Provisions Index

The policy states that Epic collects personal information not only from users directly and through automated means, but also from third parties. The specific categories of third parties and the types of information obtained from them are described in Section 3 of the policy....

Why it matters: This provision establishes that personal information about users may be received from third-party sources, which is operationally significant for data mapping, GDPR Article 14 transparency obligations (which require notice to data subjects about information obtained from third parties), and CCPA's requirements to disclose categories of sources from which personal information is collected....

View provision → Watch Unreal Engine →

The policy defines the data controller as Epic Games, Inc. and its subsidiaries and affiliates that provide the Epic Services, with specific controller identity determined by Section 12. This structure means the applicable data controller may vary depending on the Epic Service the user is accessing....

Why it matters: The policy's use of a group-level data controller definition, with the specific responsible entity identified only in Section 12, is operationally significant under GDPR, which requires clear identification of the data controller and their contact details in privacy notices. Users and compliance teams must consult Section 12 to determine which entity holds data controller responsibility for a specific service or jurisdiction....

View provision → Watch Unreal Engine →

The terms are governed by California law, and any permitted court proceedings must be brought in state or federal courts in San Mateo County, California....

Why it matters: This provision designates California law and San Mateo County courts as the exclusive forum for any permitted litigation, which operationally limits users outside California who seek court-based remedies to the extent that mandatory arbitration does not apply....

View provision → Watch Roblox →

The HTML document provided resolves to a JavaScript-dependent single-page application shell. No privacy policy text was present in the submitted source, so no provisions can be extracted or quoted....

Why it matters: Without access to the rendered policy content, no provisions can be assessed for legal, operational, or compliance significance. Teams requiring policy analysis should obtain the fully rendered document....

View provision → Watch Postman →

The agreement states that California law governs disputes arising under the Terms of Use, except where federal law applies, and without applying California's conflict of law rules....

Why it matters: This provision establishes the legal framework under which disputes would be evaluated, which is operationally relevant for determining which consumer protection statutes and substantive rights apply to claims arising from SoFi's financial services....

View provision → Watch SoFi →

The policy states that Audible retains personal data for as long as necessary to fulfill the purposes described in the notice, to comply with legal obligations such as tax and accounting requirements, or as otherwise communicated, without specifying fixed retention periods for most data categories....

Why it matters: This provision establishes an open-ended retention standard tied to service purposes and legal requirements rather than fixed timeframes. Under GDPR, the absence of specific retention periods for each data category may present compliance exposure, as the regulation requires personal data to be kept in a form that permits identification no longer than necessary for the stated purpose....

View provision → Watch Audible →

The policy states that in the event of a merger, acquisition, or sale of assets, user personal data including account information, listening history, and usage data will likely be transferred to the acquiring entity as part of the transaction....

Why it matters: This provision reserves the right to transfer personal data to a successor entity in a business transaction without requiring individual user consent, which is a standard commercial clause but has implications for users whose data may be processed by a new entity under different privacy practices....

View provision → Watch Audible →

The policy requires that all ad creatives meet stated quality standards including clarity, legibility, product relevance, and consistency with the linked landing page, in addition to satisfying TikTok's technical format specifications for audio and visual elements....

Why it matters: This provision establishes that creative compliance is assessed both on substantive content standards and on technical format specifications, creating two independent compliance checkpoints that must both be satisfied for ad approval....

View provision → Watch TikTok Ads →

AWS grants customers a limited, revocable, non-exclusive, non-sublicensable, and non-transferable license to access and use AWS services and AWS content solely as necessary for permitted service use during the agreement term. The license does not extend to sublicensing or transferring access rights to third parties....

Why it matters: The license is explicitly revocable, meaning AWS may withdraw the right to use services and content consistent with the suspension and termination provisions elsewhere in the agreement. The non-transferable nature of the license is relevant for customers undergoing corporate restructuring, mergers, or acquisitions, as transferring AWS access rights may require AWS consent....

View provision → Watch AWS →

The agreement grants users a non-exclusive license to store, access, view, use, and display purchased Content on their devices for personal, non-commercial use only, with all rights not expressly granted reserved by Google. The license is limited to uses explicitly authorized in the Terms and associated policies....

Why it matters: This provision establishes that Content purchases on Google Play do not convey ownership or broad usage rights, but a restricted non-exclusive license for personal and non-commercial use only. Under this clause, uses including commercial display, redistribution, sublicensing, and modification are prohibited....

