If you use Grok without logging into an account, xAI states it has full rights to use everything you input and everything the service produces for product development and AI model training, with no opt-out mechanism described.
This analysis describes what xAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Unauthenticated users have no stated mechanism to opt out of their data being used for model training, unlike logged-in users who can adjust this preference through account data controls.
Interpretive note: The phrase 'where permitted' introduces ambiguity about the jurisdictional scope of this grant; the document does not specify which jurisdictions or regulatory frameworks trigger the limitation.
The agreement grants xAI full rights to use all inputs and outputs from unauthenticated service sessions for model training and product development, with no opt-out described in the document. This contrasts with the opt-out available to logged-in users.
How other platforms handle this
Target reserves the right to change these Terms at any time. We will post notification of changes to these Terms on this page. Your continued use of the Target Services after any changes to these Terms constitutes your acceptance of the new Terms.
We reserve the right, at our sole discretion, to amend these Terms of Service at any time and will update these Terms of Service in the event of any such amendments. We will notify our Users of material changes to this Agreement, such as price changes, at least 30 days prior to the change taking eff...
We may modify the Terms from time to time. The most current version of the Terms will be located here. You understand and agree that your access to or use of the Service is governed by the Terms effective at the time of your access to or use of the Service. If we make material changes to these Terms...
Monitoring
xAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Where available, you may access our Service without logging in; when doing so, where permitted, you grant us full rights to use any data you provide to or obtain from our Service for product development and model training purposes.— Excerpt from xAI's xAI Terms of Service
(1) REGULATORY LANDSCAPE: The absence of an opt-out for unauthenticated users implicates GDPR's requirement for a valid lawful basis for processing personal data, including for AI model training purposes. Where unauthenticated sessions may still involve the collection of identifiable data such as IP addresses, the contractual consent mechanism embedded in the terms of service may not satisfy GDPR consent standards, which require freely given, specific, informed, and unambiguous consent. CCPA rights to opt out of sale or sharing may apply to unauthenticated users whose data is used for model training depending on how that use is characterized. (2) GOVERNANCE EXPOSURE: High for EU and California users. The grant of full rights without an opt-out mechanism for unauthenticated sessions creates regulatory exposure in jurisdictions that require affirmative consent for processing personal data for AI training. The phrase 'where permitted' introduces ambiguity about whether this grant applies in all jurisdictions. (3) JURISDICTION FLAGS: EEA and UK users are most significantly affected; the EST may modify this provision for European users. California users should assess whether CCPA opt-out rights apply to unauthenticated session data. The phrase 'where permitted' suggests xAI is aware of jurisdictional limitations but does not specify which jurisdictions are excluded. (4) CONTRACT AND VENDOR IMPLICATIONS: This provision is relevant to procurement teams assessing whether organizational use of Grok in any unauthenticated mode could result in unintended licensing of proprietary or sensitive information for model training purposes. (5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the phrase 'where permitted' is sufficient to exclude GDPR-regulated users from this grant, and whether the EST provides adequate supplementary protections. A review of the consent mechanism presented to unauthenticated users at the point of service access is warranted.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Unauthenticated users have no stated mechanism to opt out of their data being used for model training, unlike logged-in users who can adjust this preference through account data controls.
The agreement grants xAI full rights to use all inputs and outputs from unauthenticated service sessions for model training and product development, with no opt-out described in the document. This contrasts with the opt-out available to logged-in users.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by xAI.