Provisions Index

Slack distinguishes between 'Customer Data' (content within enterprise workspaces, controlled by the business customer) and other personal data (collected by Slack directly), with different privacy rules applying to each....

Why it matters: If you use Slack through your employer, your employer — not you — controls most of the privacy decisions about your messages and files, including whether they can be accessed, exported, or reviewed by management....

Slack shares personal data with third-party vendors and service providers that perform services on its behalf, such as hosting, analytics, customer support, and payment processing....

Why it matters: Your personal data flows to a range of third-party companies beyond Slack itself, and while Slack states these providers are contractually bound to protect the data, users have no direct relationship with or visibility into these vendors....

When you upload documents or content to DocuSign, you give DocuSign a license to use, store, and process that content to operate and improve its services....

Why it matters: The documents you upload — which may include sensitive contracts, personal information, and legally binding agreements — are licensed to DocuSign for their business purposes, which users may not fully anticipate....

DocuSign can change these terms at any time by posting updated terms on their website and may notify you by email, with continued use of the service constituting acceptance....

Why it matters: Your rights and obligations under this agreement can change without your explicit consent, and continuing to use DocuSign after changes are posted means you've agreed to the new terms....

DocuSign can suspend or terminate your account at any time, including for violations of its acceptable use policy, and may not be required to give you advance notice....

Why it matters: If your account is suspended, you may lose access to documents you've sent or received for signature, which could have significant legal and business consequences....

DocuSign's handling of your personal data is governed by its separate Privacy Policy and, for business customers, a Data Processing Agreement, which are incorporated into these terms by reference....

Why it matters: Your data rights and protections are detailed in separate documents — if you only read the Terms of Service, you may not understand the full scope of how your personal information is collected, used, and shared....

DocuSign shares your personal data with advertising partners and third-party analytics providers, which may be considered a 'sale' or 'sharing' of personal information under California law....

Why it matters: This means your data may be used to target you with ads outside of DocuSign, and California residents have the right to opt out of this....

DocuSign transfers personal data from the EU and UK to the United States and other countries using Standard Contractual Clauses (SCCs) approved by the European Commission....

Why it matters: EU and UK users' data is processed outside their home jurisdiction, which carries regulatory risk if transfer mechanisms are challenged or invalidated....

DocuSign acts as a data controller when handling your data for its own purposes (like marketing), but acts as a data processor when handling data on behalf of business customers who use DocuSign's platform....

Why it matters: If you sign a document sent by a company using DocuSign, that company — not DocuSign — is primarily responsible for how your data is used, which affects where you direct privacy complaints....

DocuSign uses cookies, web beacons, pixels, and similar tracking technologies on its websites and in its products to collect data about your device, behavior, and usage patterns....

Why it matters: These technologies collect data about your online activity even outside of document signing, and some of this data is shared with third-party advertising and analytics partners....

DocuSign retains your personal data for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements....

Why it matters: Your data may be retained for extended periods even after you stop using DocuSign, and the retention period is not precisely defined, giving DocuSign broad discretion....

DocuSign may disclose your personal data to law enforcement agencies, courts, or government authorities in response to lawful requests, subpoenas, or to protect its legal rights....

Why it matters: Your data held by DocuSign, including signed documents, could be disclosed to government authorities without your prior knowledge in response to legal process....

California residents have the right to know what personal information DocuSign collects and sells, the right to delete it, the right to correct it, and the right to opt out of the sale or sharing of their data....

Why it matters: California residents have some of the strongest privacy rights in the US, and DocuSign is required to honor these rights, including providing a clear opt-out mechanism....

Redfin collects your precise location data from your device (if permitted) and also estimates your location from your IP address to customize your experience and show nearby listings....

Why it matters: Precise geolocation data is highly sensitive and can reveal where you live, work, or travel, and may be shared with third parties for advertising purposes....

Redfin may record any phone calls you have with their agents or staff for training and quality assurance purposes....

Why it matters: You may not be explicitly notified at the start of every call that it is being recorded, and your recorded conversations are stored and could contain sensitive real estate or financial information....

By consenting to receive calls and text messages from Redfin, you allow both Redfin and its partners and affiliates to contact you with marketing messages, and standard message and data rates may apply....

Why it matters: Your consent covers not just Redfin but also its partners and affiliates, potentially resulting in marketing contacts from companies you didn't directly engage with....

California residents have specific rights under California privacy law, including the right to know what data is collected, request deletion, opt out of sale or sharing, and not be discriminated against for exercising these rights....

Why it matters: California law provides some of the strongest consumer privacy rights in the US, and Redfin is obligated to honor them — including the right to stop your data from being sold or shared with advertisers....