View provision → Watch Google Play Store →

The notice states that the complete Privacy Notice consists of the main page and additional product-specific or region-specific sub-notices, meaning the full scope of data practices applicable to a given user or product context requires review of multiple linked documents....

Why it matters: This provision establishes that the main notice is not a self-contained disclosure; the operational scope of data collection, use, and sharing obligations for specific products or user groups is distributed across multiple linked documents that must be reviewed collectively to assess compliance....

View provision → Watch Smartsheet →

The policy states that Ford's services are not directed to children under age 13 and that Ford does not knowingly collect personal information from children under 13, with a commitment to delete such data if discovered....

Why it matters: This provision establishes Ford's COPPA compliance posture by disclaiming intentional collection of personal information from children under 13 and committing to deletion if such data is inadvertently collected....

View provision → Watch Ford →

The policy states that Jasper's services are not directed to users under age 16 and that Jasper does not knowingly collect personal data from children under 16, with a stated commitment to delete such data if discovered....

Why it matters: This provision establishes the age threshold Jasper applies for child data restrictions at 16 rather than the COPPA threshold of 13, which creates a broader stated restriction aligned with GDPR's Article 8 requirements for children's consent in several EU member states....

View provision → Watch Jasper AI →

Perplexity retains full ownership of the API, underlying AI models, and associated technology. Developers receive only the access rights expressly granted by the agreement and acquire no ownership interest in the API or its components....

Why it matters: This provision establishes that developer integration of the Perplexity API does not create any ownership or license rights beyond those explicitly granted, meaning that Perplexity retains full control over the API's capabilities, pricing, availability, and terms of access at all times....

View provision → Watch Perplexity AI →

The agreement is governed by California law, and disputes must be litigated in state or federal courts in San Francisco County. No arbitration clause or class action waiver is specified in the document text reviewed....

Why it matters: This provision requires developers outside California to litigate disputes in San Francisco County courts, which may create geographic and logistical burdens for international or non-California-based developers. The governing law designation determines which jurisdiction's consumer, contract, and data protection law applies to interpretation of the agreement....

View provision → Watch Perplexity AI →

The document discloses that Windsurf makes background requests to its servers without user-triggered input events, for the purposes of building context, understanding developer intent, and scanning for potential next steps. Embedding computation requests are also made proactively to process existing codebases....

Why it matters: This provision establishes that data transmission to Windsurf servers occurs continuously during IDE use, not only in response to explicit user actions. Compliance teams assessing network traffic, data minimization, and consent requirements should account for this continuous background data transmission in their assessments....

View provision → Watch Windsurf →

The policy states that RunPod collects account identifiers (name, email, password), billing and payment information, and user communications directly provided by users during account creation and platform use....

Why it matters: This provision defines the baseline categories of personal data that RunPod collects and processes, which establishes the scope of data subject rights requests and the perimeter of any applicable data processing agreements between RunPod and its enterprise customers....

View provision → Watch RunPod →

The policy authorizes use of personal information to send promotional communications about RunPod products, services, events, and partner offerings, and provides an opt-out mechanism via unsubscribe links or email to privacy@runpod.io....

Why it matters: This provision authorizes marketing communications that may include partner offerings, extending the use of personal data beyond RunPod's own services, and provides a stated opt-out mechanism that users can exercise at any time....

View provision → Watch RunPod →

The policy states that RunPod may update the privacy policy at any time and will notify users by posting the revised policy on its website, without committing to direct user notification such as email for material changes....

Why it matters: This provision permits policy changes to take effect upon posting without requiring direct outbound notification to users, which may create a practical gap in user awareness of material changes to data processing terms and may require evaluation under GDPR requirements for transparent communication of changes....

View provision → Watch RunPod →

The page states that Writer's platform is designed to meet enterprise security, privacy, and compliance requirements, presenting this as a trust assurance to prospective and current enterprise customers....

Why it matters: This provision constitutes a public-facing compliance representation made by Writer, Inc. to enterprise customers. The specific frameworks, certifications, and audit mechanisms underlying this claim are not disclosed in the document text provided, as the page was truncated before substantive content appeared....

View provision → Watch Writer →

The agreement establishes a DMCA infringement notice procedure requiring submission through the Uniswap Labs Help Center, with specified required elements including owner signature, work identification, infringing material identification, contact information, good faith belief statement, and accuracy statement under penalty of perjury....

Why it matters: This provision establishes the operational procedure for intellectual property infringement claims related to content on Uniswap Labs products, including the specific information required to submit a valid DMCA notice and the availability of a counter-notice process for removed content....

