Provisions Index

The policy establishes rights for EU residents under GDPR, UK residents under UK GDPR, and California residents under CCPA/CPRA to access, correct, delete, or restrict processing of their personal data, and to lodge complaints with relevant supervisory authorities. These rights are exercised through Microsoft's privacy request mechanisms....

Why it matters: This provision establishes the procedural mechanisms through which users in regulated jurisdictions can exercise their statutory privacy rights in relation to Minecraft data. The rights are administered through Microsoft's centralized privacy infrastructure, meaning request processing is governed by Microsoft's enterprise data subject request procedures....

View provision → Watch Minecraft →

The policy addresses retention periods for personal data collected through Minecraft services and the process for requesting account closure and associated data deletion. Account and data deletion is administered through Microsoft's account management tools....

Why it matters: This provision establishes the conditions under which personal data collected through Minecraft is retained and the mechanism for requesting its deletion, which is operationally relevant for users who discontinue use of the service and for compliance with GDPR Article 5(1)(e) storage limitation requirements....

View provision → Watch Minecraft →

The policy states that Meta does not permit users under 13 years of age (or a higher age threshold in certain jurisdictions) to use Meta's covered products, and that Meta does not knowingly collect personal information from users below the applicable age threshold....

Why it matters: This provision establishes the stated age restriction framework for Meta's products and the policy's asserted exclusion of child personal data collection, with the applicable minimum age varying by jurisdiction....

View provision → Watch Meta Ads →

The policy states that users have rights to access, correct, export, and delete their personal data, and to object to or restrict certain processing, with those rights subject to limitations including legal retention obligations and third-party rights....

Why it matters: This provision establishes the user-facing rights framework Meta asserts is available under applicable privacy law, while disclosing that those rights may be limited by competing legal obligations, Meta's own rights, or third-party interests....

View provision → Watch Meta Ads →

The policy states that Meta collects location data including precise device location (where permitted), IP-based location, and location inferred from user activity such as check-ins and events, and uses this data across the purposes described in the policy including advertising....

Why it matters: This provision establishes that Meta collects multiple categories of location data, ranging from precise GPS-level device location to inferred location from social activity, and applies this data to advertising and personalization purposes across Meta's products....

View provision → Watch Meta Ads →

The policy states that Meta retains personal data for as long as needed to provide services, comply with legal obligations, or protect its interests, with retention periods determined on a case-by-case basis according to the criteria listed....

Why it matters: This provision establishes that Meta does not apply fixed retention periods across data categories but instead determines retention duration on a case-by-case basis, with 'protection of interests' and 'other legitimate purposes' included as open-ended retention justifications alongside legal obligations and service delivery....

View provision → Watch Meta Ads →

The agreement reserves RapidAPI's right to modify platform terms, subscription pricing, and API access tier conditions, typically with notice to users, and continued use of the platform following such modifications constitutes acceptance of updated terms....

Why it matters: This provision establishes a mechanism by which RapidAPI may alter the financial and operational conditions of platform access without requiring affirmative user consent, conditioning acceptance on continued platform use....

View provision → Watch RapidAPI →

The agreement asserts that users, including API providers who list their APIs on the marketplace, grant RapidAPI a license to use, display, and distribute submitted content and API listings through the platform....

Why it matters: This provision establishes a license grant from API providers to RapidAPI covering content submitted to the marketplace, which may include API documentation, specifications, and promotional materials, and the scope of that license affects how providers control the presentation and distribution of their intellectual property....

View provision → Watch RapidAPI →

The agreement establishes an acceptable use policy that defines prohibited activities on the platform, including unauthorized API access, scraping, resale of API access without authorization, and use of the platform for illegal purposes....

Why it matters: This provision defines the behavioral conditions under which account suspension or termination may be triggered, and its scope determines the operational boundaries for both API consumers and API providers using the platform....

View provision → Watch RapidAPI →

The agreement limits RapidAPI's aggregate liability to users, typically capping damages at the amount paid by the user in the preceding months, and excludes liability for indirect, incidental, or consequential damages....

