X collects data from you even if you only browse without posting, including your device type and IP address, and may also collect email, phone number, contacts, location, payment details, direct messages, and ad interaction data depending on how you use the service.
This analysis describes what X's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that data collection occurs simply by viewing the platform, without any account interaction, and that a wide range of personal and behavioral data categories are collected based on feature use, which means the scope of data collected can be extensive even for passive users.
The terms state that even browsing X without an account results in collection of device identifiers and IP address, and that account holders who use platform features may have location data, contact book entries, direct message content, and payment details collected and retained by X.
How other platforms handle this
We collect the following information when you register for and use our services: Account information. You can create a Discord account by providing an email address and creating a username and password. When you create an account, we will assign you a unique identifier. If you choose to, you may pro...
"Personal Data" refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and that we collect about you during your interaction with our Services (such as device information, IP address, etc.).
We collect information you provide directly to us, such as when you create an account, make a purchase, or contact us for support. This includes: Account information (name, email address, password); Payment information (credit card details, billing address); Profile information (company name, job ti...
Monitoring
X has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you use X, even if you're just looking at posts, we receive some personal information from you like the type of device you're using and your IP address. If you chose to provide it, we also have your contact information like your email address, and depending on the settings you choose and what features you use, we may have your phone number, address book contacts, location information, profile information you provide, payment details, information from linked third-party accounts, your direct messages and private content, data from interactions with ads, and information from your use of other X features.— Excerpt from X's X Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Articles 5, 6, and 13 regarding lawful basis, data minimization, and transparency obligations for EEA users. Under CCPA and CPRA, multiple categories of personal information are implicated including identifiers, geolocation, communications content, financial information, and internet or network activity. COPPA may apply where users under 13 interact with the platform. The FTC Act's prohibition on unfair or deceptive practices is also relevant. GOVERNANCE EXPOSURE: High. The breadth of data categories collected, spanning device identifiers, precise location, contact book data, direct message content, and payment information, creates a large compliance surface area requiring documentation of lawful basis for each processing category under GDPR, and detailed data mapping for CCPA/CPRA compliance. JURISDICTION FLAGS: EU and UK users have the right to access, correct, and request deletion of each data category collected. California residents have the right to know, delete, and opt out of sale or sharing of personal information. The collection of contact address book data raises specific questions under various state consumer protection frameworks regarding collection of third-party individuals' data without their direct consent. CONTRACT AND VENDOR IMPLICATIONS: Enterprises using X for business communications or customer engagement should assess whether employee or customer data collected through X's platform falls within their own data processor or controller obligations and update vendor agreements accordingly. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct data mapping exercises to document each category of personal information collected by X and ensure Records of Processing Activities (RoPAs) are updated. Organizations that embed X functionality should evaluate whether data flows to X trigger their own notification or consent obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that data collection occurs simply by viewing the platform, without any account interaction, and that a wide range of personal and behavioral data categories are collected based on feature use, which means the scope of data collected can be extensive even for passive users.
The terms state that even browsing X without an account results in collection of device identifiers and IP address, and that account holders who use platform features may have location data, contact book entries, direct message content, and payment details collected and retained by X.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by X.