Provisions Index

The document metadata states that the Privacy Policy governs personal information across CoreWeave's platforms and services, situating it as a cross-platform instrument within CoreWeave's terms of service framework as published at docs.coreweave.com....

Why it matters: The stated cross-platform scope of this policy determines which CoreWeave products and services, including GPU cloud computing, Kubernetes infrastructure, and storage services, are subject to its personal information provisions....

View provision → Watch Weights & Biases →

The Privacy Policy is published within CoreWeave's technical documentation platform at docs.coreweave.com under the Terms of Service section, indicating it is publicly accessible as part of CoreWeave's standard legal documentation....

Why it matters: Publication of a privacy policy within a technical documentation platform, rather than a dedicated legal or privacy portal, may affect discoverability and user notice adequacy under applicable regulatory frameworks....

View provision → Watch Weights & Biases →

Full SOC 1 Type 2 and SOC 2 Type 2 reports, as well as bridge letters covering December 2025, are not publicly downloadable and require submission of an access request through the Trust Center portal....

Why it matters: This provision requires organizations to complete a formal access request process before reviewing the underlying audit evidence that typically forms the basis of vendor due diligence assessments, which may introduce timeline dependencies in procurement workflows....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds a SOC 2 Type 2 certification, with the associated report available via access request through the portal....

Why it matters: SOC 2 Type 2 certification indicates that an independent auditor has assessed GitHub Copilot's controls over a defined period against the AICPA Trust Service Criteria; this attestation is a standard requirement in enterprise vendor procurement and data processing agreement assessments....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds ISO/IEC 42001:2023 certification, the international standard for artificial intelligence management systems....

Why it matters: ISO/IEC 42001:2023 certification indicates that GitHub has implemented a documented AI management system meeting the requirements of this standard, which is operationally relevant for enterprise customers assessing Copilot under AI governance policies, the EU AI Act, or internal AI risk frameworks....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds TISAX certification, the Trusted Information Security Assessment Exchange standard used in the automotive industry....

Why it matters: TISAX certification is a prerequisite for many suppliers and service providers operating within the automotive sector supply chain; its disclosure indicates GitHub Copilot has undergone assessment under the VDA ISA (Information Security Assessment) framework administered by ENX Association....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds CSA STAR Level 2 certification, indicating a third-party audit of cloud security controls against the Cloud Security Alliance Cloud Controls Matrix....

Why it matters: CSA STAR Level 2 certification requires an independent third-party assessment of cloud security controls, providing enterprise customers with additional audited assurance beyond the SOC 2 Type 2 attestation, specifically framed around cloud computing security practices....

View provision → Watch GitHub →

The Trust Center lists a gated Bug Bounty DLOE (Delivered Letter of Engagement or similar attestation) document covering April through June 2025, available only via an access request....

Why it matters: The availability of a bug bounty program attestation document indicates GitHub maintains a formal vulnerability disclosure and reward program for Copilot-related infrastructure, which is relevant to enterprise security assessments and software supply chain security evaluations....

View provision → Watch GitHub →

The terms state that all Premium subscription charges are generally nonrefundable, and that early cancellation results in continued access until the billing period ends with no partial refund or credit issued....

Why it matters: This provision establishes that users who cancel a Premium subscription before the end of a billing period will not receive a refund or credit for unused time, which governs the financial terms of the subscription lifecycle for all Premium subscribers....

View provision → Watch Telegram →

The terms explicitly state that neither deleting the Telegram account nor uninstalling the Telegram application from a device constitutes cancellation of an active Premium subscription; active billing continues until explicit cancellation is completed....

Why it matters: This provision establishes that users must take affirmative cancellation steps through app store or account settings interfaces; account or app deletion alone will not stop recurring charges....

View provision → Watch Telegram →

The terms state that initiating a chargeback or refund request through a third-party payment processor (such as Apple or Google) constitutes user consent for Telegram to disclose account status and Premium purchase data to that third party....

Why it matters: This provision establishes a conditional data disclosure mechanism triggered by user-initiated financial disputes, requiring compliance teams to evaluate whether this disclosure is consistent with applicable data protection law, particularly GDPR data minimization and lawful basis requirements....

