The GDPR is an EU law that regulates data privacy. We are subject to the GDPR because we collect data from EU residents.

The GDPR requires us to have a legal justification when we collect and process data from EU residents. We have two justifications: consent and "legitimate interests". We require our users to consent to data collection when they create an account. We also take the stance that where we do not have consent, we have a "legitimate interest" in collecting data. Please review our privacy policy if you would like more detail on our legal standing with respect to the GDPR.

Definition of Personal Data in the GDPR includes "any information which is related to to an identified or identifiable natural person" (very broad)

• Includes names, emails, job titles, etc.
• Includes data added by contributors + research team along with general user data

GDPR resources

Privacy Policy (completed by Cravath on May 26, 2021)

Data Policy

Data Internal FAQ

Data Breach Detection Measures