Even if you don't create an account, Redfin automatically collects data about you including your IP address, browser type, pages visited, properties viewed, cookies, and mobile advertising IDs....

Why it matters: Passive data collection begins the moment you visit Redfin's site, even without registering, meaning your browsing behavior and interests are tracked and can be used for advertising without you taking any active step....

Redfin retains your personal information for as long as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements — even after you update or delete account information....

Why it matters: Deleting or updating your account information does not guarantee that Redfin removes all records of your data, as they may retain original copies for legal or operational reasons....

If you sign into Redfin using Facebook, Twitter, or another social media account, Redfin may use the data those services provide to customize your experience and share your data with those platforms for targeted advertising....

Why it matters: Connecting your social media account to Redfin creates a data bridge between your real estate activity and social media profile, potentially enabling highly targeted advertising on those platforms....

If you are located in the EU, UK, or EEA, Figma transfers your personal data to the United States using Standard Contractual Clauses (SCCs) as the legal mechanism to protect that transfer....

Why it matters: Your data leaves the EU/UK and is subject to US law, which provides different privacy protections than European law — this is a significant consideration for enterprise users with compliance obligations....

If Figma is acquired, merges with another company, or sells its assets, your personal data may be transferred to the new owner as part of that deal....

Why it matters: A future acquisition could result in your data being controlled by an entirely different company with different privacy practices, without your consent being required....

California residents have specific rights under state law, including the right to know what data is collected, to delete it, to correct it, to opt out of its sale or sharing, and to not be discriminated against for exercising these rights....

Why it matters: California users have stronger legal protections than users in most other US states, and Figma is obligated to honor these rights upon request....

If you are in the EU or UK, you have rights under GDPR including the right to access your data, have it deleted, correct inaccuracies, restrict processing, receive a portable copy, and object to certain processing....

Why it matters: GDPR grants EU and UK users among the strongest data privacy rights in the world, and Figma must legally honor these requests in a timely manner....

Figma's services are not directed at children under the age of 16, and Figma states it does not knowingly collect personal data from users under 16....

Why it matters: If a minor under 16 uses Figma, their data may be collected without the legally required parental consent protections, creating both privacy and regulatory risk....

Figma retains your personal data for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements....

Why it matters: Figma does not commit to a specific deletion timeline, meaning your data could be retained indefinitely while your account is active and for an unspecified period after....

Players under 18 must have parental or guardian consent to use Riot Games services, and players under 13 (or the applicable age in their country) are not permitted to use the services at all....

Why it matters: Parents are legally responsible for monitoring their children's use of Riot Games, including any purchases made, and Riot may collect data on minors subject to COPPA and similar regulations....

If you create and share any content using Riot Games platforms — such as fan art, videos, or game clips — you grant Riot a broad, worldwide, royalty-free license to use, reproduce, and distribute that content....

Why it matters: Riot can use content you create for their own commercial and promotional purposes without paying you or seeking additional permission....

Riot Games reserves the right to change these Terms of Service at any time, and continued use of their services after changes are made constitutes your acceptance of the new terms....

Why it matters: Riot can materially change your rights and obligations without your explicit consent — simply continuing to play games means you agree to whatever new terms Riot has introduced....

You agree to defend and pay for any legal costs Riot Games incurs as a result of your use of their services, your violation of the Terms, or your infringement of third-party rights....

Why it matters: If your in-game behavior or content causes Riot to face a lawsuit or legal claim, you could be held personally liable for their legal fees and damages — even for unintentional violations....

Square retains your personal and financial data for a period after you close your account, citing legal, regulatory, and business purposes....

Why it matters: Closing your Square account does not immediately delete your data; Square may retain your financial records and personal information for extended periods....

Consumers have the right to request access to, deletion of, and correction of personal information Square holds about them....

Why it matters: You can ask Square to show you what data they have, delete it, or fix inaccuracies — these are important rights that give you more control over your personal information....

Square uses your payment and transaction data to improve its services, detect fraud, and develop new products, in addition to processing your payments....

Why it matters: Your financial transactions are used for purposes beyond just completing payments, including building Square's products and conducting analytics on your financial behavior....

California residents have specific rights under state law to know what personal data Plaid collects, request deletion of their data, and opt out of certain data sales or sharing....

Why it matters: California residents have stronger legal protections than users in most other states, including the right to see exactly what financial data Plaid holds about them and to demand it be deleted....

Companies and developers that use Plaid's API to build apps must follow Plaid's usage policies, which govern how they can use consumer financial data they receive through Plaid's infrastructure....

