X states it may collect your precise GPS location if you grant permission, or estimate your location from your IP address and device settings, and uses this location data to personalize content and serve location-based ads.
This analysis describes what X's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision states that location data is collected both through explicit permission (precise GPS) and passively through IP address and device settings, and that this data is used for advertising purposes, which creates an ongoing data collection practice that may persist regardless of whether users actively share their location.
X may collect your location even if you have not explicitly shared it, by inferring it from your IP address or device settings. This location data is used to serve you location-based advertisements. You can limit precise location sharing by revoking location permissions for X in your device settings.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
X has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information about your location when you use X. Your location can be determined using precise GPS data if you give us permission, or by less precise means such as your IP address, device settings, or if you tag your location in a post. We may use this location information to personalize our services and show you ads based on your location.— Excerpt from X's X Privacy Policy
REGULATORY LANDSCAPE: Precise location data is classified as sensitive personal information under CPRA, triggering heightened protection and opt-out rights for California residents. GDPR treats location data as personal data subject to Article 6 lawful basis requirements, and precise location data may require explicit consent in some EU supervisory authority interpretations. The FTC has historically scrutinized location data collection practices, particularly where passive collection (via IP inference) may not align with user expectations. GOVERNANCE EXPOSURE: High. The combination of precise GPS data collection (with permission) and passive location inference via IP address and device settings creates a persistent location data collection practice. The use of location data for advertising purposes engages CPRA's sensitive data provisions, which require offering users the right to limit use of sensitive personal information. JURISDICTION FLAGS: California residents have the right to limit use of sensitive personal information under CPRA, which includes precise geolocation. EU and UK users should assess whether X's stated lawful basis for location-based advertising is consent or legitimate interest, as supervisory authorities in several EU member states have taken restrictive positions on legitimate interest as a basis for behavioral advertising involving location data. Illinois and other states with location privacy protections may create additional exposure. CONTRACT AND VENDOR IMPLICATIONS: Organizations using X's advertising platform for location-targeted campaigns should review whether their use of X's location-based targeting tools is consistent with their own privacy disclosures and applicable law. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that location permission requests within the X application satisfy informed consent standards under GDPR and applicable US state law, and that the CPRA right to limit use of precise geolocation is operationally implemented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision states that location data is collected both through explicit permission (precise GPS) and passively through IP address and device settings, and that this data is used for advertising purposes, which creates an ongoing data collection practice that may persist regardless of whether users actively share their location.
X may collect your location even if you have not explicitly shared it, by inferring it from your IP address or device settings. This location data is used to serve you location-based advertisements. You can limit precise location sharing by revoking location permissions for X in your device settings.
ConductAtlas has identified this type of provision across 20 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by X.