correct, delete, or export their personal information by contacting Whatnot through the privacy request mechanism; the policy states these rights are available depending on the user's location.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
We may also collect your personal data from other people or companies.
Monitoring
Whatnot has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, delete, or obtain a copy of your personal information, the right to restrict or object to our processing of your personal information, and the right to opt out of the sale or sharing of your personal information.— Excerpt from Whatnot's Whatnot Legal Terms
1) REGULATORY LANDSCAPE: This provision engages CCPA and CPRA for California residents (enforced by the California Privacy Protection Agency), GDPR for EU residents (enforced by relevant national data protection authorities), and UK GDPR for UK residents (enforced by the Information Commissioner's Office). Each framework imposes specific timelines and response requirements for data subject requests that Whatnot's operational processes must satisfy. 2) GOVERNANCE EXPOSURE: Medium. The adequacy of identity verification procedures for data subject requests, the completeness of data mapping required to respond to access and deletion requests, and compliance with statutory response timelines represent the primary operational exposure areas. 3) JURISDICTION FLAGS: GDPR requires response to access requests within one month, with extensions permitted in limited circumstances. CCPA/CPRA requires response within 45 days, with one 45-day extension. UK GDPR mirrors GDPR timelines. Non-compliance with these timelines is a direct enforcement risk. For sellers who have submitted government ID and financial account data, deletion requests create additional complexity regarding regulatory retention obligations. 4) CONTRACT AND VENDOR IMPLICATIONS: Whatnot must ensure that data subject deletion and access requests can be fulfilled across all data processors and sub-processors holding user data, requiring appropriate contractual provisions with vendors. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit the data subject request intake and response workflow for adherence to jurisdiction-specific timelines; confirm that identity verification procedures for requests meet applicable standards without creating undue barriers; and map data flows to ensure deletion requests can be technically fulfilled across all systems and vendors.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the mechanism and scope of data subject rights available under CCPA, CPRA, GDPR, and UK GDPR, and the operational availability of these rights depends on Whatnot's implementation of request intake, verification, and response workflows.
Under this provision, eligible users can submit requests to access, correct, delete, or export their personal information by contacting Whatnot through the privacy request mechanism; the policy states these rights are available depending on the user's location.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Whatnot.