View provision → Watch Uniswap →

The policy states that Coursera prohibits registration by users under 13, does not knowingly collect personal data from this age group, and states it will remove data collected from under-13 users upon discovery....

Why it matters: This provision establishes Coursera's COPPA compliance posture by prohibiting under-13 user registration and committing to data removal upon discovery. The policy does not describe specific age-verification mechanisms, which is an operational consideration for COPPA compliance assessments....

View provision → Watch Coursera →

The policy states that Coursera implements technical and organizational security measures for personal data but acknowledges that no internet transmission or electronic storage method is fully secure....

Why it matters: This provision discloses Coursera's security posture using a standard industry disclaimer that appropriate measures are in place but absolute security cannot be guaranteed. The document does not specify the particular security standards, certifications, or frameworks used, which limits third-party assessment of adequacy....

View provision → Watch Coursera →

The Hub parses YAML-formatted metadata from the top of each model's README.md file to power search, filtering, and dataset/evaluation linkage features on the platform. Metadata fields including license, language, tags, datasets, and metrics are extracted and indexed by the Hub infrastructure....

Why it matters: This provision establishes that metadata accuracy and completeness in model card YAML headers directly determines how a model is surfaced in Hub search and filtering, affecting discoverability and the accuracy of license and dataset attribution records visible to all downstream users and auditors....

View provision → Watch Hugging Face →

The model card metadata schema includes a structured evaluation results section that allows model publishers to report benchmark performance metrics linked to specific tasks, datasets, and configuration parameters. These structured results are parsed by the Hub and used to populate model comparison and leaderboard features....

Why it matters: This provision establishes the structured format through which model performance claims are disclosed and indexed on the Hub, making the accuracy and completeness of evaluation result fields relevant to how users and automated systems assess and compare model capabilities....

View provision → Watch Hugging Face →

The AUP prohibits denial-of-service attacks, disruptive activity targeting Databricks or other users' systems, and any attempt to gain unauthorized access to Databricks Services, systems, networks, or data....

Why it matters: This provision establishes contractual prohibitions on cyberattack conduct that are also independently governed by applicable computer fraud and cybercrime statutes, reinforcing legal obligations through the AUP framework....

View provision → Watch Databricks →

The AUP explicitly prohibits the generation, transmission, or storage of child sexual abuse material or any content that exploits or harms minors using the Databricks Services....

Why it matters: This provision establishes a contractual prohibition that mirrors independently applicable federal criminal statutes, and its inclusion in the AUP creates an explicit grounds for immediate service termination upon violation....

View provision → Watch Databricks →

The AUP prohibits users from transmitting viruses, trojans, worms, malware, ransomware, or other malicious or harmful programs through the Databricks Services....

Why it matters: This provision establishes a contractual prohibition on malicious code transmission that reinforces applicable computer fraud and cybercrime statutes, and creates explicit grounds for service termination....

View provision → Watch Databricks →

The AUP prohibits using Databricks Services to send unsolicited commercial communications or spam, and prohibits sending communications with falsified or deceptive source information including spoofing and phishing....

Why it matters: This provision establishes contractual prohibitions on spam and deceptive communications conduct that also engages with the CAN-SPAM Act and applicable anti-fraud statutes, creating dual contractual and regulatory exposure for violations....

View provision → Watch Databricks →

Target asserts ownership of all content on its digital services, including text, graphics, photographs, images, video, and audio, and states that all such content is protected by intellectual property laws including copyright, trademark, and trade dress....

Why it matters: This provision establishes Target's assertion of comprehensive intellectual property rights over its platform content and restricts user reproduction, distribution, or commercial use of that content without authorization. The provision applies to all visitors, including those who have not created accounts....

View provision → Watch Target →

The notice states that personal information is retained for as long as necessary to fulfill the purposes described in the notice, to comply with legal obligations such as tax and accounting requirements, or as otherwise communicated to users. No specific retention periods are specified....

Why it matters: This provision establishes a purpose-based and legally required retention framework without specifying concrete retention periods for any category of personal data. The absence of defined retention timelines may complicate data subject deletion requests and may require evaluation under GDPR's storage limitation principle, which requires that data not be kept longer than necessary....

View provision → Watch AWS →

The policy states that ElevenLabs does not knowingly collect personal data from users under age 13 and commits to deleting such data if discovered, consistent with COPPA requirements....

