Last updated on February 24, 2026
Scope of This Privacy Policy
This Privacy Policy applies to personal data that CoreWeave processes as a controller. It does not apply to the extent CoreWeave processes personal data solely as a processor or service provider on behalf of its customers. “Customer Data” means data processed by CoreWeave on behalf of a customer in connection with that customer’s use of the Services. Each customer acts as the controller of such data and is responsible for the collection, use, and disclosure of its Customer Data.1. Information We Collect, Purposes, and Legal Bases
We collect information you provide directly to us when you, for example:- interact with CoreWeave through our Sites;
- register for an account;
- participate in any interactive features of the Services;
- request customer support; or
- otherwise communicate with us.
- Contractual necessity (GDPR, Article 6(1)(b) GDPR), such as providing Services pursuant to a purchase order or Terms of Service;
- Legitimate interests (GDPR, Article 6(1)(f)), such as operating, improving, and securing our Services, provided those interests are not overridden by your rights;
- Consent (GDPR, Article 6(1)(a)), where required by law; or
- Legal obligation (GDPR, Article 6(1)(c)).
| Information We Collect | Purpose for Processing | Legal Basis for Processing |
|---|---|---|
| Account Registration When you create an account, we may collect certain contact information, including your name, company name, address, email address, telephone number, and related account details. | To create, administer, and manage your account and provide the Services. | GDPR Article 6(1)(b) - performance of a contract. |
| Payment Information We collect information related to Services you purchase. Payment details are processed directly by our third-party payment processors; CoreWeave does not store full financial account information. | To manage accounts, process transactions and provide our Services. | GDPR Article 6(1)(b) - performance of a contract. GDPR Article 6(1)(f) - legitimate interests in operating the Services, provided such interests are not overridden by your fundamental rights and freedoms. |
| Communications If you contact us, we may collect your name, contact details, message contents, any attachments, and any other information you may choose to provide. | To respond to inquiries, provide support, and communicate with you. | GDPR Article 6(1)(f) - legitimate interest in customer communications, provided such interests are not overridden by your fundamental rights and freedoms. |
| Content You Submit as a Customer We collect the content you submit through the Services and our Sites, including messages, posts, comments, support communications, customer-facing Slack interactions, and inputs and outputs from service tools and offerings. | To understand and analyze how you use our Services. To provide and operate the Services, analyze usage, perform debugging and evaluation, and develop, improve, and optimize products, services, features, and overall functionality. | GDPR Article 6(1)(f) - legitimate interest in operating and improving our Services, provided such interests are not overridden by your fundamental rights and freedoms. |
| Cookies, Tokens and Other Tracking Technologies We use cookies and similar technologies to recognize users, analyze usage, and operate our Services. You can manage cookies through your browser settings, though disabling them may impact functionality. This Privacy Policy applies only to CoreWeave’s use of cookies and does not cover third-party cookies. | To provide our Services to you. To understand and analyze how you use our Services. To develop new products, services, features, and functionality. To market our Services. To monitor and analyze trends, usage, and activities in connection with our Services. To link or combine with information we get from others to help us understand your needs and provide you with a better experience. | GDPR Article 6(1)(f) - legitimate interest in operating and improving our Services, provided such interests are not overridden by your fundamental rights and freedoms. GDPR Article 6(1)(a) - consent. Strictly necessary cookies are processed based on our legitimate interests and are exempt from consent requirements under EU ePrivacy rules. All other cookies are used only where permitted by law and, where required, based on your consent. |
| Usage, Log, and Device Information We may automatically collect:
| To operate, secure, maintain, analyze, and improve the Services. We may collect limited precise location information where strictly necessary for fraud prevention and security purposes only. | GDPR Article 6(1)(f) - legitimate interest in operating, improving and securing our Services, provided such interests are not overridden by your fundamental rights and freedoms. |
| Content You Submit as a Job Applicant We collect information you submit through job applications or the “Careers” section of our Sites, as well as other data related to your application. This may include your name, contact information, address, employment and education history, resumes, references, and interview-related materials, such as interview notes, screenshots, or audio and video recordings captured during the interview process. | To evaluate and manage recruitment and hiring and comply with applicable employment laws. | GDPR Article 6(1)(f) - legitimate recruitment, hiring and employment interests, provided such interests are not overridden by your fundamental rights and freedoms. |