Why it matters: This provision establishes the contractual ceiling on financial recovery available to users in the event of platform failure, API unavailability, or data loss, which is operationally significant for businesses that depend on RapidAPI-brokered APIs for revenue-generating services....

View provision → Watch RapidAPI →

The agreement establishes the governing law applicable to disputes arising from platform use, typically designating a US state jurisdiction, and may include provisions for mandatory arbitration or class action waiver for dispute resolution....

Why it matters: This provision determines the forum and legal framework under which disputes between users and RapidAPI are resolved, and any mandatory arbitration or class action waiver clause affects the procedural options available to users who have claims against the platform....

View provision → Watch RapidAPI →

The agreement authorizes RapidAPI to collect usage data, account information, and API call metadata from users operating on the platform, and may use this data for platform operation, analytics, and service improvement purposes....

Why it matters: This provision establishes the data collection permissions applicable to platform users, including developers and API providers, covering usage telemetry, account identifiers, and API transaction metadata, which is relevant to data protection compliance obligations for business users....

View provision → Watch RapidAPI →

The agreement establishes conditions under which API providers may list and monetize their APIs through the RapidAPI marketplace, including compliance with listing requirements, pricing disclosure obligations, and revenue share or commission arrangements with RapidAPI....

Why it matters: This provision governs the commercial and operational conditions for API providers participating in the marketplace, including any commission or revenue share structure that affects provider monetization, and the compliance requirements that determine continued listing eligibility....

View provision → Watch RapidAPI →

The page source contains initialization code for a Privacy SDK that includes a Global Privacy Control (GPC) signal processing configuration, with a linked privacy policy at /Privacy-Security-Policy-a-282.html. The SDK conditionally loads third-party advertising and analytics scripts based on consent state....

Why it matters: This provision indicates that Shein's consent management infrastructure is configured to recognize Global Privacy Control signals, which under the CPRA may constitute a valid opt-out of sale or sharing of personal information for California residents. The operational scope and compliance adequacy of this mechanism cannot be fully assessed from the submitted page source alone....

View provision → Watch Shein →

The policy states that Acorns automatically collects device identifiers, operating system and browser data, in-app and web usage activity, IP address-based location, and precise geolocation when permitted, along with data gathered through cookies, web beacons, and similar tracking technologies....

Why it matters: This provision establishes automated collection of behavioral, device, and location data through tracking technologies in addition to user-provided financial data, creating a dataset that may be used for advertising and analytics purposes as described elsewhere in the policy....

View provision → Watch Acorns →

The policy discloses that California residents have CCPA rights to request disclosure of collected personal information categories and specific pieces, to request deletion of their personal information, to opt out of the sale or sharing of personal information, and to be free from discrimination for exercising those rights....

Why it matters: This provision establishes operative consumer rights under CCPA and CPRA for California residents, creating enforceable obligations for Acorns to respond to rights requests and to provide a functional opt-out-of-sale-and-sharing mechanism....

View provision → Watch Acorns →

The policy states that Acorns' general services are not directed at children under 13 and that the company does not knowingly collect personal information from such children, while separately acknowledging that the Acorns Early product involves accounts established by adults for minor beneficiaries....

Why it matters: The policy's acknowledgment that Acorns Early involves minor beneficiaries, alongside the general COPPA disclaimer, creates a compliance distinction requiring assessment of whether and what data is collected in connection with minor beneficiaries through that product and whether parental consent mechanisms satisfy COPPA's requirements....

View provision → Watch Acorns →

GitHub reserves the right to remove content or suspend account access for any violation of the Acceptable Use Policies, with no stated prior-notice requirement or mandatory appeal procedure specified in this document....

Why it matters: This provision establishes GitHub's unilateral enforcement authority over all hosted content and accounts, which creates a material platform-dependency risk for developers, organizations, and businesses whose operational workflows rely on GitHub's infrastructure, as access may be suspended without a contractually guaranteed notice or reinstatement timeline....

View provision → Watch GitHub →

The agreement prohibits using GitHub's servers for cryptocurrency mining, excessive automated bulk activity, or any form of unsolicited advertising relay, characterizing these as placing undue burden on GitHub's infrastructure....

