If you log into Grok using Google, Apple, or X, you give xAI permission to access account information from those services. If you use X to log in and opt in, xAI can access your full X post history, location information, preferences, usage data, and Grok conversation history from X.
This analysis describes what xAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the data scope and permissions framework governing third-party authentication integrations. It distinguishes between automatic access granted through the authentication mechanism itself and optional data portability for X-connected accounts, which requires affirmative user election.
The agreement authorizes xAI to access third-party service data upon login, including for X accounts: user profile with date of birth, location information, post history from all viewable accounts including protected accounts, usage data, and Grok conversation history on X. The X data import is described as an opt-in, not a default.
Cross-platform context
See how other platforms handle Third-Party Login Data Access and similar clauses.
Compare across platforms →Monitoring
xAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"By choosing to login to our Service by using a third-party service, such as Google, Apple, or X, you give us permission to access, use, and store your information from that service, as permitted by that service, which may include log-in credentials and/or access tokens for that service. If connecting to our Service using your X credentials, you may elect (opt-in) to bring your X user profile (including date of birth), X account and location information, X preferences, X post history (your X posts viewable on your X account including posts to and from all accounts (public or protected) that you can view), X usage data, and your Grok in X conversation history to your xAI account.— Excerpt from xAI's xAI Terms of Service
(1) REGULATORY LANDSCAPE: Access to third-party platform data including post history from protected accounts and date of birth implicates GDPR Articles 6 and 9 for EEA users, and CCPA for California residents. The access to protected account posts viewed by the user, rather than solely the user's own public posts, is an operationally distinctive element that may implicate the privacy rights of third parties whose protected posts are accessible to the logging-in user. The Stored Communications Act may be relevant to access to private or protected social media content. (2) GOVERNANCE EXPOSURE: Medium to High. The scope of X data accessible through the opt-in integration is broad, including date of birth (a sensitive data element under some privacy frameworks), location information, and third-party protected posts visible to the user. Users enabling this feature should understand the breadth of data transferred to xAI. (3) JURISDICTION FLAGS: GDPR-regulated users should be aware that date of birth may qualify as sensitive personal data in certain processing contexts, and that the transfer of third-party protected post content to xAI may raise data protection questions regarding the rights of the original posters. CCPA sensitive personal information provisions may apply to date of birth and location data. (4) CONTRACT AND VENDOR IMPLICATIONS: The data access is described as permitted by the third-party service's own terms; procurement teams and users should review X's current terms of service and developer policies to understand what data xAI is authorized to receive through this integration. (5) COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the opt-in disclosure is sufficiently clear and conspicuous to constitute informed consent under GDPR and CCPA, particularly regarding the inclusion of protected third-party post content. A data mapping exercise should capture the categories of X data transferred to xAI through this integration.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the data scope and permissions framework governing third-party authentication integrations. It distinguishes between automatic access granted through the authentication mechanism itself and optional data portability for X-connected accounts, which requires affirmative user election.
The agreement authorizes xAI to access third-party service data upon login, including for X accounts: user profile with date of birth, location information, post history from all viewable accounts including protected accounts, usage data, and Grok conversation history on X. The X data import is described as an opt-in, not a default.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by xAI.