Why it matters: The rules Plaid imposes on its developer customers directly determine how safely your financial data is handled by the apps you connect to — if those rules are weak or unenforced, your data is at greater risk....

Plaid retains your financial data for defined periods and outlines under what circumstances it will delete data, including when you disconnect an app or submit a deletion request....

Why it matters: Even after you disconnect an app from your bank account, Plaid may retain copies of your financial data for a period of time, which consumers should be aware of....

Plaid or the apps using Plaid can terminate or suspend your access to services, and Plaid may discontinue connections between your bank account and specific applications....

Why it matters: If Plaid terminates your access or a developer's access, it can disrupt your ability to use financial apps that depend on Plaid for bank connectivity with little or no notice....

Developer customers using Plaid's API agree to indemnify and hold harmless Plaid from legal claims arising from their use of the platform or misuse of consumer data....

Why it matters: This shifts legal and financial liability away from Plaid and onto the app developers who use its services, which may affect how well-resourced your legal recourse is if a developer misuses your data....

When you visit Headspace's websites, they automatically collect information about you through cookies and other tracking tools, such as pixels and analytics scripts. You can control which cookies are used through the cookie settings on their websites....

Why it matters: Tracking technologies can collect detailed information about your browsing behavior across the web, including your interest in mental health topics, and this data may be shared with third parties....

Headspace gives all users — regardless of where they live — the right to request access to, deletion of, and corrections to their personal information. Additional rights may apply based on your location, such as California, EU, or UK-specific rights....

Why it matters: Having broad privacy rights regardless of your location means you can take control of your data, including requesting that Headspace delete your information even if you are not in a jurisdiction with legally mandated deletion rights....

Headspace's platform is generally intended for adults, and their services are not directed at children. There are limited exceptions depending on the specific product offering....

Why it matters: Parents should be aware that Headspace's standard services are not designed for children, and special considerations apply if a child accesses the platform through certain programs....

If your employer provides you access to Headspace, your use may be subject to additional privacy terms and notices, and your employer-related data sharing may be covered by separate agreements between Headspace and your employer....

Why it matters: Users accessing Headspace through their employer should understand that their employer may have visibility into certain usage data or that different privacy terms govern their access....

Headspace may transfer your personal data to other countries where data protection laws may differ from your own, and they use mechanisms like standard contractual clauses to make these transfers lawful under GDPR....

Why it matters: If you are in the EU or UK, your mental health and personal data may be transferred to countries with weaker privacy protections, and you should understand the legal safeguards in place....

Headspace keeps your personal information for as long as it is necessary for the purposes it was collected, and they apply appropriate security safeguards during that time. Retention periods may vary depending on the type of data and applicable legal requirements....

Why it matters: Knowing how long your sensitive mental health data is kept helps you understand your exposure — particularly if you stop using the service but your data persists....

Hinge uses your profile data, usage behavior, and technical data to show you personalized advertisements both on and off the app. You can control some of these settings, but targeted advertising is enabled by default....

Why it matters: Your dating behavior, preferences, and sensitive profile information may be used to build an advertising profile of you, which can be shared with third-party ad partners — raising significant privacy concerns given the sensitivity of dating app data....

Hinge uses automated systems and machine learning to recommend potential matches to you and to make other decisions about your experience on the app. Details about how this works are available in a separate FAQ....

Why it matters: Automated systems shape who you see and who sees you on Hinge, and EEA/UK users have the right under GDPR to contest automated decisions that significantly affect them....

Hinge collects your precise GPS location (latitude and longitude) from your device if you grant permission. Refusing permission means some location-based features will be unavailable....

Why it matters: Precise location data is highly sensitive and can reveal sensitive information about your daily routines, home address, workplace, and places of worship. On a dating app, it can also create safety risks if mishandled....

Hinge may ask you to submit a copy of your government-issued ID (such as a passport or driver's license) to verify your identity....

Why it matters: Submitting a government ID to a dating app means sharing one of the most sensitive documents you own — one that could be misused for identity theft if data were compromised in a breach....

If you live in the EEA, UK, or Switzerland, your personal data may be transferred to and processed in the United States, where privacy laws are different and may offer fewer protections than in your home country....

Why it matters: EEA and UK data protection laws require that your data only be sent to countries with equivalent privacy protections, and transfers to the US must be covered by specific legal safeguards such as Standard Contractual Clauses....

Hinge retains your personal data for as long as your account is active and for a period after you delete it. Certain data may be kept longer for legal or safety reasons, such as if you were involved in a reported safety incident....

Why it matters: Even after you delete your Hinge account, your personal data — including sensitive profile information and chat content — may be retained by the company for an unspecified additional period, limiting your ability to truly erase your digital footprint....