Whatnot transfers your personal data to the United States for processing, and US privacy laws may offer fewer protections than those in your home country.
This analysis describes what Whatnot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For users in the EU, UK, and other jurisdictions with strong data protection laws, this transfer must be covered by a lawful mechanism such as Standard Contractual Clauses, and the policy does not specify which transfer mechanism is used.
Interpretive note: The policy does not specify the legal transfer mechanism used for EU and UK data flows, creating uncertainty about whether all required GDPR safeguards are in place.
The updated Influencer Engagement Agreement now requires all disputes between influencers and Whatnot to be resolved through binding arbitration under the Terms of Service Section 21, rather than through California state or federal courts. This replaces the previous language permitting influencers to pursue legal claims in Los Angeles courts and waives jury trial rights. The agreement also removes language that explicitly limited dispute resolution to claims arising solely from the Influencer Agreement, extending arbitration to disputes relating to Whatnot Platform use and the influencer-platform relationship.
View change record →Under the updated agreement, Australian sellers can no longer resolve disputes through court proceedings in Los Angeles. Instead, all disputes related to the Whatnot platform or the seller relationship must be resolved through mandatory individual arbitration under Whatnot's main Terms of Service. The updated terms eliminate the jury trial waiver provision and replace court access with binding arbitration, with limited exceptions only as expressly permitted in the main Terms of Service.
View change record →The updated terms require all disputes arising from the Strategic Seller Agreement or a seller's relationship with Whatnot to be resolved through arbitration as defined in the main Terms of Service, rather than through litigation in California courts. Previously, sellers could bring claims in federal or state courts located in Los Angeles; under the revised language, this option is eliminated except where the Terms of Service arbitration section expressly permits court proceedings. The change applies to the relationship between individual sellers and Whatnot, affecting how contract disputes, payment disagreements, or other claims are processed and adjudicated.
View change record →EU and UK users' personal data is transferred to the US, where it may be subject to US government access rights and different privacy standards, and the specific safeguards in place for this transfer are not detailed in the policy.
How other platforms handle this
Your personal information may be transferred to and processed in countries outside your country of residence, including the United States and Israel, which may have data protection laws that differ from those in your country. We rely on appropriate safeguards, such as standard contractual clauses ap...
When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to other countries that have not been found to provide an adequate level of data protection, we use legal mechanisms such as Standard Contractual Clauses approved by the European Commission to h...
Your personal information may be transferred to, processed and stored in countries other than the country in which you are resident, including the United States, Australia, Canada, the European Union and the UK. We take appropriate safeguards to protect your personal information in accordance with t...
Monitoring
Whatnot has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Your information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Information, to the United States and process it there.— Excerpt from Whatnot's Whatnot Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Chapter V, which requires that personal data transferred outside the EU/EEA be covered by an adequacy decision, Standard Contractual Clauses, Binding Corporate Rules, or another approved mechanism. Following Schrems II, transfers to the US require additional technical and contractual safeguards. UK GDPR imposes analogous requirements for transfers from the UK. The relevant enforcement authorities are EU supervisory authorities (coordinated through EDPB) and the UK ICO. GOVERNANCE EXPOSURE: High for EU and UK user populations. The policy discloses the transfer but does not identify the specific transfer mechanism in use, which may be insufficient for GDPR transparency requirements and could create exposure in the event of a supervisory authority inquiry or complaint. JURISDICTION FLAGS: EU and UK users face the highest exposure. EU member state supervisory authorities have taken enforcement action against companies that failed to document or implement adequate transfer mechanisms. Switzerland, Brazil, and other jurisdictions with GDPR-equivalent laws may impose similar obligations. CONTRACT AND VENDOR IMPLICATIONS: DPAs and SCCs with US-based processors and sub-processors must be current and include the supplementary measures required post-Schrems II. Procurement teams should confirm that transfer impact assessments have been conducted for US data flows. COMPLIANCE CONSIDERATIONS: Legal teams should identify and document the specific transfer mechanism used for EU and UK data flows, update the privacy notice to reflect this, and conduct or update a transfer impact assessment. If the EU-US Data Privacy Framework is relied upon, confirm Whatnot's certification status.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For users in the EU, UK, and other jurisdictions with strong data protection laws, this transfer must be covered by a lawful mechanism such as Standard Contractual Clauses, and the policy does not specify which transfer mechanism is used.
EU and UK users' personal data is transferred to the US, where it may be subject to US government access rights and different privacy standards, and the specific safeguards in place for this transfer are not detailed in the policy.
ConductAtlas has identified this type of provision across 84 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Whatnot.