What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages the California Consumer Privacy Act as amended by the California Privacy Rights Act, which governs the rights of California residents to access, delete, correct, and opt out of the sale or sharing of personal data; the FTC Act, which applies to unfair or deceptive data practices; GDPR and UK GDPR for users in the EU and UK, requiring lawful bases for processing, data subject rights, and cross-border transfer mechanisms; and COPPA, which prohibits collec…

How does Whatnot's Whatnot Privacy Policy affect users?

Whatnot collects a wide range of personal data including purchase history, payment information, precise location, device identifiers, and behavioral data, and shares this information with advertising partners, analytics providers, and potential business acquirers. Users should be aware that data shared with third-party advertising networks may be used to build profiles and deliver targeted advertising across other platforms. You can opt out of the sale or sharing of your personal data for adver…

How often is Whatnot's Whatnot Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Whatnot updates this document?

Yes. Watcher subscribers ($9.99/month) can add Whatnot to their watchlist and receive same-day email alerts whenever this document or any other Whatnot document changes.

CA-D-000732

Whatnot Privacy Policy

Whatnot

Last change detected May 6, 2026 Privacy policy

SHA-256: 7b2205c76d26bd4d5d7… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Whatnot ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

6 Medium severity

2 Low severity

Summary

This is Whatnot's privacy policy, explaining what personal data the live-stream shopping platform collects about you, including your purchase history, payment details, device identifiers, location, and browsing behavior on the platform. The most important thing to know is that Whatnot shares your personal data, including behavioral and identifiers, with third-party advertising partners, which may qualify as a 'sale' or 'sharing' of your data under California law, giving California residents the right to opt out. If you are a California resident, you can opt out of the sale or sharing of your personal data by using the 'Do Not Sell or Share My Personal Information' link on the platform.

Technical / Legal Breakdown

This document is Whatnot's Privacy Policy, governing the collection, use, storage, and sharing of personal data from users of Whatnot's live-stream shopping platform, with consent and legitimate interest cited as legal bases depending on jurisdiction. The policy states that Whatnot collects a broad range of data including identifiers, financial information, device and usage data, location data, user-generated content, and inferred characteristics, and the terms authorize sharing this data with service providers, business partners, advertising networks, and in connection with corporate transactions such as mergers or acquisitions. The policy asserts broad rights to use personal data for targeted advertising, analytics, and AI/ML model improvement, and permits sharing with third-party advertising partners in ways that may constitute a 'sale' or 'sharing' of personal data under California law, though the document provides opt-out mechanisms for California residents. The policy engages GDPR and UK GDPR for European and UK users, the California Consumer Privacy Act as amended by CPRA for California residents, and references COPPA in the context of children under 13 not being permitted to use the service. Material compliance considerations include the adequacy of consent mechanisms for cross-border data transfers, the sufficiency of opt-out disclosures for advertising data sharing under CCPA, and the robustness of age verification given COPPA obligations.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 6, 2026

low

What changed Whatnot updated the version numbers and effective dates of its EU/UK Terms of Service documents across multiple languages (English, French, German, and Dutch) on May 6, 2026. The company also replaced one director name (Ryan Colburn) with another (Viji Nadarajan) in the company leadership disclosures across all language versions. These changes appear to be administrative updates to company governance information and document versioning with no apparent changes to substantive consumer rights or obligations.

Why this matters This change appears to be purely administrative. Whatnot updated the version numbers and effective dates of its EU/UK Terms of Service documents and revised the listed company directors. No substantive changes to consumer rights, data practices, fees, or obligations are evident from the detected modifications. If you rely on the dated version information to understand which terms apply to you, note that the effective date is now May 6, 2026 rather than March 4, 2026 for the English version.

View full change record →

Medium — 6 provisions

Sale or Sharing of Personal Data with Advertising Partners Compare →

Whatnot shares your personal data with advertising companies to show you targeted ads, and this sharing may count as a 'sale' under California law, giving California residents the right to opt out.

Added May 11, 2026 Standard Seen across 189 platforms
AI and Machine Learning Training on User Data Compare →

Whatnot may use your personal data, including your activity and content on the platform, to train artificial intelligence and machine learning systems.

Added May 11, 2026 Common Seen across 104 platforms
Data Sharing in Corporate Transactions Compare →

If Whatnot is sold, merged, or acquires financing, your personal data may be transferred to the new owner as part of the deal, even before the transaction is finalized.

Added May 11, 2026 Standard Seen across 246 platforms
Children Under 13 and COPPA Compliance Compare →

Whatnot does not allow children under 13 to use the platform and states it will delete any personal data it discovers was collected from a child under 13.

Added May 11, 2026 Standard Seen across 262 platforms
Cross-Border Data Transfers Compare →

Whatnot transfers your personal data to the United States for processing, and US privacy laws may offer fewer protections than those in your home country.

Added May 8, 2026 Common Seen across 122 platforms
Cookies and Tracking Technologies Compare →

Whatnot uses cookies, tracking pixels, and similar tools to monitor your activity on the platform and collect data about how you use the service, and you can limit this through browser settings.

Added May 11, 2026 Standard Seen across 251 platforms

Low — 2 provisions

Data Retention Compare →

Whatnot keeps your personal data for as long as it needs to, which could include indefinitely for legal or fraud-related reasons, without specifying fixed retention periods.

Added May 8, 2026 Standard Seen across 223 platforms
California Consumer Privacy Rights Compare →

California residents have a set of legal rights over their personal data held by Whatnot, including the right to access, delete, correct, and opt out of data sharing, and can exercise these rights by contacting Whatnot directly.

Added May 11, 2026 Standard Seen across 262 platforms