Provisions Index

WHOOP may terminate or suspend a user's account and access to the service, with or without notice, if WHOOP determines in its sole discretion that the user has violated applicable law or harmed other users, third parties, or WHOOP....

Why it matters: This provision grants WHOOP broad discretion to suspend or terminate accounts without prior notice based on its own assessment of user conduct, which may affect subscribers mid-membership period without a defined appeal or review mechanism disclosed in these Terms....

View provision → Watch Whoop →

Klarna installment financing is issued by WebBank with APRs ranging from 0.00% to 35.99% depending on creditworthiness and term length; all loans are subject to credit approval and minimum purchase amounts may apply....

Why it matters: This provision establishes the disclosed cost-of-credit range and issuing bank relationship for Klarna installment financing, which are material Regulation Z disclosure obligations enforceable by the CFPB....

View provision → Watch Klarna →

The Klarna Card, issued by WebBank under a Visa U.S.A. Inc. license, carries a 28.99% APR that applies specifically to all moved or split transactions....

Why it matters: This provision establishes the cost of credit for a specific card feature (moving or splitting transactions) and is a material disclosure for Klarna Card holders who use these features....

View provision → Watch Klarna →

Cashback earned through the Klarna app is deposited into a Klarna Balance account and can only be redeemed within the Klarna platform; cashback issuance is subject to store approval and may be reduced or withheld based on cookie settings, combined offers, product exclusions, or other factors....

Why it matters: This provision establishes that cashback funds are not transferable outside the Klarna platform and that issuance is conditional on multiple third-party and technical factors, which affects the reliability and utility of the cashback benefit....

View provision → Watch Klarna →

The Klarna Card is issued by WebBank, a Utah-chartered industrial bank, under a license from Visa U.S.A. Inc.; Klarna operates as the program manager rather than the card issuer....

Why it matters: This provision establishes the legal structure under which the Klarna Card is offered, with WebBank as the creditor of record, which determines the applicable regulatory framework including federal preemption of state usury laws and FDIC oversight....

View provision → Watch Klarna →

The policy states that Equifax retains personal information for as long as necessary for business, legal, and regulatory purposes without specifying fixed retention periods for most data categories....

Why it matters: This provision establishes an open-ended retention standard that does not specify maximum retention durations for sensitive data categories such as Social Security numbers, financial account data, or credit history, which may require further evaluation under GDPR's storage limitation principle and CPRA's data minimization requirements....

View provision → Watch Equifax →

The policy states that residents of California, Virginia, Colorado, Connecticut, and Texas have rights to access, correct, delete, and opt out of the sale or sharing of personal information, exercisable through Equifax's privacy portal or by telephone....

Why it matters: This provision establishes the consumer rights infrastructure for multiple U.S. state privacy statutes, including CPRA, VCDPA, CPA, CTDPA, and TDPSA, and specifies the operational channels available to exercise those rights....

View provision → Watch Equifax →

The policy states that EU and UK data subjects have rights under GDPR and UK GDPR including access, rectification, erasure, restriction, portability, and objection to processing, and that Equifax's lawful bases for processing include consent, contract performance, legal obligation, and legitimate interest....

Why it matters: This provision establishes that Equifax processes personal data of EU and UK residents subject to GDPR and UK GDPR obligations, including the requirement to document and disclose lawful bases for each processing activity and to respond to data subject rights requests within statutory timeframes....

View provision → Watch Equifax →

The policy authorizes Equifax to disclose personal information including sensitive financial and credit data to law enforcement and government agencies in response to legal process, governmental requests, or when Equifax determines disclosure is necessary to protect rights, property, or safety....

Why it matters: This provision establishes that Equifax may disclose personal information to government entities not only in response to formal legal process but also based on Equifax's own assessment of necessity to protect rights or safety, a standard that is broader than a strict legal compulsion requirement....

View provision → Watch Equifax →

The policy states that Equifax and its service providers use cookies, pixels, web beacons, and log files to collect device identifiers, IP addresses, browser type, operating system, browsing history, and behavioral data from users of its websites and mobile applications for analytics and advertising purposes....

Why it matters: This provision establishes that behavioral and device data is collected through automated tracking technologies not only by Equifax but also by third-party service providers and advertising partners, creating data flows that may qualify as sales or shares under CPRA and that engage GDPR's consent requirements for non-essential cookies....

