-
TaskRabbit
· TaskRabbit Privacy Policy
The policy notifies Canadian users that their personal information is stored on US-based servers and states that accepting the policy constitutes acknowledgment of this cross-border transfer....
Why it matters: This provision frames Canadian user consent to cross-border data transfer as implicit in accepting the privacy policy, which may require evaluation against Canadian privacy legislation governing cross-border transfers and accountability obligations....
-
TaskRabbit
· TaskRabbit Privacy Policy
The policy states that personal information is retained for as long as necessary to provide services and fulfill stated purposes, after which it will be deleted or deidentified, subject to legal obligations and applicable law....
Why it matters: The retention provision does not specify defined retention periods for any category of personal information, relying instead on general necessity language, which may require evaluation against GDPR data minimization and storage limitation principles requiring specific, documented retention schedules....
-
TaskRabbit
· TaskRabbit Terms of Service
The agreement states that all fees, including Task Payments and Taskrabbit's platform fees, are non-refundable unless expressly stated otherwise in the agreement. Specific refund conditions, if any, are set out in the incorporated Fees, Payments and Cancellation Supplemental Terms....
Why it matters: This provision establishes a default non-refundable fee policy applicable to all platform transactions. The practical scope of this policy depends on the contents of the incorporated Fees, Payments and Cancellation Supplemental Terms, which are not fully reproduced in this document....
-
TaskRabbit
· TaskRabbit Terms of Service
Taskrabbit grants users a limited, non-exclusive, non-transferable, and revocable license to access and use the platform and app for personal use only. The license is conditioned on compliance with the agreement and the Acceptable Use Policy, and users are prohibited from copying, reverse engineering, or retransmitting platform content without Taskrabbit's prior written consent....
Why it matters: This provision establishes the conditional and revocable nature of user access to the platform. The license is contingent on compliance with the agreement and the Acceptable Use Policy, meaning a violation of either document could result in revocation of platform access....
-
TaskRabbit
· TaskRabbit Terms of Service
The agreement states that Taskrabbit may terminate a user's agreement or restrict platform access for failure to maintain accurate account information, for posing a threat to platform safety and integrity, or for any other reasonable business concern. The terms do not specify a notice or cure period for these termination grounds....
Why it matters: This provision authorizes Taskrabbit to restrict or terminate user access based on a broadly defined reasonable business concern standard, without specifying advance notice requirements or a cure period. For Taskers who operate the platform as their primary business channel, termination without notice or opportunity to remedy creates material operational risk....
-
Monitoring
These provisions have changed before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
-
TaskRabbit
· TaskRabbit Terms of Service
The agreement states that Taskers may be subject to identity verification and criminal background checks conducted by third-party services as a condition of platform registration and ongoing use. Taskrabbit explicitly disclaims responsibility for the accuracy or reliability of background check results....
Why it matters: This provision establishes that background checks are conducted by third-party services and that Taskrabbit disclaims liability for their accuracy. Clients selecting Taskers based on background check status should note that the agreement simultaneously uses background check designations as informational signals while disclaiming any endorsement or guarantee of their reliability....
-
Tabnine
· Tabnine Privacy Policy
The policy authorizes sharing of user data including identifiers, usage data, and behavioral data with third-party analytics, advertising, and marketing service providers such as Google, HubSpot, LinkedIn, Hotjar, Microsoft Clarity, Reddit, and Twitter/X....
Why it matters: This provision authorizes a broad set of third-party data disclosures to advertising and analytics vendors whose tracking scripts are loaded on the Tabnine website. For EU users, this sharing may require valid cookie consent under the ePrivacy Directive and GDPR....
-
Tabnine
· Tabnine Privacy Policy
The policy provides California residents with a right to opt out of the sale or sharing of their personal information for behavioral advertising purposes, accessible via a designated link on the Tabnine website or by email....
Why it matters: This provision describes the opt-out mechanism available to California residents under CCPA as amended by CPRA. The operational availability and functionality of the designated opt-out link is a compliance requirement subject to California AG and CPPA enforcement....
