If you use Grok without logging into an account, xAI states it has full rights to use everything you input and everything the service produces for product development and AI model training, with no opt-out mechanism described.
This analysis describes what xAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Unauthenticated users have no stated mechanism to opt out of their data being used for model training, unlike logged-in users who can adjust this preference through account data controls.
Interpretive note: The phrase 'where permitted' introduces ambiguity about the jurisdictional scope of this grant; the document does not specify which jurisdictions or regulatory frameworks trigger the limitation.
The agreement grants xAI full rights to use all inputs and outputs from unauthenticated service sessions for model training and product development, with no opt-out described in the document. This contrasts with the opt-out available to logged-in users.
How other platforms handle this
By submitting, posting, or displaying Content on or through the Services, you give Grammarly a worldwide, royalty-free license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such Content in connection with providing and improving the Servi...
Subject to any applicable account settings that you select, you grant Company a fully paid, royalty-free, perpetual, irrevocable, worldwide, non-exclusive and fully sublicensable right (including any moral rights) and license to host, use, license, distribute, reproduce, modify, adapt, publicly perf...
By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distri...
Monitoring
xAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Where available, you may access our Service without logging in; when doing so, where permitted, you grant us full rights to use any data you provide to or obtain from our Service for product development and model training purposes.— Excerpt from xAI's xAI Terms of Service
(1) REGULATORY LANDSCAPE: The absence of an opt-out for unauthenticated users implicates GDPR's requirement for a valid lawful basis for processing personal data, including for AI model training purposes. Where unauthenticated sessions may still involve the collection of identifiable data such as IP addresses, the contractual consent mechanism embedded in the terms of service may not satisfy GDPR consent standards, which require freely given, specific, informed, and unambiguous consent. CCPA rights to opt out of sale or sharing may apply to unauthenticated users whose data is used for model training depending on how that use is characterized. (2) GOVERNANCE EXPOSURE: High for EU and California users. The grant of full rights without an opt-out mechanism for unauthenticated sessions creates regulatory exposure in jurisdictions that require affirmative consent for processing personal data for AI training. The phrase 'where permitted' introduces ambiguity about whether this grant applies in all jurisdictions. (3) JURISDICTION FLAGS: EEA and UK users are most significantly affected; the EST may modify this provision for European users. California users should assess whether CCPA opt-out rights apply to unauthenticated session data. The phrase 'where permitted' suggests xAI is aware of jurisdictional limitations but does not specify which jurisdictions are excluded. (4) CONTRACT AND VENDOR IMPLICATIONS: This provision is relevant to procurement teams assessing whether organizational use of Grok in any unauthenticated mode could result in unintended licensing of proprietary or sensitive information for model training purposes. (5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the phrase 'where permitted' is sufficient to exclude GDPR-regulated users from this grant, and whether the EST provides adequate supplementary protections. A review of the consent mechanism presented to unauthenticated users at the point of service access is warranted.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Unauthenticated users have no stated mechanism to opt out of their data being used for model training, unlike logged-in users who can adjust this preference through account data controls.
The agreement grants xAI full rights to use all inputs and outputs from unauthenticated service sessions for model training and product development, with no opt-out described in the document. This contrasts with the opt-out available to logged-in users.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by xAI.