| Content We Collect at Our Events, including Marketing, Recruiting, and Networking Events We may collect information when you attend or participate in our events, including your name, contact details, employer or affiliation, job title, registration information, communications with us, and, where applicable, photographs, audio, or video recordings. | To plan, host, and administer events. To communicate with attendees before and after events. To conduct marketing, recruiting, relationship-building, and business development activities. To improve future events and experiences. | GDPR Article 6(1)(f) - legitimate interest in organizing and promoting events and engaging with customers, partners, and prospective employees, provided such interests are not overridden by your fundamental rights and freedoms. GDPR Article 6(1)(a) - consent where required by law (e.g., for certain recordings or marketing uses). |
| Content You Submit When You Access Our Locations, including Offices and Data Centers When you visit our offices or data centers, we may collect identification and access-related information, such as your name, contact details, company affiliation, visitor logs, badge or credential information, access times, and, where applicable, biometric information and video surveillance. | To manage visitor access and maintain physical security. To protect the safety of personnel, visitors, and infrastructure. To prevent unauthorized access, fraud, or security incidents. To comply with legal, regulatory, and contractual security obligations. | GDPR Article 6(1)(f) - legitimate interest in ensuring the security and integrity of our premises, personnel, and operations, provided such interests are not overridden by your fundamental rights and freedoms. |
- develop new ways to partner with our potential and registered customers;
- to provide you with updates and other information relating to the Services, and for our marketing and promotional purposes, including targeted marketing and/or cross-context behavioral marketing;
- send you notices, text messages and push notifications in connection with the Services;
- protect the rights and property of CoreWeave and others;
- perform operational functions in connection with our business;
- carry out any other purpose described to you at the time the information was collected;
- maintain appropriate records for internal administrative purposes;
- comply with legal and regulatory requirements, required disclosures and choices and controls that may be available;
- find and prevent fraud and other illegal activity; and
- for compliance purposes, including enforcing our Terms of Use or Terms of Service located at https://docs.coreweave.com/policies/terms-of-service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
Information We Receive from Third Parties
We may receive information that third parties provide to us, which may include information about you. This Privacy Policy does not apply to information collected through or by any third party. If you have any questions about such third parties’ privacy practices, you should review their privacy policies.2. How We Share Information
We may share personal data with:- Vendors and Service Providers. We may share personal data with third-party vendors and service providers that perform services on our behalf, such as supporting our Services, conducting promotional and/or marketing activities, and providing you with relevant information, including product announcements, software updates, special offers, or other communications.
- Aggregated or Anonymized Information. Where legally permissible, we may use and share aggregated or anonymized information with our partners. This information cannot reasonably be used to identify you.
- Third-Party Partners. We may share information with third-party partners to obtain additional publicly available information about you.
- Referrals. If you create an account or access our Services through a referral, we may share limited information with the referrer to notify them that you have registered or engaged with the Services.
- Analytics Providers. We may use analytics providers, such as Google Analytics, which use cookies and similar technologies to collect non-identifying information about usage of our Sites and Services. Google provides additional information about its data practices and privacy options at https://www.google.com/policies/privacy/partners/.
- Business Transfers. We may disclose or transfer personal data to a potential acquirer, successor, or assignee as part of any proposed or actual merger, acquisition, debt financing, sale of assets, or similar transaction, or in connection with bankruptcy, insolvency, or receivership, where personal data is transferred as a business asset.
- Legal Obligations and Protection. We may share information as necessary to: (i) comply with applicable laws, regulations, legal processes, or governmental requests; (ii) enforce this Privacy Policy or any agreement we may have with you, including, without limitation, our Terms of Service, including investigating potential violations; (iii) detect, prevent, or address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property, or safety, as well as those of our users or the public. This may include sharing information with other companies and organizations for fraud prevention and spam or malware protection.
- Affiliates. We may share information between and among CoreWeave and any current or future parent, subsidiary, and/or affiliated company, including for cross-context behavioral advertising purposes.
- With Your Consent. We may share information with your consent.