View provision → Watch Equifax →

Users grant OpenSea a worldwide, royalty-free, sublicensable license to use, copy, modify, create derivative works from, distribute, and publicly display any content they submit to the platform, in connection with operating the service....

Why it matters: This provision authorizes OpenSea to sublicense user-submitted content including NFT images, metadata, and creative materials to third parties in connection with service operations. The sublicensability of this grant means the license can be extended to downstream service providers and partners without further user consent....

View provision → Watch OpenSea →

Users are required to defend and reimburse OpenSea for any legal costs, damages, and fees arising from the user's breach of the terms, unauthorized use of the service, or violation of third-party rights including intellectual property and privacy rights....

Why it matters: This provision creates a broad indemnification obligation running from users to OpenSea, covering legal defense costs and damages for any claim arising from user conduct, including third-party IP and privacy claims. The scope extends to attorneys' fees, which may create significant financial exposure for users involved in any contested NFT transaction or content dispute....

View provision → Watch OpenSea →

OpenSea states that it does not hold, control, or take custody of any digital assets at any time and is not a party to any transaction between users, disclaiming responsibility for transaction outcomes or performance....

Why it matters: This provision establishes the operational and legal boundary of OpenSea's role as a technology intermediary rather than a custodian or counterparty, which affects the remedies available to users in the event of transaction failures, smart contract errors, or disputed asset ownership....

View provision → Watch OpenSea →

This clause prohibits a range of activities including automated scraping, uploading malware, harvesting personally identifiable information, and actions that impose unreasonable load on the platform infrastructure. OpenSea retains sole discretion to determine what constitutes an unreasonable load....

Why it matters: This provision grants OpenSea sole discretion to determine what constitutes prohibited conduct in several categories, including infrastructure load, which creates a broad enforcement trigger that could affect API users, developers, and institutional data consumers....

View provision → Watch OpenSea →

OpenSea may terminate any user's account access at any time, at its sole discretion, without notice. Users may cancel their accounts by emailing support@opensea.io. Certain provisions of the agreement survive termination....

Why it matters: This provision reserves OpenSea's right to terminate platform access without prior notice and without stated cause, which affects users' ability to manage or transfer digital assets held in connected wallets or pending transactions at the time of termination....

View provision → Watch OpenSea →

OpenSea reserves the right to modify the terms at any time at its sole discretion. The company states it will attempt to provide 30 days' notice for material changes, with materiality determined by OpenSea alone. Continued use of the service after changes take effect constitutes acceptance....

Why it matters: This provision gives OpenSea unilateral authority to modify the terms, with materiality of changes determined at its own discretion. Continued platform use constitutes acceptance of revised terms without requiring affirmative user consent....

View provision → Watch OpenSea →

The service is restricted to users aged 13 and older. Users aged 13 to 17 may use the service only with parental or guardian consent and supervision, with the parent or guardian agreeing to be bound by the terms....

Why it matters: This provision establishes minimum age thresholds and parental consent requirements for minor users, which creates COPPA compliance considerations for users under 13 and operational consent verification obligations for users aged 13 to 17....

View provision → Watch OpenSea →

The policy states that HubSpot collects personal data that users directly provide, data generated through use of the services, and data received from third-party websites, services, and partners....

Why it matters: This provision establishes the three primary collection channels and authorizes ingestion of data from external third-party sources in addition to direct user input and behavioral data, which has implications for data mapping and consent chain documentation....

View provision → Watch HubSpot →

The policy authorizes HubSpot to share user data with advertising vendors who use cookies, web beacons, and similar tracking technologies to deliver targeted advertisements on third-party websites and services....

Why it matters: This provision authorizes disclosure of user browsing and activity data to advertising technology vendors for cross-site targeting purposes, which may require evaluation under GDPR consent requirements and ePrivacy Directive guidance applicable to cookie-based tracking in EU member states....

View provision → Watch HubSpot →

The policy discloses that personal data may be transferred internationally, including to the United States, and states that HubSpot uses Standard Contractual Clauses as a transfer mechanism for EU data....

Why it matters: This provision establishes Standard Contractual Clauses as the primary mechanism for cross-border data transfers out of the EEA, which requires that a transfer impact assessment be conducted and documented for organizations subject to GDPR requirements....

View provision → Watch HubSpot →

The policy states that individuals in the EEA, UK, and Switzerland have rights to access, rectification, erasure, restriction, objection, and portability of their personal data, and the right to lodge complaints with supervisory authorities....