Why it matters: This provision establishes a COPPA-aligned age restriction and deletion commitment for under-13 user data, which is a standard compliance baseline; however, the policy does not describe age verification mechanisms, which may be relevant to enforcement context....

View provision → Watch ElevenLabs →

All ads must pass through LinkedIn's review process before running, with a stated target review time of 24 hours. LinkedIn reserves the right to determine that a previously approved ad is no longer acceptable following policy updates or changes in LinkedIn's position....

Why it matters: This provision establishes that LinkedIn retains discretion to withdraw approval from previously accepted ads when policies are updated or LinkedIn's position changes, creating an ongoing compliance obligation for running campaigns rather than a one-time review requirement at submission....

View provision → Watch LinkedIn →

The policy requires that any site linked from a LinkedIn ad that collects sensitive information must use HTTPS. Sensitive information is defined to include financial data, government identification, login credentials, information about minors or students, and the sensitive data categories defined elsewhere in the policy....

Why it matters: This provision establishes a technical security requirement for advertiser landing pages, extending LinkedIn's policy obligations to the external sites linked from ads. Compliance requires advertisers to audit landing page configurations before campaign submission....

View provision → Watch LinkedIn →

The notice states that drivers' first name, photo, vehicle details, license plate number, average rating, and real-time GPS location are shared with riders and delivery recipients during service interactions....

Why it matters: This provision authorizes real-time location and identifying information to be made visible to members of the public (riders and recipients), which creates personal safety considerations for drivers and constitutes a distinct data sharing pathway from internal or business partner disclosures....

View provision → Watch Uber →

A teen user can request removal of a connected parent or guardian's access by using the dropdown in the Parental Insights tab; the parent or guardian receives an email notification and must confirm approval of the removal request....

Why it matters: This provision establishes that a minor user can initiate disconnection of parental oversight access, subject to parent confirmation via email. The confirmation requirement means a parent receives notice before access is terminated, but the initiation of revocation remains with the teen, which may be relevant to regulatory and institutional assessments of the robustness of the parental oversight mechanism....

View provision → Watch Character.AI →

The Safety Center references a content moderation section and links to community guidelines, presenting these as mechanisms for maintaining platform safety, without disclosing specific moderation criteria, automated systems, human review processes, or enforcement thresholds on this page....

Why it matters: The Safety Center's reference to content moderation and community guidelines without disclosing operational detail means the document functions as a navigational disclosure rather than a substantive description of moderation practices. Compliance assessments of the platform's content governance framework would require review of the separately linked community guidelines and any associated policy documents....

View provision → Watch Character.AI →

The Safety Center identifies Reporting as one of four safety topic areas, with a dedicated linked page, indicating the existence of a user-facing reporting mechanism for safety concerns, though no detail about the reporting process, categories, response times, or escalation procedures is provided on this overview page....

Why it matters: The disclosure of a reporting mechanism is relevant to regulatory assessments of whether the platform provides accessible user complaint and redress procedures, as required or recommended under the FTC Act, COPPA, and platform accountability frameworks. The operational adequacy of the reporting system cannot be assessed from this overview page alone....

View provision → Watch Character.AI →

The policy establishes that users may submit requests for access, correction, erasure, restriction, portability, and objection to processing, depending on applicable law. The most recent policy update added a one-month response commitment for certain privacy rights requests and the right to object to certain types of processing. Rights are subject to legal limitations including retention obligations....

Why it matters: This provision establishes the procedural framework for user privacy rights requests, with a one-month response commitment added in the May 2026 update. The provision conditions the availability and scope of rights on applicable local law, meaning the rights available to a given user depend on their jurisdiction....

View provision → Watch Substack →

The policy authorizes transfer of customer Personal Information to prospective buyers or sellers in connection with a business sale, merger, bankruptcy, or change of control, subject to applicable local laws....

Why it matters: This provision reserves the right to transfer subscriber and user Personal Information as part of a business asset transaction, which could result in Personal Information being transferred to a new entity with different privacy practices. The provision notes that such transfers are subject to local laws but does not specify what protections apply to transferred data....

View provision → Watch Substack →

The terms reference a publicly available Subprocessors List at miro.com/legal/subprocessors-list/, which discloses third-party entities that may process user or customer data in connection with Miro's services....

Why it matters: The Subprocessors List is a material disclosure for customers assessing their data supply chain obligations under GDPR Article 28 and equivalent frameworks. The terms authorize Miro to update this list, and enterprise customers should monitor it for changes that may affect their data transfer or processing assessments....