3. Cookie Notice
We use cookies and other related technologies (including, but not limited to pixels, web beacons, embedded scripts, mobile SDKs, local storage, and tokens) when you visit our Sites or use our Services. Cookies are small text files placed on a user’s device when visiting a website or using an online service. They enable the collection of information that allows a website to recognize a device, support functionality and security, analyze usage, and facilitate marketing activities. Types of Cookies We Use:- Strictly Necessary Cookies: Required for the operation, security, and accessibility of the Sites and Services (e.g., authentication, fraud prevention, load balancing). These cookies cannot be disabled and do not require consent under EU ePrivacy laws.
- Functional Cookies: Enable enhanced functionality and personalization, such as remembering preferences.
- Analytics Cookies: Help us understand how users interact with our Sites and Services so we can improve performance and usability (e.g., Google Analytics).
- Marketing Cookies: Used to measure the effectiveness of marketing campaigns and, where permitted, to provide relevant advertising.
4. Third-party Services
You may access other third-party services through our Sites or your use of the Services, for example by clicking on links to those third-party services from within our Sites or if a third-party service has been integrated with the Services. CoreWeave is not responsible for the privacy policies or practices of third-party services, and this Privacy Policy does not apply to information collected by third parties. We encourage you to review the privacy policies of any third-party services you access. Links or integrations with third-party services do not constitute an endorsement, affiliation, or representation regarding their privacy or information security practices.5. Security
CoreWeave is committed to protecting your information. We employ administrative, technical, and organizational security measures designed to protect personal data from unauthorized access, use, alteration, or disclosure. We follow industry-recognized information security standards appropriate to the nature and risk of the processing involved. However, no system or method of transmission over the Internet is completely secure, and we cannot guarantee absolute security of your personal data.6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer have a legitimate business need or legal obligation to process personal data, we will delete, anonymize, or securely isolate such data. If deletion is not immediately possible (for example, due to backup systems), the data will be securely stored and isolated until deletion is feasible. If you have questions about data retention, please contact [email protected].7. Use of Emerging Tech Such as Artificial Intelligence and Machine Learning
CoreWeave may use technologies such as artificial intelligence (AI) and machine learning (ML) when processing your data to operate, maintain, improve, and develop our Services. Where required by applicable law, we will provide notice or obtain consent before using such technologies to process your data. AI and ML technologies may also be used to improve system performance, security, and customer experience.8. International Data Transfers
CoreWeave operates globally and may transfer personal data to countries that may not provide the same level of data protection as your country of residence. Where required, we use appropriate safeguards, such as Standard Contractual Clauses.9. EEA and UK Residents Data Protection Rights
Data protection laws distinguish between a “controller” and a “processor.” Customers are controllers of Customer Data uploaded to the Services. CoreWeave is the controller of personal data collected directly through the Sites or outside of Customer Data. If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to:- Access, correct, or delete your personal data
- Object to or restrict certain processing
- Request data portability
- Withdraw consent, where processing is based on consent
- Lodge a complaint with a supervisory authority
10. Consumer Data Protection Rights
The law of your jurisdiction may provide you with certain rights regarding our use of your personal data. Subject to any exceptions and/or exemptions under applicable law, you may, for example, have the following rights with respect to your personal data collected by us:I. Categories of Personal Data
We may collect and share the following categories of personal data:- Identifiers (e.g., name, email address, IP address, social security number, state identification number, signature, personal photograph)
- Customer records information (e.g., contact details, billing information)
- Internet or network activity (e.g., usage data, log data)
- Geolocation data (limited and used for security and fraud prevention)
- Professional or employment-related information (e.g., job application data)
- Demographic information (e.g., age, gender, marital status, military or veteran status, financial information, insurance information, medical or health information)
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
II. Consumer Privacy Rights
Subject to certain exceptions, you may have the right to:- Know the categories and specific pieces of personal data we collect, use, disclose, or share
- Delete personal data we have collected
- Correct inaccurate personal data
- Portability of your personal data that we collected
- Limit the use and disclosure of sensitive personal data
- Opt-out of the sharing of your personal data
- Withdraw your consent to our processing of certain personal data
- File a complaint with the appropriate state’s attorney general’s office
- Not be discriminated against for exercising your privacy rights