Why it matters: This provision directly restricts the use of GitHub Actions and other compute resources for cryptomining or automated bulk operations, which is operationally significant for DevOps teams and organizations running automated pipelines that may inadvertently approach the boundary of this prohibition....

View provision → Watch GitHub →

The agreement prohibits posting content that infringes patents, trademarks, trade secrets, copyrights, rights of publicity, or other proprietary rights, covering the full range of intellectual property categories....

Why it matters: This provision establishes user obligations regarding intellectual property across all content posted to GitHub, and violations may trigger content removal or account suspension under GitHub's DMCA takedown process and the broader AUP enforcement authority....

View provision → Watch GitHub →

The agreement prohibits uploading, hosting, or transmitting malicious code, and also prohibits using GitHub infrastructure as part of any system designed to deliver or amplify cyberattacks, including command-and-control infrastructure....

Why it matters: This provision prohibits not only direct malware hosting but also the use of GitHub repositories or infrastructure as attack support systems, which has particular relevance for security researchers whose dual-use tools or proof-of-concept exploit code may be assessed under this restriction....

View provision → Watch GitHub →

The agreement prohibits posting another person's personal information without their consent, characterizing such conduct as a privacy violation subject to enforcement under the AUP....

Why it matters: This provision establishes a consent-based standard for posting third-party personal information, which has operational significance for repositories that include user-generated data, research datasets, or scraped data that may contain personal identifiers....

View provision → Watch GitHub →

The agreement prohibits users under 13 from using GitHub's services and states that GitHub will terminate accounts of users determined to be under 13 immediately upon discovery....

Why it matters: This provision establishes a minimum age requirement consistent with COPPA obligations and authorizes immediate account termination for underage users, which is operationally relevant for educational institutions and organizations that facilitate student access to GitHub....

View provision → Watch GitHub →

The agreement prohibits posting information that is unlawful or that facilitates illegal activities, applying this restriction broadly across all content types and user contexts on the platform....

Why it matters: This provision establishes a broad prohibition on unlawful content that supplements the specific categorical prohibitions elsewhere in the AUP, and its broad framing means that the scope of prohibited content depends on applicable law in the user's jurisdiction, which may vary significantly across geographies....

View provision → Watch GitHub →

The agreement includes a section governing user information and user generated content, under which users grant SIE a license to content they submit or generate through PlayStation Services. The specific license scope, including royalty-free and sublicensable terms, is addressed in Section 6 of the agreement....

Why it matters: This provision establishes the scope of the license SIE holds over content users create or submit through PlayStation Services, including potential sublicensability and royalty-free terms. The breadth of the license grant affects user rights to their own created content across PlayStation platform features....

View provision → Watch Sony PlayStation →

The agreement states that continued use of PlayStation Services after notification of a change to the Terms constitutes acceptance of the amended Terms. Users who do not agree to the updated Terms are unable to access or use PlayStation Services....

Why it matters: This provision establishes that SIE may amend the Terms and that continued use of Services constitutes acceptance of amendments, without requiring affirmative re-consent. The mechanism applies to all material changes to the agreement, including changes to dispute resolution, data practices, and content license terms....

View provision → Watch Sony PlayStation →

The agreement requires that users under 18 have a parent or guardian review and agree to the Terms on their behalf, and that the parent or guardian accepts all liability for the minor's actions on PlayStation Services and compliance with the Terms....

Why it matters: This provision establishes that parents or legal guardians bear contractual liability for child users' actions on PlayStation Services. The agreement also references Child Account functionality and parental control features governed in Section 4, which are directly relevant to COPPA compliance for users under 13....

View provision → Watch Sony PlayStation →

Section 17 of the agreement contains warranty disclaimers and limitations on SIE's liability for PlayStation Services, which is standard in consumer platform agreements but operationally significant for users experiencing service disruptions or content access issues....

Why it matters: This provision limits the remedies available to users for service failures, content inaccessibility, or other platform issues. The interaction of the warranty disclaimer with the account suspension and digital content access loss provisions is particularly relevant to users who have made purchases through the PlayStation Store....

