Writer promises it will not use the content you or your employees submit to its platform to train its AI systems unless you have explicitly agreed to allow that.
This analysis describes what Writer's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This is one of the most practically significant protections in the policy for enterprise users, directly addressing a common concern about AI platforms using business content to improve their models without consent.
Interpretive note: The policy statement is clear, but enforceability depends on whether this language is reflected in the executed contractual DPA and subscription agreement, which are separate documents not reproduced here.
Removal of explicit opt-in requirement for AI training represents a significant privacy protection reduction.
View full change record →Users' submitted content, including documents, prompts, and business data, is not used to train Writer's AI models unless the customer has specifically authorized it, providing a meaningful layer of data protection for sensitive business information.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Writer has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Writer does not use Customer Data to train its AI models without explicit customer permission. Customer Data means the data, content, and information that customers and their end users submit to or through the Services.— Excerpt from Writer's Writer Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Article 5 data minimization and purpose limitation principles, as well as CCPA/CPRA restrictions on using personal information beyond the disclosed purpose. The FTC Act's prohibition on unfair or deceptive practices is also relevant if this commitment were to be inconsistently applied. The provision as stated is a contractual commitment, and its enforceability depends on the specific language in the applicable DPA and subscription agreement. GOVERNANCE EXPOSURE: Medium. The provision creates a meaningful contractual protection, but compliance teams should verify that the definition of 'Customer Data' in the DPA aligns with their understanding of what data is submitted, and that operational controls exist to enforce this commitment across sub-processors and internal ML teams. The distinction between Customer Data and usage/telemetry data (which may be used for product improvement) requires careful mapping. JURISDICTION FLAGS: EU and UK GDPR-regulated organizations will view this as relevant to purpose limitation under Article 5(1)(b). California CPRA-regulated entities should confirm this aligns with service provider agreement requirements. Organizations in healthcare or legal services should assess whether any submitted data constitutes regulated data under HIPAA or professional privilege rules. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm this commitment appears in the executed DPA and subscription agreement, not only in the privacy policy, to ensure contractual enforceability. The policy-level statement may not be sufficient for vendor due diligence purposes under GDPR Article 28 processor requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct data mapping to distinguish Customer Data from usage data in the Writer environment, verify that any AI training opt-in mechanism is documented if permission is granted, and include this commitment in vendor risk assessments. Annual review of Writer's sub-processor list is advisable to confirm the commitment flows through to all processors handling Customer Data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This is one of the most practically significant protections in the policy for enterprise users, directly addressing a common concern about AI platforms using business content to improve their models without consent.
Users' submitted content, including documents, prompts, and business data, is not used to train Writer's AI models unless the customer has specifically authorized it, providing a meaningful layer of data protection for sensitive business information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Writer.