Why it matters: This provision documents HubSpot's acknowledgment of GDPR and UK GDPR data subject rights and the supervisory authority complaint pathway, establishing the operational framework for EU and UK individuals to exercise rights in relation to HubSpot-controlled data....

View provision → Watch HubSpot →

The policy states that California residents have rights under the CCPA and CPRA to know, delete, and opt out of the sale or sharing of their personal information, and have a right to non-discrimination for exercising these rights....

Why it matters: This provision documents HubSpot's CCPA and CPRA compliance posture for California residents and establishes the non-discrimination guarantee, which is a statutory requirement under CPRA....

View provision → Watch HubSpot →

The policy states that HubSpot uses cookies, web beacons, and similar tracking technologies to monitor user activity and store information, and discloses that refusing cookies may limit access to certain service features....

Why it matters: This provision establishes HubSpot's use of persistent and session-based tracking mechanisms across its services, which engages consent requirements under GDPR and ePrivacy rules for EU users and disclosure obligations under CCPA for California users....

View provision → Watch HubSpot →

The policy states that personal data is retained for as long as there is a legitimate business need, including service delivery and legal, tax, or accounting compliance obligations, without specifying fixed retention periods for individual data categories....

Why it matters: This provision establishes a principles-based rather than fixed-period retention framework, which may require evaluation under GDPR data minimization and storage limitation principles where specific retention schedules are expected by supervisory authorities....

View provision → Watch HubSpot →

The statement discloses that Zoom collects audio recordings, video, chat messages, transcripts, whiteboard content, and other material generated during meetings, calls, and webinars. This collection applies regardless of whether recording or transcription features are explicitly activated by the user....

Why it matters: This provision establishes that Zoom's data collection scope includes the substantive content of communications, not only metadata or usage signals. For enterprise accounts processing confidential business discussions, legal communications, or healthcare-related conversations, this collection scope is relevant to data classification and retention assessments....

View provision → Watch Zoom →

The statement asserts that Zoom does not use customer-generated meeting content such as audio, video, chat, or transcripts to train Zoom's own AI models or those of third parties. The statement separately discloses that Zoom may use service-generated data, usage data, and telemetry to improve and operate AI-powered features....

Why it matters: This provision establishes a stated restriction on using meeting content for AI model training, which is directly relevant to enterprise and institutional customers with confidentiality or data use obligations. The distinction between 'customer content' covered by this restriction and other data categories used for AI improvement is a material interpretive boundary that compliance teams should assess against their contractual requirements....

View provision → Watch Zoom →

The statement authorizes sharing of personal data, potentially including meeting content and user information, with third-party applications connected through the Zoom App Marketplace or API integrations when enabled by the user or account administrator. Zoom states that data shared with these third parties is then governed by the third party's own privacy policies rather than Zoom's statement....

Why it matters: This provision establishes that enabling third-party integrations creates a separate data relationship governed outside Zoom's privacy framework. For enterprise accounts, administrators enabling Marketplace apps on behalf of an organization are authorizing data flows that Zoom's own privacy protections do not cover, requiring independent vendor assessment for each integration....

View provision → Watch Zoom →

The statement authorizes Zoom to share data with advertising and analytics partners who use cookies, pixel tags, and tracking technologies to collect browsing and usage data across Zoom's products and potentially other websites. This data may be used to deliver targeted advertising....

Why it matters: This provision establishes that Zoom's web and product surfaces involve third-party tracking infrastructure for advertising purposes. California residents have CCPA and CPRA rights to opt out of the sale or sharing of personal information for cross-context behavioral advertising, and the statement should provide a mechanism to exercise this right....

View provision → Watch Zoom →

The statement restricts Zoom's products to users 16 years of age and older and states that Zoom does not knowingly collect personal data from users under 16. Users under 16 are directed not to use Zoom's products....

Why it matters: This provision establishes Zoom's stated age threshold at 16, which is above the 13-year threshold established by COPPA in the United States but aligns with GDPR's default age of digital consent in several EU member states. Educational institutions deploying Zoom for students younger than 16 should review whether separate contractual terms or product configurations govern those deployments....

View provision → Watch Zoom →

The statement discloses that Zoom retains personal data for varying periods depending on data type, purpose, legal obligations, and dispute resolution requirements, without specifying fixed retention periods for most data categories....

Why it matters: The absence of specific retention period commitments for most data categories in the statement means users and enterprises cannot determine from this document alone how long meeting recordings, transcripts, or usage data are retained. This is relevant for compliance teams conducting data minimization assessments....

