X · X Privacy Policy · View original document ↗

Third-Party Data Sources

High severity Unique · 0 of 325 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for X Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

X receives information about you from third-party sources, including advertisers, data partners, and other users, which it combines with data collected on the platform.

This analysis describes what X's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause establishes X's data collection infrastructure through third-party partnerships, enabling the service to incorporate external data sources into its user profiles and advertising systems without requiring direct data collection from users on those external platforms.

Consumer impact (what this means for users)

X supplements the data it collects from you with information from external data brokers and advertising partners, creating a more comprehensive profile that you have limited ability to review or correct.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit X's Privacy Center at https://privacy.twitter.com and submit a data access request to see what third-party data X holds about you. You may also submit a deletion request for data obtained from third parties.

How other platforms handle this

Visa Medium

We may collect personal information about you from third parties, such as data brokers, social media platforms, and our business partners. This information may include demographic information, interests, and other information that helps us understand you better and provide you with relevant products...

Anthropic Medium

Anthropic obtains personal data from third party sources in order to train our models. Specifically, we train our models using data from the following sources: Publicly available information via the Internet; Datasets that we obtain through commercial agreements with third party businesses; Data tha...

Airtable Medium

Once the authentication is complete, we have the ability to access information you provided to us or was otherwise collected by the third-party service in accordance with the privacy practices of that third party. We will store the information and data we collect and associate it with your Airtable ...

See all platforms with this clause type →

Monitoring

X has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Our ad and business partners share information with us such as browser cookie IDs, X-generated identifiers, mobile device IDs, hashed user information like email addresses, demographic or interest data, and content viewed or actions taken on a website or app.

— Excerpt from X's X Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

Receipt and integration of third-party data enrichment raises GDPR transparency obligations (Article 14 — information not obtained directly from the data subject), CCPA disclosure requirements for data sources, and FTC fair information practice considerations. This provision warrants close scrutiny in compliance assessments.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

  • Federal Trade Commission (ftc)
    Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.
    Who can file: Anyone affected by the company's practices (US or international)
    What you need: Your account details, a timeline of relevant events, and a description of the specific issue
    What to expect: Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation
    File a complaint →
  • State Attorney General
    State AGs in California, New York, Texas, and other states can investigate violations of state consumer protection and privacy laws, including CCPA (California), SHIELD Act (New York), and equivalents.
    Who can file: Residents of states with comprehensive privacy laws — primarily California, Virginia, Colorado, Connecticut, and Utah
    What you need: Evidence of the violation, explanation of how your state rights were affected, and your account or contact information with the company
    What to expect: Outcomes vary by state. May result in investigation, enforcement action, or requirement for the company to change practices. No direct individual compensation in most cases.

    Search "[your state] attorney general consumer complaint" to find your state's direct complaint form

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
ePrivacy Directive
European Union
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
X Privacy Policy
Entity
X
Document last updated
May 5, 2026
Tracking information
First tracked
March 6, 2026
Last verified
March 9, 2026
Record ID
CA-P-000276
Document ID
CA-D-00030
Evidence Provenance
Source URL
https://twitter.com/en/privacy
Wayback Machine
View archived versions →
Content hash (SHA-256)
a753145f25a18dc47f017ff4602e862cf254ac2772f4901eeeb85b17bb1bd3c5
Analysis generated
March 6, 2026 20:49 UTC
Methodology
summarize_document-v7
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: X
Document: X Privacy Policy
Record ID: CA-P-000276
Captured: 2026-03-06 20:49:48 UTC
SHA-256: a753145f25a18dc4…
URL: https://conductatlas.com/platform/x/x-privacy-policy/third-party-data-sources/
Accessed: May 20, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories
Data collection

Other risks in this policy

Related Analysis

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does X's Third-Party Data Sources clause do?

The clause establishes X's data collection infrastructure through third-party partnerships, enabling the service to incorporate external data sources into its user profiles and advertising systems without requiring direct data collection from users on those external platforms.

How does this clause affect you?

X supplements the data it collects from you with information from external data brokers and advertising partners, creating a more comprehensive profile that you have limited ability to review or correct.

Is ConductAtlas affiliated with X?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by X.