-
Tabnine
· Tabnine Privacy Policy
The policy states that personal data transferred from the EU/EEA to third countries is protected through Standard Contractual Clauses (SCCs) as approved by the European Commission....
Why it matters: This provision establishes the legal transfer mechanism for cross-border data flows from the EU/EEA, which is a requirement under GDPR Chapter V. Enterprise customers should confirm that executed SCCs are in place and reflect the current 2021 EU Commission SCC templates....
-
Tabnine
· Tabnine Privacy Policy
The policy states that Tabnine collects telemetry data from plugin usage including feature interactions, usage frequency, performance metrics, and error logs, used for product improvement purposes....
Why it matters: This provision establishes that telemetry data is collected by default from plugin users. For enterprise deployments, the scope of telemetry collection and the ability to disable it at an organizational level is operationally significant for both privacy compliance and confidentiality management....
-
Tabnine
· Tabnine Privacy Policy
The policy states that personal data is retained for the duration necessary to provide services and meet legal obligations, after which Tabnine takes steps to delete or anonymize it, without specifying fixed retention periods for individual data categories....
Why it matters: The absence of specific retention periods for categories such as code snippet data, telemetry, and account information means users and enterprise customers cannot determine from the policy alone when their data will be deleted. GDPR's data minimization and storage limitation principles require that retention periods be defined and justified....
-
Whatnot
· Whatnot Privacy Policy
The policy discloses that Whatnot may sell or share personal information as defined under California law, and provides California residents the right to opt out via a designated link on the platform....
Why it matters: This provision requires Whatnot to maintain a functional opt-out mechanism for California residents and to accurately disclose which categories of personal information are sold or shared with advertising and analytics partners, as required under CCPA and CPRA....
-
Whatnot
· Whatnot Privacy Policy
The policy authorizes Whatnot to share personal information including behavioral and device data with advertising partners, analytics providers, and social media platforms for targeted advertising and usage analysis, with those third parties permitted to use tracking technologies across Whatnot and other websites....
Why it matters: This provision authorizes cross-site behavioral tracking via third-party advertising and analytics partners, which may constitute a 'sale' or 'sharing' of personal information under California law and triggers opt-out and disclosure obligations; it also engages ePrivacy and GDPR consent requirements for EU and UK users....
-
Whatnot
· Whatnot Privacy Policy
The policy states that Whatnot collects audio and video content from seller and user livestreams, along with session metadata including stream duration, viewer counts, and interaction data....
Why it matters: Collection of audiovisual content from livestreams constitutes collection of biometric-adjacent data in some jurisdictions and may engage state biometric privacy statutes; session and interaction metadata from livestreams can be used for behavioral profiling and platform personalization as described elsewhere in the policy....
-
Whatnot
· Whatnot Privacy Policy
The policy discloses that users in certain jurisdictions, including California and EU/UK, have rights to access, correct, delete, and obtain copies of their personal information, as well as rights to restrict processing, object to processing, and opt out of data sale or sharing....
Why it matters: This provision establishes the mechanism and scope of data subject rights available under CCPA, CPRA, GDPR, and UK GDPR, and the operational availability of these rights depends on Whatnot's implementation of request intake, verification, and response workflows....
-
Whatnot
· Whatnot Privacy Policy
The policy states that Whatnot does not direct its services to children under 13 and does not knowingly collect their personal information; if such data is identified, the policy states it will be deleted....
Why it matters: This provision asserts COPPA compliance by excluding users under 13 from the platform and committing to deletion of inadvertently collected data from that age group; the operational adequacy of age verification mechanisms determines the practical effect of this commitment....
-
Whatnot
· Whatnot Privacy Policy
The policy discloses that personal information may be transferred to and processed in countries outside the user's country of residence, including countries with different data protection standards, and asserts that appropriate safeguards have been implemented....
Why it matters: This provision addresses cross-border data transfers, which for EU and UK users require specific transfer mechanisms under GDPR and UK GDPR; the policy's reference to 'appropriate safeguards' without specifying the mechanism (such as standard contractual clauses or adequacy decisions) leaves the specific legal basis for transfers unspecified in the publicly available policy text....