View provision → Watch Sony PlayStation →

Section 7 governs the PlayStation Virtual Wallet, which holds funds used for purchases on the PlayStation Store. The terms applicable to deposits, withdrawals, and the use of wallet funds for digital content purchases are addressed in this section....

Why it matters: The Virtual Wallet provision governs the financial mechanism through which users fund PlayStation Store purchases, including the conditions under which wallet balances may be used, forfeited, or made inaccessible. The interaction of wallet terms with account suspension provisions is operationally significant for users with outstanding wallet balances at the time of suspension....

View provision → Watch Sony PlayStation →

Section 15 establishes the governing law and jurisdiction applicable to disputes under the agreement. For US users, California law and jurisdiction are standard for consumer agreements of this type, though the specific governing law and venue provisions are addressed in that section....

Why it matters: The governing law provision determines which state's substantive law applies to interpretation and enforcement of the agreement and which courts have jurisdiction over disputes that are not resolved through arbitration. This is operationally significant for non-California users whose local laws may differ materially....

View provision → Watch Sony PlayStation →

The Privacy SDK deployed on the Shein US privacy notice page is configured with GPC support enabled (enableGpcSdk: true), linking GPC settings to the Shein Privacy and Security Policy. This configuration indicates the platform is set up to recognize and process Global Privacy Control browser signals....

Why it matters: Under CPRA regulations effective January 2023, businesses subject to California privacy law are required to treat a valid GPC signal as a consumer's opt-out of sale and sharing of personal information. This provision documents that the Shein platform has technically configured GPC signal processing, which is an operationally significant compliance mechanism for California-based users....

View provision → Watch Shein →

The Shein US privacy notice page loads advertising and analytics tracking scripts from Taboola, Google Tag Manager (property DC-15299257), four distinct Snapchat pixel configurations, Outbrain, and Pinterest. These scripts are conditionally loaded based on the privacy consent SDK state, as indicated by the data-sheinprivacytype attribute pattern on each script tag....

Why it matters: The deployment of seven or more advertising and analytics tracking integrations on the privacy notice page engages CCPA and CPRA definitions of sale and sharing of personal information with third parties. The data-sheinprivacytype attribute on each script tag indicates these integrations are subject to the consent management SDK, which is operationally significant for compliance with opt-out of sale and sharing obligations....

View provision → Watch Shein →

The platform deploys a proprietary one-shot identifier system (GLOBAL_SN_OEST) that generates and manages a UUID-based user identifier stored in both cookies and localStorage, with a configured expiry of 400 days. The identifier is synchronized with server-side records via a POST request to /bff-api/user-api/init_info/update_oneshot and is encoded using base64 with timestamp embedding....

Why it matters: The OEST system establishes a persistent cross-session user identifier stored in both cookies and localStorage with a 400-day expiry, which is operationally relevant to how user identity is maintained across sessions and to the completeness of any data deletion or opt-out request, as the identifier persists in localStorage even when cookies are cleared....

View provision → Watch Shein →

Advertisers are required to indemnify LinkedIn against all third-party claims, damages, losses, and legal costs arising from their ads, landing page destinations, advertised products or services, use of the ad services, or breach of the agreement, even where LinkedIn has reviewed or approved the ad....

Why it matters: This provision establishes a unilateral indemnification obligation on advertisers covering all third-party claims related to ad content and destinations, irrespective of LinkedIn's review or approval of the ad. Agencies accepting the agreement on behalf of advertiser clients should assess whether this indemnification obligation is consistent with their underlying agency agreements....

View provision → Watch LinkedIn →

Advertisers grant LinkedIn a worldwide, royalty-free, sublicensable, and transferable license to use, copy, modify, distribute, and publish ad content for testing, compliance, service improvement, and LinkedIn's own marketing purposes. LinkedIn may retain and publicly display ads and associated targeting and performance data after a campaign concludes or the agreement terminates....

Why it matters: This provision authorizes LinkedIn to use advertiser ad content for LinkedIn's own marketing and promotional purposes and to retain and display that content along with targeting parameters and audience size data after the campaign or agreement ends. The sublicensable and transferable nature of the license means LinkedIn may authorize third parties to use this content....