View provision → Watch Telegram →

The terms state that violations of Telegram's Terms of Service may result in temporary or permanent bans, and that users who lose Premium access as a result of such bans will not receive compensation for the lost subscription value....

Why it matters: This provision establishes that Telegram reserves the right to terminate Premium access without refund or compensation upon a finding of Terms of Service violation, which creates asymmetric termination rights with financial consequences for subscribers....

View provision → Watch Telegram →

The terms commit Telegram to providing at least 30 days' advance notice of material changes to Premium pricing or terms through a message to the user's Telegram account, with the opportunity to cancel before changes take effect....

Why it matters: This provision establishes a minimum notice period and in-app notification mechanism for price and terms changes, giving Premium subscribers a defined window to cancel before any new fees apply....

View provision → Watch Telegram →

The terms state that users in EU countries, the UK, and Australia must be a minimum of 18 years of age to create a Telegram account, establishing a regional age restriction above the general standard....

Why it matters: This provision establishes a jurisdiction-specific age gating requirement for EU, UK, and Australian users that goes beyond many platform age minimums, which are typically set at 13 or 16, and engages regulatory frameworks related to minor protection and age verification in those jurisdictions....

View provision → Watch Telegram →

The terms disclose that Telegram's chat translation and voice-to-text transcription Premium features are processed by Google LLC, and Telegram does not guarantee the accuracy or availability of these services....

Why it matters: This provision discloses that Premium voice transcription and translation features route data through Google LLC infrastructure, which is a material third-party data processing disclosure relevant to privacy assessments and data protection compliance....

View provision → Watch Telegram →

The terms state that channel administrators who organize giveaways are solely responsible for legal compliance with applicable giveaway regulations, delivery of prizes, and any resulting legal or administrative consequences; Telegram explicitly disclaims liability for all such outcomes. All giveaway purchases are stated to be nonrefundable....

Why it matters: This provision assigns all legal and regulatory compliance obligations for giveaway conduct to the organizing channel administrator, and Telegram's disclaimer of liability for prizes and regulatory sanctions creates a direct exposure for channel operators who use this feature across multiple jurisdictions....

View provision → Watch Telegram →

Zendesk asserts that it acts as a data controller for data collected through its own websites and marketing activities, and as a data processor for Service Data submitted by business customers through the platform. Business customers are stated to be responsible for establishing a legal basis for processing Service Data....

Why it matters: This provision establishes the allocation of data protection obligations between Zendesk and its business customers, determining which party bears controller responsibilities under GDPR, UK GDPR, and equivalent frameworks, and directing data subject rights requests accordingly....

View provision → Watch Zendesk →

The notice states that Zendesk collects identifiers, commercial records, internet activity, geolocation data, professional information, and inferences drawn from collected data, including profile inferences relating to preferences, psychological trends, and aptitudes....

Why it matters: This provision documents the scope of personal data categories Zendesk collects as a controller, including inferred profile data, which engages CCPA/CPRA disclosure requirements and GDPR Article 13 transparency obligations....

View provision → Watch Zendesk →

The notice states that Zendesk shares personal data with affiliated entities, subprocessors, advertising and analytics partners, and with third parties in asset sale or merger contexts, as well as when legally required....

Why it matters: This provision authorizes sharing of personal data with advertising and analytics partners, which engages consent requirements under ePrivacy and GDPR in the EU, and opt-out rights under CCPA/CPRA for California residents, including the right to opt out of sale or sharing for cross-context behavioral advertising....

View provision → Watch Zendesk →

The notice states that Zendesk and advertising partners use cookies, pixels, and tracking tags to collect browser type, OS, page visit data, duration, and referring URL, and use this data for cross-device recognition and personalized advertising....

Why it matters: This provision authorizes cross-device tracking and personalized advertising based on cookie and pixel data, which engages ePrivacy Directive consent requirements for EU users and CPRA opt-out rights for California residents regarding sharing for behavioral advertising purposes....

View provision → Watch Zendesk →

The notice states that Zendesk transfers personal data internationally and relies on standard contractual clauses approved by the European Commission and other legally recognized mechanisms as safeguards for cross-border transfers....