-
OpenRouter
· OpenRouter Acceptable Use Policy
The policy states that users are subject not only to OpenRouter's AUP but also to the terms of use of the individual upstream AI model providers whose models are accessed through the platform....
Why it matters: This provision creates a dynamic compliance dependency whereby the effective terms governing a user's platform access may change when upstream model providers update their own policies, without requiring a corresponding update to the OpenRouter AUP....
-
OpenRouter
· OpenRouter Acceptable Use Policy
The policy prohibits using the platform to generate content designed to systematically deceive or manipulate individuals, including the creation of coordinated inauthentic behavior, disinformation campaigns, or impersonation at scale....
Why it matters: This provision establishes a content moderation obligation that engages FTC guidelines on deceptive practices and may interact with emerging platform accountability frameworks in the EU and US regarding AI-generated disinformation....
-
OpenRouter
· OpenRouter Acceptable Use Policy
The policy states that OpenRouter reserves the right to suspend or terminate accounts that violate the Acceptable Use Policy, with or without prior notice depending on the severity of the violation....
Why it matters: This provision establishes the enforcement mechanism for the policy's prohibited use categories and creates the primary operational consequence for non-compliance, which affects continued platform access for both users and operators....
-
Telegram
· Telegram Privacy Policy
The policy states that messages, photos, videos, and documents in cloud chats are stored on Telegram servers in encrypted form, with encryption keys held by Telegram across multiple data centers. This is distinct from secret chats, which use end-to-end encryption and are not stored server-side....
Why it matters: This provision establishes that cloud chat content is retained by Telegram in a form that Telegram controls, meaning it is technically accessible to Telegram and potentially subject to compelled legal disclosure. The policy separately confirms that law enforcement requests may result in disclosure of IP address and phone number, though the policy does not explicitly state whether cloud chat content could be disclosed under a broader or different legal order....
-
Telegram
· Telegram Privacy Policy
The policy states that Telegram may disclose a user's IP address and phone number to law enforcement upon receipt of a valid judicial order confirming the user is a suspect in criminal activity that violates the Terms of Service, subject to Telegram's own legal analysis. Disclosures are reported quarterly in a public transparency report....
Why it matters: This provision defines the scope of data Telegram commits to disclosing under law enforcement orders as limited to IP address and phone number, and conditions disclosure on both a valid judicial order and a Terms of Service violation finding. The quarterly transparency reporting mechanism provides a public audit trail of disclosure events....
-
Telegram
· Telegram Privacy Policy
The policy states that message text may be shared with Google LLC or Microsoft Corporation when users request translation, and audio data from voice and video messages may be shared with Google LLC when users request transcription (a Telegram Premium feature). Both are described as user-initiated, restricted-purpose data transfers under agreements that prohibit secondary use by the third parties....
Why it matters: This provision discloses that message content and audio data are transmitted to Google LLC and Microsoft Corporation for user-requested features. The policy asserts contractual restrictions on secondary use by those companies, though users depend on Telegram's enforcement of those contractual terms....
-
Telegram
· Telegram Privacy Policy
The policy states that personal data may be shared with Telegram's parent company and affiliated entities in the British Virgin Islands and Dubai for service provision and improvement purposes. The stated transfer safeguard is Standard Contractual Clauses approved by the European Commission....
Why it matters: This provision establishes that user personal data is shared across Telegram's corporate group, including entities in jurisdictions without an EU adequacy decision, relying on Standard Contractual Clauses as the transfer mechanism. The adequacy of SCCs for transfers to the BVI and UAE requires ongoing assessment under GDPR guidance....
-
Telegram
· Telegram Privacy Policy
The policy states that metadata including IP address, device identifiers, Telegram app usage history, and username change history may be collected for security and anti-spam purposes and retained for a maximum of 12 months....
Why it matters: This provision establishes the categories and maximum retention period for security-related metadata. The retention of IP addresses for up to 12 months is the data category disclosed as subject to potential law enforcement disclosure under section 8.3....
