Additional terms applicable to users in specific jurisdictions for legal compliance
Overall Score
Risk by Category
Reddit's Jurisdiction-Specific Terms supplement the main Terms of Use and Privacy Policy by providing additional provisions tailored to users in certain regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, California, Virginia, Colorado, Connecticut, and Utah. These terms ensure compliance with local laws like GDPR, UK GDPR, CCPA/CPRA, VCDPA, CPA, CTDPA, and UCPA. Key areas covered include enhanced user rights (access, correction, deletion, portability), restrictions on data sales/sharing, opt-out mechanisms, governing law, dispute resolution (e.g., no arbitration in some regions), and age restrictions. The policy emphasizes that these terms prevail over general terms where conflicting.
Only applies to specific jurisdictions; defaults to general terms elsewhere.
Arbitration may be unavailable in EU/UK, leading to court disputes.
Provides GDPR/CCPA rights like access, deletion, and non-discrimination.
Clear processes for opting out of data sales/sharing in applicable states.
Governing law matches user jurisdiction for better protection.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Inferred from IP; opt-out available in some regions.
Standard collection; additional notices for minors in protected jurisdictions.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Data processed per regional laws; no additional collection beyond main policy.
Subject to opt-outs where required by CCPA/GDPR.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Shared with vendors under strict contracts; no sales under CCPA.
Opt-out for targeted ads in compliant regions.
Limited sharing within Reddit Inc.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Users can request data access via [email protected].
Deletion requests honored per CCPA/GDPR, with exceptions for legal needs.
Portable data provided in machine-readable format for EEA/UK.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Data deleted within 30 days, except for backups/legal holds.
Retained indefinitely if de-identified.
Retained as required by law, potentially years.
Security & Transparency
Data encrypted in transit and at rest.
Notifies users as required by law (e.g., GDPR 72 hours).
Complies with industry standards; no specific certs listed.
Source Text
Additional GDPR/UK GDPR rights including objection and automated decisions.
Interpretation
Strengthens user control over data processing.
Source Text
Right to know, delete, opt-out of sales/sharing; no discrimination.
Interpretation
Aligns with strict CA privacy laws.
Source Text
No binding arbitration for EEA/UK users.
Interpretation
Favors court access but may increase litigation costs.
Source Text
Laws of user jurisdiction apply.
Interpretation
Reduces forum shopping risks.
Under GDPR, rights to access, rectify, erase, restrict processing, data portability, and object to processing.