Professional Plan

The compliance intelligence platform for legal and risk teams

Full compliance memos per change, unlimited Ask ConductAtlas, cross-platform intelligence, and citation-grade evidence. Built for teams that need to act, not just be informed.

$149/month or $1,290/year

Start free trial → Compare plans

Full compliance memo

Not a summary. A memo your team can act on.

Every change record includes a structured compliance memo written for legal and risk teams — with specific regulatory citations, escalation triggers, board language, and a recommended action with deadline.

Google Gemini — Gemini Apps Privacy Notice · March 30, 2026

Medium

Assessment

Google Gemini removed five sentences describing the Connected Apps personalization feature. This affects transparency obligations under GDPR Art. 13 and CCPA §1798.100. Compliance officers with Google Gemini in their vendor stack should verify whether this represents a feature removal or an undisclosed continuation of the same processing activity.

Regulatory Exposure

GDPR Art. 13(1)(c) and 13(2)(b) — removal of purpose description may create transparency gap. CCPA Cal. Civ. Code §1798.100 and §1798.110 — consumers' right to know may be impaired. UK GDPR Art. 13 (retained) — same transparency obligations apply to UK users. FTC Act Section 5 — deceptive practices risk if processing continues without disclosure.

Obligation Change

Organizations with Google Gemini in their vendor stack who referenced Connected Apps personalization in their DPAs or data inventories must update those documents. If the feature continues without disclosure, organizations may face a secondary obligation to update their own privacy notices.

Silence Signal

The removal eliminates the only documented disclosure of how Connected Apps data was used for personalization. What is now absent: the user's opt-in mechanism, the specific data types used, and the processing purpose. Regulators and plaintiff attorneys will note this absence.

Escalation

Escalate to DPO and privacy legal counsel if your organization's privacy notices or data inventories referenced Google Gemini's Connected Apps feature. No emergency action required, but DPO review should be completed before the next scheduled privacy notice review cycle.

Board Language

"Google Gemini removed its documented opt-in personalization feature from its privacy policy on March 30, 2026, creating a transparency gap that may affect our GDPR disclosure obligations; legal and the DPO are reviewing whether our vendor disclosures or DPAs need updating."

Recommended Action

By April 13, 2026: DPO should audit internal RoPA and any vendor DPA with Google to confirm whether Connected Apps personalization is still active. Update any cross-references in internal privacy notices. Confirm with Google's enterprise account team whether this feature has been deprecated.

Ask ConductAtlas — Unlimited

Query 170+ platforms in plain language

Professional subscribers get unlimited queries. Ask anything across the entire archive — no SQL, no filtering, no digging through feeds.

Query: Which platforms changed their data retention policies in Q1 2026?

Based on the ConductAtlas archive, two platforms made material changes to data retention language in Q1 2026:

1. Google Gemini (CA-C-000143) — Modified language around Connected Apps data retention on March 27, 2026. The change removed explicit retention period commitments for personalization data.

2. Stripe (CA-C-000022) — Updated privacy policy on March 16, 2026 to clarify retention schedules for payment processing data under GDPR Art. 5(1)(e) storage limitation requirements.

No other platforms in the archive made explicit data retention changes during this period, though 23andMe (CA-C-000062) made related changes to their data deletion procedures in March 2026.

Records cited

CA-C-000143 CA-C-000022 CA-C-000062

Everything in Professional

Built for compliance teams

Intelligence

Full compliance memo per change

Every change record includes regulatory exposure, silence signal analysis, counterparty exposure, escalation trigger, board language, and recommended action with deadline.

Query

Ask ConductAtlas — unlimited

Query the entire archive in plain language. Cross-platform, cross-time, cross-clause-type. No limits on Professional.

Evidence

Citation-grade records

Every record carries a SHA-256 hash, UTC timestamp, and stable permalink. Citable in filings, board reports, and regulatory submissions.

Export

CSV export

Export your watchlist changes to CSV for import into ServiceNow, Archer, or any GRC platform.

API

API access — 1,000 requests/day

Programmatic access to all records, provisions, and events. Resets midnight UTC. Upgrade to Enterprise for unlimited.

Coverage

170+ platforms monitored

Full watchlist access — monitor as many platforms as you need. No limit on Professional (Watcher is capped at 10).

Professional

For individual compliance professionals, privacy counsel, and analysts who need the full picture — not a summary.

$149/mo

or $1,290/year — save 28%

Full compliance memo per change
Ask ConductAtlas — unlimited queries
Unlimited platform monitoring
Citation-grade evidence
CSV export
API — 1,000 requests/day
Everything in Watcher included

Get Professional for $149/mo → Need team accounts or custom coverage? See Enterprise →