-
X
· X Ads Policies
The policy places full responsibility on advertisers for ensuring their ads comply with all applicable laws and regulations in every market where their campaigns run, including requirements for honesty and safety....
Why it matters: This provision requires advertisers to independently verify legal compliance across every jurisdiction where their ads are served, without X providing jurisdiction-specific legal clearance or guidance. The operational implication is that advertisers running multi-market campaigns bear the compliance burden for all applicable national, regional, and local advertising regulations....
-
X
· X Ads Policies
The policy establishes categories of content that X will not permit in paid advertising under any circumstances, including ads for illegal products or services, deceptive content, and certain weapons-related content, among others referenced in the policy's linked detail pages....
Why it matters: This provision establishes the absolute limits of permissible advertising content on X; campaigns containing prohibited content are subject to rejection or removal, and accounts submitting prohibited content may face suspension from the advertising platform....
-
X
· X Ads Policies
Certain categories of advertising content, including alcohol, gambling, financial products, pharmaceutical products, and political advertising, require prior written approval from X before campaigns may run, with availability varying by country....
Why it matters: This provision requires advertisers in regulated categories to complete an approval process with X before launching campaigns, creating a procedural prerequisite for campaign eligibility; the absence of defined approval timelines in this document creates potential operational uncertainty for time-sensitive campaigns....
-
X
· X Ads Policies
X reserves discretion to determine whether an advertiser account meets eligibility criteria to participate in the X Ads platform, and may find accounts ineligible for reasons described in linked external documentation; the policy also describes an offboarding process for accounts that no longer meet eligibility requirements....
Why it matters: This provision establishes that access to X's advertising platform is conditional on ongoing eligibility determinations made by X; the document does not specify binding procedural guarantees for eligibility review timelines or appeals, which creates operational uncertainty for advertisers dependent on the platform for campaign delivery....
-
Zillow
· Zillow Privacy Notice
The policy discloses that sharing personal information with advertising partners may qualify as a 'sale' or 'sharing' under California law, and provides opt-out mechanisms via a footer link and app settings....
Why it matters: This provision establishes Zillow's compliance with CCPA/CPRA opt-out obligations and operationalizes the consumer right to halt advertising-related data transfers classified as sales or sharing under California law....
-
Zillow
· Zillow Privacy Notice
The policy enumerates categories of personal information collected, including identifiers, financial data, precise geolocation, device information, communications content, and inferred profile data derived from collected information....
Why it matters: This provision establishes the scope of Zillow's data collection across its platforms and is foundational to evaluating the company's obligations under CCPA/CPRA, which requires disclosure of collected categories and their purposes....
-
Zillow
· Zillow Privacy Notice
The policy authorizes disclosure of personal information to advertising and analytics partners for targeted advertising, campaign measurement, and personalization, using cookies and tracking technologies across Zillow properties and third-party sites....
Why it matters: This provision establishes the legal and operational basis for cross-context behavioral advertising using Zillow user data, and is directly relevant to CCPA/CPRA opt-out obligations and FTC guidance on online tracking....
-
Zillow
· Zillow Privacy Notice
The policy discloses collection of precise geolocation data for service delivery, connection with real estate professionals, and advertising purposes, subject to user consent where required....
Why it matters: Precise geolocation is classified as sensitive personal information under CPRA and several other state privacy frameworks, triggering heightened use limitation and opt-out rights beyond those applicable to general personal information....
-
Verizon
· Verizon Privacy Policy
Verizon uses network data and other information to generate aggregate reports on foot traffic patterns, demographic trends, and related business intelligence, which are then shared with or sold to third-party business and government customers. The policy states that the data used is aggregated and not individually identifiable....
Why it matters: This provision establishes a data monetization mechanism through which Verizon derives and sells aggregate insights derived from customer network behavior. The deidentification and aggregation standards applied, and whether the resulting products could permit re-identification, are material compliance considerations for assessing whether this constitutes a sale of personal information under applicable state privacy law....