View provision → Watch LinkedIn →

LinkedIn retains the right to reject, remove, or not deliver any ad at any time for any reason, and may discontinue, modify, or terminate the Ad Services or an advertiser's access at its sole discretion, including for credit approval reasons. LinkedIn also reserves the right to compete in its own ad auctions....

Why it matters: This provision establishes that LinkedIn has unilateral authority to reject ads, suspend advertiser access, and modify or discontinue the Ad Services without stated advance notice, and that LinkedIn may participate as a competing bidder in its own auction system. Advertisers should assess the operational dependency this creates for campaigns relying on LinkedIn as a primary or exclusive advertising channel....

View provision → Watch LinkedIn →

The agreement caps each party's total liability to the other at five times the total fees paid or payable in the one-month period preceding the liability-triggering event, or USD $100.00, whichever is greater. Neither party is liable for lost profits, lost business opportunities, data loss, or indirect, incidental, consequential, special, or punitive damages....

Why it matters: This provision establishes a mutual damages cap that, in practice, may result in very low absolute liability limits for advertisers with modest monthly ad spend. The carve-outs for payment, confidentiality, indemnification, fraud, gross negligence, intentional misconduct, personal injury, and IP violations are noted in Section 8 of the agreement....

View provision → Watch LinkedIn →

The agreement incorporates LinkedIn's Data Processing Agreement and Standard Contractual Clauses for any processing of EU personal data under the agreement, and LinkedIn commits to updating the Standard Clauses as required by EU law. The incorporated DPA governs the controller and processor relationship between advertisers and LinkedIn for personal data processed through the Ad Services....

Why it matters: This provision establishes the contractual framework for GDPR-compliant personal data transfers and processing through the LinkedIn Ad Services, incorporating the DPA and Standard Contractual Clauses by reference. The provision also states that LinkedIn will update the Standard Clauses as required by EU law, which is relevant for ongoing compliance with post-Schrems II transfer requirements....

View provision → Watch LinkedIn →

For agencies approved for monthly invoicing, payment liability to LinkedIn is conditioned on the agency having received payment from the advertiser client, a structure the agreement terms Sequential Liability. If the agency cannot confirm its authorized relationship with the advertiser or if applicable law prohibits Sequential Liability, the agency becomes directly liable for all ad service orders....

Why it matters: This provision establishes a conditional payment liability structure for agencies that is available only to those approved for monthly invoicing. The agency's ability to rely on Sequential Liability depends on maintaining documented confirmation of its authorized relationship with the advertiser and the absence of applicable laws prohibiting this structure....

View provision → Watch LinkedIn →

The agreement requires that disputes between customers and W&B be resolved through individual binding arbitration administered by JAMS rather than through court litigation, and prohibits class or representative proceedings. Customers who wish to opt out may do so by providing written notice within 30 days of first accepting the agreement....

Why it matters: This provision requires disputes to proceed through individual JAMS arbitration rather than court, and the class action waiver means customers cannot bring or join class proceedings against W&B. The 30-day opt-out window creates a time-sensitive procedural step for customers who wish to preserve litigation rights....

View provision → Watch Weights & Biases →

The agreement caps each party's total liability for claims arising under the agreement at the fees paid by the customer in the 12 months preceding the incident, and excludes lost profits, data loss, business interruption, and indirect or consequential damages from recoverable losses....

Why it matters: This provision establishes a financial ceiling on W&B's liability tied to trailing 12-month fees, which for organizations paying monthly or on lower-tier plans may represent a materially limited recovery amount relative to potential losses from service disruptions or data incidents involving model artifacts or experiment data....

View provision → Watch Weights & Biases →

The agreement grants W&B a license to use, copy, store, transmit, modify, and display customer-submitted data, including model artifacts, experiment logs, and datasets, for the purpose of delivering the platform services. The license is stated as limited to service delivery and W&B states it will not use customer data for other purposes or share it with third parties except as required to provide the services or by law....

Why it matters: This provision establishes the contractual basis on which W&B processes customer-submitted AI development data, including potentially proprietary model weights and training datasets. The scope of the license, particularly the inclusion of modification rights, and the carve-out for third-party sharing necessary to provide the services may warrant review by customers concerned with IP protection or data confidentiality....