View provision → Watch Zoom →

The statement authorizes Zoom to disclose personal data, including meeting content, to government authorities and law enforcement when required by law or when Zoom determines disclosure is necessary to protect rights or safety. No specific warrant or court order requirement is stated as a threshold in the privacy statement itself....

Why it matters: This provision establishes that Zoom may share user data including meeting content with law enforcement in response to legal process or in Zoom's assessment of necessity for safety purposes. The scope of Zoom's discretionary disclosure authority and any transparency reporting practices are relevant to enterprise and institutional risk assessments....

View provision → Watch Zoom →

The policy applies not only to individuals with Stripe accounts but also to end customers of businesses that use Stripe to process transactions, who may have no direct relationship with Stripe....

Why it matters: This provision establishes that Stripe processes personal data of individuals who interact with merchant websites powered by Stripe technology, even absent a direct account relationship, which creates distinct data subject rights obligations and controller-processor role considerations under GDPR and CCPA....

View provision → Watch Stripe →

The policy authorizes Stripe to use transaction, identity, and device data across its network of merchants and financial partners for fraud detection and financial risk assessment purposes....

Why it matters: This provision permits Stripe to share personal and financial data across its broader merchant ecosystem for fraud prevention purposes, which implicates data minimization and purpose limitation requirements under GDPR and equivalent frameworks, and may affect individuals' transaction outcomes across multiple unrelated merchants....

View provision → Watch Stripe →

The policy authorizes Stripe to share personal data including device identifiers, browsing activity, and transaction-related information with advertising networks and analytics providers....

Why it matters: This provision permits disclosure of behavioral and transactional data to third-party advertising and analytics services, which engages CCPA opt-out rights for sale or sharing of personal information and GDPR consent requirements for non-essential processing....

View provision → Watch Stripe →

The policy discloses that Stripe transfers personal data internationally and relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses as transfer mechanisms for data flows from the EU, UK, and other jurisdictions to the United States....

Why it matters: This provision establishes the legal mechanisms Stripe relies upon for cross-border data transfers, which are subject to ongoing regulatory review and potential challenge; organizations processing EU or UK personal data through Stripe must confirm these mechanisms remain current and adequate under applicable law....

View provision → Watch Stripe →

The policy states that Stripe relies on legitimate interests as one of its legal bases for processing personal data, with the specific basis for each processing activity disclosed in the Privacy Center....

Why it matters: Reliance on legitimate interests as a processing basis under GDPR requires a balancing test against data subject rights and interests; the policy directs users to the Privacy Center for specifics, meaning the legal basis documentation is distributed across multiple documents rather than consolidated in this policy....

View provision → Watch Stripe →

This provision designates Perplexity as a data processor and restricts its processing of personal data to documented instructions from the customer acting as controller, with an exception for legally required processing....

Why it matters: This clause establishes the foundational processor-controller relationship required by GDPR Article 28, and its scope directly determines whether Perplexity's AI processing activities remain within the customer's instructed purposes or constitute independent controller activity....

View provision → Watch Perplexity AI →

This provision authorizes Perplexity to use sub-processors to fulfill its service obligations, requires advance notice of sub-processor changes, provides a customer objection window, and permits termination if an objection cannot be resolved....

Why it matters: This clause governs the sub-processor oversight mechanism required by GDPR Article 28(2); the practical enforceability of the objection right depends on the notice period length and whether the termination remedy is commercially available to the customer without penalty....

View provision → Watch Perplexity AI →

This provision requires Perplexity to maintain technical and organizational security measures proportionate to the risk of processing, and to notify customers without undue delay upon discovering a personal data breach involving customer personal data....

Why it matters: This clause establishes Perplexity's security obligations under GDPR Article 32 and its breach notification obligation under GDPR Article 33; the 'without undue delay' standard for processor-to-controller notification is intended to enable the controller to meet its own 72-hour supervisory authority reporting obligation....

View provision → Watch Perplexity AI →

This provision requires Perplexity to provide technical and organizational assistance to enable enterprise customers to fulfill data subject rights requests, including access, rectification, erasure, restriction, portability, and objection, to the extent feasible given the nature of the processing....

Why it matters: This clause addresses the GDPR Article 28(3)(e) requirement that processors assist controllers with data subject rights obligations; the 'insofar as this is possible' qualification may limit the scope of assistance available for AI-processed data where individual-level data retrieval or deletion is technically constrained....