-
Verizon
· Verizon Privacy Policy
The policy authorizes Verizon to share personal information with service providers, advertising companies, and business partners that assist in service delivery and advertising operations. Service providers are stated to be restricted from using personal information for their own marketing, while advertising company sharing is disclosed as a distinct category....
Why it matters: This provision establishes the contractual framework for third-party data sharing with advertising partners, which is directly relevant to CCPA/CPRA sale and sharing definitions and to the adequacy of consumer opt-out rights for cross-context behavioral advertising....
-
Verizon
· Verizon Privacy Policy
The policy grants California residents rights under CCPA and CPRA including access, deletion, correction, opt-out of sale or sharing, and limitation of sensitive personal information use, with a stated non-discrimination commitment for exercising these rights....
Why it matters: This provision establishes the operational framework for California statutory privacy rights, including the right to opt out of sale or sharing of personal information for advertising purposes, which is directly relevant to the Custom Experience and advertising data sharing programs described elsewhere in the policy....
-
Verizon
· Verizon Privacy Policy
The policy states that Verizon does not knowingly collect personal information from children under 13 without parental consent, and does not knowingly collect personal information about customers' children without parental consent....
Why it matters: This provision establishes the stated compliance posture under the Children's Online Privacy Protection Act for online data collection from minors. The 'knowingly' qualifier is standard COPPA framing and limits the obligation to situations where Verizon has actual knowledge of a user's age....
-
Verizon
· Verizon Privacy Policy
The policy states that Verizon processes the Global Privacy Control browser signal as an opt-out of sale or sharing of personal information for residents of states that legally require GPC recognition. The technical implementation in the page source confirms GPC detection logic is present....
Why it matters: This provision establishes Verizon's stated approach to automated opt-out signals, which is a compliance requirement under CPRA for California residents and under similar statutes in other states. The qualifying language 'where Verizon is able to do so' and 'for residents of states that require recognition' introduces scope limitations that compliance teams should evaluate....
-
Uber
· Uber Terms of Use
The agreement authorizes Uber to apply variable and surge pricing during high-demand periods, with the stated obligation to use reasonable efforts to notify users of applicable charges. Users are responsible for all charges incurred under their account regardless of pricing level....
Why it matters: This provision establishes that pricing is not fixed and may increase substantially during high-demand periods, with Uber's obligation limited to reasonable notification efforts rather than explicit pre-transaction consent for each surge price. The user's account-level responsibility for all charges applies regardless of the pricing mechanism in effect at the time of the transaction....
-
Uber
· Uber Terms of Use
The agreement authorizes Uber to charge cancellation fees if a user cancels a service request before the service begins, and no-show fees if the user fails to appear for a scheduled service. These charges are applied to the stored payment method on the account....
Why it matters: This provision establishes that cancellation or non-appearance triggers an automatic fee charge to the user's stored payment method. The specific fee amounts are not detailed in the master terms and are subject to Uber's current fee schedule, which may be updated independently....
-
Uber
· Uber Terms of Use
Users who submit content to Uber's platform grant Uber a worldwide, royalty-free, sublicensable license to use, reproduce, modify, distribute, and publicly display that content in connection with operating and providing the services. This license is non-exclusive, meaning users retain ownership of their content....
Why it matters: This provision establishes that user-submitted content, which may include reviews, photos, and communications, is licensed to Uber for broad use in connection with its services. The sublicense right allows Uber to extend this license to third parties involved in service delivery....
-
Uber
· Uber Terms of Use
Uber reserves the right to modify these terms at any time by posting an updated version on its website or app. Continued use of the services after the posting of changes constitutes acceptance of the modified terms....
Why it matters: This provision establishes that Uber can update the contractual terms governing service use without obtaining affirmative re-consent from users, with continued use of the platform treated as acceptance. The mechanism by which users are notified of changes is described as posting on the website or app rather than direct communication....
-
Uber
· Uber Terms of Use
Uber may terminate a user's access to the platform or specific services immediately and without prior notice based on its sole discretion, including for violations of the terms, perceived risk to Uber or third parties, or potential legal liability....