View provision → Watch Miro →

The terms reference a separate Developer Terms of Use governing access to Miro's developer platform and APIs, applicable to users building integrations or applications on the Miro platform....

Why it matters: The Developer Terms of Use establish a distinct contractual layer for API access and third-party application development, which may include additional restrictions on data use, rate limits, and intellectual property obligations. Developers building on the Miro platform are subject to these terms in addition to the core Terms of Service....

View provision → Watch Miro →

The terms reference a Miro Marketplace Terms of Use governing participation in the Miro Marketplace, which is the platform through which third-party applications and integrations are distributed to Miro users....

Why it matters: The Marketplace Terms of Use establish the contractual basis for third-party application distribution on the Miro platform, affecting both developers who publish apps and users who install them. Marketplace participants are subject to additional terms that may address revenue sharing, content standards, and data handling obligations....

View provision → Watch Miro →

Coinbase applies a flat fee rather than a percentage-based fee for transactions below a specified dollar threshold, with the applicable flat fee amount displayed at the time of transaction. The document indicates flat fees apply to transactions in lower value tiers, with the percentage fee structure applying above those thresholds....

Why it matters: This provision establishes that the fee calculation method switches between flat-rate and percentage-rate depending on transaction size, and the applicable fee is disclosed at checkout rather than in a static published schedule for all transaction sizes. Users making small or infrequent purchases should be aware that the flat fee may represent a higher effective percentage cost on low-value transactions than the stated percentage rates suggest....

View provision → Watch Coinbase →

Coinbase discloses the applicable transaction fee to the user at the point of transaction confirmation, and completion of the transaction constitutes agreement to pay the disclosed fee. The document does not specify a mechanism for advance notice of fee schedule changes outside the transaction flow....

Why it matters: This provision establishes that fee acceptance is incorporated into the transaction confirmation step rather than through a separate consent mechanism, and that the fee schedule as published may be updated without a separately stated advance notice obligation. Users who proceed through transaction confirmation are bound to the fee displayed at that step under these terms....

View provision → Watch Coinbase →

The Coinbase USD Wallet functions as a funding source that qualifies for the lower bank-account-equivalent fee tier, and transfers of USD from a bank account into the Coinbase USD Wallet do not incur an additional fee under these terms. This structure creates a two-step pathway to access lower transaction fee rates....

Why it matters: This provision establishes that the Coinbase USD Wallet is treated equivalently to a bank account for fee tier purposes, providing users with a mechanism to access the lower 1.49% fee rate on purchases while maintaining funds within the Coinbase platform. The document also states that USD transfers into the wallet from a bank account are free, which is operationally relevant for cost planning....

View provision → Watch Coinbase →

The agreement specifies that Massachusetts law governs for US, Canadian, and most other customers, while Irish law governs for EU, EEA, UK, and Swiss customers. Both parties consent to the exclusive jurisdiction of courts in the applicable governing jurisdiction....

Why it matters: This provision establishes the forum and applicable law for dispute resolution, requiring EU/EEA/UK/Swiss customers to litigate in Ireland and US/Canadian customers in Massachusetts, which may create procedural and cost barriers for customers located in other jurisdictions....

View provision → Watch HubSpot →

The document states ElevenLabs' commitment to responsible AI development including safety, fairness, and transparency as guiding principles. These are stated as aspirational commitments and organizational values rather than specific, operationally binding obligations with defined metrics or timelines....

Why it matters: This provision establishes ElevenLabs' stated governance philosophy for AI development and deployment. The aspirational nature of the language means these commitments are not self-executing contractual obligations, and their practical implementation depends on undisclosed internal governance structures and review processes....

View provision → Watch ElevenLabs →

The policy states that users may exercise rights of access, rectification, deletion, portability, restriction, and objection by contacting Miro at privacy@miro.com, with additional rights for California residents under CCPA/CPRA including the right to opt out of sale or sharing of personal information....

Why it matters: This provision establishes the procedural mechanism for data subject rights requests, which is a direct compliance obligation under GDPR, UK GDPR, and CCPA/CPRA, and determines the operational workflow Miro uses to respond to these requests....

View provision → Watch Miro →

The policy references a separate Cookies Policy governing the use of cookies, pixels, and similar tracking technologies on the Miro platform and website, which authorizes use of these technologies for analytics, advertising, and functional purposes....

Why it matters: The use of a separate Cookies Policy means that tracking technology practices are documented outside the main privacy policy, requiring users to review both documents to understand the full scope of data collection via cookies and similar mechanisms....

View provision → Watch Miro →