View provision → Watch Perplexity AI →

This provision grants enterprise customers the right to audit Perplexity's compliance with its DPA obligations, either directly or through a mandated third-party auditor, and requires Perplexity to provide supporting documentation and access....

Why it matters: Audit rights are required under GDPR Article 28(3)(h) and are operationally significant for customers conducting vendor due diligence; the practical scope of the audit right, including whether it covers on-site inspection or documentation review only, determines its utility for compliance verification....

View provision → Watch Perplexity AI →

This provision requires Perplexity to either return or delete all customer personal data upon termination of the agreement, subject to any applicable legal retention requirements, at the customer's election....

Why it matters: This clause implements the GDPR Article 28(3)(g) data return and deletion requirement and is operationally significant for customers managing data lifecycle obligations and vendor offboarding procedures....

View provision → Watch Perplexity AI →

The agreement authorizes Acorns to modify the Terms at any time, with notice of material changes delivered via email or in-app notification. Continued use of the services after changes become effective constitutes acceptance of the revised terms, including any fee changes....

Why it matters: This provision establishes that Acorns determines unilaterally whether a change is material and what notice is required, with continued platform use serving as the mechanism for acceptance. This applies to subscription fee modifications as well as substantive rights and obligations under the agreement....

View provision → Watch Acorns →

The agreement grants Acorns a worldwide, non-exclusive, royalty-free license to use, reproduce, modify, publish, transmit, display, and distribute any content users submit to the platform, including the right to sublicense that content. This license covers all media and distribution methods, including those not yet developed....

Why it matters: This provision establishes that user-submitted content, which in the context of a financial services platform may include communications, profile information, and other user-generated material, is licensed to Acorns for broad use and sublicensing across current and future distribution channels. The scope of the license is not expressly limited to operational purposes....

View provision → Watch Acorns →

The agreement authorizes Acorns to terminate or suspend user accounts immediately, without prior notice or stated justification, at Acorns' sole discretion. This applies to access to all services covered by the Terms....

Why it matters: This provision establishes that account access to brokerage, IRA, banking, and custodial investment services may be suspended or terminated without advance notice, which has direct operational implications for users' access to investment accounts and banking services. The absence of a stated notice period or cure mechanism is operationally significant given the financial services context....

View provision → Watch Acorns →

The agreement disclaims all express and implied warranties regarding the services, including warranties of merchantability, fitness for a particular purpose, and non-infringement. Services are provided on an as-is basis with no warranty of availability or performance....

Why it matters: This provision establishes that Acorns makes no contractual warranties regarding service availability, performance, or fitness for purpose, which in the context of investment and banking services has operational implications for users relying on platform availability for account management. The enforceability of warranty disclaimers in regulated financial services contexts may be constrained by applicable securities and consumer protection regulations....

View provision → Watch Acorns →

The policy authorizes TaskRabbit to share personal information with unnamed third parties for advertising purposes, with additional detail on advertising-related cookie use referenced in the Cookie Policy....

Why it matters: This provision establishes a basis for personal information disclosure to third-party advertising entities without identifying those entities by name, which may require evaluation against GDPR Article 13 transparency obligations and CCPA disclosure requirements for categories of third parties receiving data....

View provision → Watch TaskRabbit →

The policy reserves TaskRabbit's right to disclose personal information to third parties at its sole discretion when it believes there has been an injury or interference with user rights, company rights, partner rights, or the rights of the general public....

Why it matters: This provision establishes a broad discretionary disclosure basis that extends beyond law enforcement requests and legal obligations, authorizing disclosure based on the company's own assessment of injury or interference with a wide range of parties including partners and the general public....

View provision → Watch TaskRabbit →

The policy acknowledges that advertising technology activities may qualify as a CCPA sale and provides a Do Not Sell My Personal Information opt-out mechanism for California residents via a linked third-party opt-out platform....

Why it matters: This provision discloses that advertising data sharing may meet the CCPA definition of sale and establishes an operative opt-out right for California residents, while simultaneously asserting that the company does not sell data in the traditional sense, a qualification that may affect the scope of the opt-out as understood by consumers....

View provision → Watch TaskRabbit →

The policy authorizes collection of location data including precise latitude and longitude coordinates as well as IP-derived and postal code level location information....

Why it matters: This provision establishes that the platform collects precise geographic coordinates in addition to approximate location data, which constitutes sensitive personal information under CCPA and may require distinct handling under GDPR and applicable state privacy laws....

View provision → Watch TaskRabbit →