Why it matters: This provision establishes that account termination can occur without advance notice and based on Uber's unilateral assessment of risk or potential liability, which includes circumstances beyond direct violations of stated rules. The sole discretion standard means users have limited procedural protections against sudden account suspension....
-
Uber
· Uber Terms of Use
The agreement specifies Delaware law as the governing law and designates federal or state courts in San Francisco, California as the exclusive venue for legal proceedings, with California courts having exclusive jurisdiction over non-arbitrated claims....
Why it matters: This provision establishes the legal framework and venue applicable to disputes that proceed outside arbitration, including any claims by users who have opted out of the arbitration clause. The choice of Delaware law and California venue may affect the procedural rights available to users in other jurisdictions....
-
OpenAI
· OpenAI Enterprise Privacy
The document states that data submitted through the API and ChatGPT Enterprise, including inputs and outputs, is not used to train OpenAI's models by default, distinguishing enterprise terms from standard consumer ChatGPT terms....
Why it matters: This provision directly affects enterprise customers' data minimization posture and their ability to represent AI data governance to regulators and auditors. The default exclusion from model training is a foundational representation that organizations should verify is active for their specific account configuration and contractually documented in an executed agreement....
-
OpenAI
· OpenAI Enterprise Privacy
The document asserts that OpenAI is a CCPA service provider for enterprise and API customers, which under California law means OpenAI is contractually prohibited from using personal data for purposes other than performing the contracted services, and may not sell or share it for cross-context behavioral advertising....
Why it matters: The service provider designation under CCPA has direct implications for enterprise customers' compliance obligations: if OpenAI qualifies as a service provider, its processing is excluded from the definition of a sale or share under the CCPA, and customers can represent to their own users that data shared with OpenAI is covered by service provider restrictions. The designation must be reflected in a written contract to be legally operative....
-
OpenAI
· OpenAI Enterprise Privacy
The document states that API conversation data is not retained beyond 30 days by default except for safety purposes, while ChatGPT Enterprise stores conversations with administrator-level controls for data management and deletion....
Why it matters: Data retention terms directly affect enterprise customers' compliance with GDPR storage limitation principles, CCPA deletion rights obligations, and internal data governance policies. The distinction between API retention (30-day default) and ChatGPT Enterprise retention (stored with admin controls) creates different compliance profiles for the two product tiers....
-
OpenAI
· OpenAI Enterprise Privacy
The document states that OpenAI uses third-party sub-processors in delivering its services and maintains a sub-processor list, with a commitment to notify customers of additions or changes to sub-processors....
Why it matters: GDPR Article 28 requires processors to obtain controller authorization before engaging sub-processors and to impose equivalent data protection obligations on them. The sub-processor notification mechanism is operationally significant for enterprise customers who must evaluate whether new sub-processors affect their own compliance posture or require updated data transfer assessments....
-
Minecraft
· Minecraft Privacy Statement
The policy authorizes sharing of personal data collected through Minecraft services with Microsoft affiliates and third-party service providers for purposes including service operation, analytics, safety, and other disclosed purposes. The scope of affiliate sharing reflects Minecraft's integration into Microsoft's corporate infrastructure following the acquisition of Mojang Studios....
Why it matters: This provision establishes that Minecraft user data, including account identifiers, gameplay data, and device information, may be processed across Microsoft's global affiliate network. Compliance teams should evaluate whether the categories of data shared with affiliates and the purposes for which sharing occurs are disclosed with sufficient specificity to meet GDPR transparency requirements....
-
Minecraft
· Minecraft Privacy Statement
The policy discloses that Minecraft collects categories of personal data including account identifiers (such as gamertag and Microsoft account data), device information, IP address, gameplay activity and usage data, and communications made through the platform. Collection occurs through gameplay, website interaction, and account registration....
Why it matters: This provision establishes the scope of data collection across Minecraft services. The integration of Microsoft account data means that Minecraft-specific data collection is linked to Microsoft's broader account ecosystem, which may include cross-service data associations depending on account configuration....