View provision → Watch Weights & Biases →

The agreement authorizes W&B to collect usage statistics, performance data, and aggregated or anonymized data derived from customer data to operate and improve the services, and to use aggregated and anonymized data for broader business purposes including publication and benchmarking....

Why it matters: This provision authorizes W&B to derive and use aggregated and anonymized data from customer interactions and submitted data for business purposes including publication, which may be relevant for customers concerned about competitive exposure through aggregate benchmarking disclosures or inference from usage patterns....

View provision → Watch Weights & Biases →

The agreement establishes mutual indemnification obligations in which W&B agrees to defend and indemnify customers against third-party IP claims arising from the services, while customers agree to defend and indemnify W&B against third-party IP claims arising from customer data or customer misuse of the services....

Why it matters: This provision allocates IP infringement risk between the parties, with W&B accepting liability for IP claims arising from the platform itself and customers accepting liability for claims arising from their submitted data or use of the services outside the agreement terms. The customer indemnity obligation for customer data IP claims is operationally significant for organizations submitting third-party or licensed data to the platform....

View provision → Watch Weights & Biases →

The agreement permits either party to terminate for material breach with a 30-day cure period, and specifies that upon termination, customer access to the platform ends immediately and customer data is available for export for 30 days before W&B may delete it....

Why it matters: This provision establishes a 30-day post-termination data export window, after which W&B may delete customer data including model artifacts, experiment logs, and other platform-stored content. Organizations should plan data export procedures in advance of any termination event to avoid data loss....

View provision → Watch Weights & Biases →

Customers accessing third-party foundation models through Bedrock are required to comply with each model provider's separately published acceptable use policies, which are incorporated by reference into the AWS Service Terms. These policies are maintained by providers including Anthropic, Meta, and Cohere and may be updated independently....

Why it matters: This provision creates a dynamic compliance obligation that extends beyond the AWS agreement itself; customers must monitor and comply with third-party model provider policies that can be updated outside the AWS contract review cycle. Compliance teams must maintain awareness of each model provider's current terms for all models accessed in production deployments....

View provision → Watch AWS Bedrock →

The terms state that customer prompts submitted to and outputs generated by Amazon Bedrock are not used to train the underlying foundation models made available through the service. This applies to both first-party Amazon models and third-party models accessed through Bedrock....

Why it matters: This provision addresses a material concern for enterprise customers deploying proprietary data in AI workflows; the agreement states that customer content processed through Bedrock does not contribute to foundation model training, which is operationally significant for customers with confidentiality obligations around their data....

View provision → Watch AWS Bedrock →

The terms prohibit customers from attempting to disable, bypass, or otherwise circumvent safety filters and content moderation mechanisms built into Amazon Bedrock or the foundation models accessible through the service. Violations of this restriction may constitute a breach of the Service Terms....

Why it matters: This provision establishes an enforceable restriction on prompt engineering or technical approaches designed to override model guardrails, which is operationally significant for red-teaming, security research, and adversarial testing use cases that may require evaluation of model safety boundaries....

View provision → Watch AWS Bedrock →

The terms authorize AWS to process customer inputs and outputs for the purposes of providing and maintaining Bedrock services, and additionally to use this content to improve Bedrock and its features unless the customer has exercised the available opt-out through account settings or documentation-specified instructions....

Why it matters: This provision establishes that service improvement use of customer content is the default state unless an opt-out is actively exercised; customers who do not take affirmative action to opt out operate under terms that permit use of their inputs and outputs for feature improvement purposes....

View provision → Watch AWS Bedrock →

The terms reserve AWS's right to suspend or terminate customer access to Amazon Bedrock upon AWS's determination that the customer has violated the Service Terms, the AWS Acceptable Use Policy, or any incorporated third-party model provider terms. This determination is made by AWS....

Why it matters: This provision establishes that access to Bedrock, including production AI infrastructure that customers may rely on for live applications, can be suspended by AWS upon a unilateral determination of policy violation, creating operational continuity risk for businesses that have deployed Bedrock in customer-facing services....

View provision → Watch AWS Bedrock →