Why it matters: This provision establishes the legal basis Zendesk asserts for international personal data transfers, engaging GDPR Chapter V requirements and equivalent national frameworks, and is material for EU, UK, and other regulated-jurisdiction customers assessing adequacy of transfer protections....

View provision → Watch Zendesk →

The notice states that users may have rights to access, correct, delete, restrict, object to, or port their personal data depending on their jurisdiction, and provides a privacy request form and email address as the mechanism to exercise these rights....

Why it matters: This provision establishes the procedural mechanism through which data subjects can exercise GDPR, UK GDPR, CCPA/CPRA, and equivalent regional privacy rights against Zendesk as a controller, and specifies that rights requests relating to Service Data must be directed to the relevant Zendesk business customer....

View provision → Watch Zendesk →

The notice states that Zendesk retains personal data for as long as necessary for the stated purposes or as required by law, applying a multi-factor assessment to determine the appropriate retention period including sensitivity, risk, and purpose....

Why it matters: This provision establishes Zendesk's stated data retention framework, which engages GDPR Article 5(1)(e) storage limitation requirements and equivalent principles under other regional frameworks, and is relevant for organizations assessing vendor data lifecycle management practices....

View provision → Watch Zendesk →

The notice states that California residents have CCPA/CPRA rights to know, delete, correct, opt out of sale or sharing, and be free from discrimination, with requests submitted via the privacy request form or privacy@zendesk.com....

Why it matters: This provision establishes the specific privacy rights framework Zendesk applies to California residents under CCPA and CPRA, including the opt-out of sale or sharing right applicable to advertising partner data flows, and is enforceable by the California Privacy Protection Agency and California AG....

View provision → Watch Zendesk →

The notice states that Zendesk uses personal data to send marketing communications and provides an unsubscribe mechanism via email link or contact with privacy@zendesk.com, while retaining the right to send transactional or account-related communications regardless of marketing opt-out....

Why it matters: This provision establishes the marketing communication opt-out mechanism and clarifies that transactional communications continue after opt-out, which is relevant for CAN-SPAM compliance in the US and ePrivacy Directive requirements in the EU for email marketing....

View provision → Watch Zendesk →

The notice states that Zendesk's services are not directed to children under 16 and that Zendesk does not knowingly collect personal data from that age group, with a mechanism to report and delete such data if discovered....

Why it matters: This provision establishes Zendesk's age threshold at 16 for data collection purposes, engaging COPPA requirements in the US for children under 13 and GDPR Article 8 requirements for children under 16 in EU member states that have not lowered the threshold, which varies by country....

View provision → Watch Zendesk →

The policy states that user-submitted prompts and generated images may be used by Leonardo AI to train and improve its AI models, with an opt-out available by contacting the company's privacy team....

Why it matters: This provision establishes a default-on data practice in which user-submitted creative prompts and generated outputs are authorized for use in AI model training; the opt-out mechanism places the procedural burden on users to contact the company rather than providing an in-platform toggle....

View provision → Watch Leonardo AI →

The policy states that personal data may be transferred to countries outside Australia and the EEA, and that the company states it uses mechanisms such as Standard Contractual Clauses for EEA transfers....

Why it matters: This provision authorizes international transfers of user personal data and asserts that transfer safeguards such as Standard Contractual Clauses are in place, but does not identify specific recipient countries or named third-party recipients for these transfers....

View provision → Watch Leonardo AI →

The policy authorizes sharing of personal data with advertising, analytics, and operational service providers, stating that these parties access data only for specified purposes on Leonardo AI's behalf....

Why it matters: This provision establishes data sharing with advertising and analytics partners, categories that under CCPA/CPRA may constitute sharing personal information for cross-context behavioral advertising, triggering opt-out rights for California residents....

View provision → Watch Leonardo AI →

The policy states that users may have rights to access, correct, delete, or export their personal data depending on jurisdiction, and that California residents may opt out of the sale or sharing of personal information, with all requests submitted to privacy@leonardo.ai....

Why it matters: This provision establishes the procedural mechanism for exercising data subject rights, requiring email contact rather than an in-platform self-service tool, which is the primary avenue for users to exercise GDPR, CCPA, and Australian Privacy Act entitlements....

View provision → Watch Leonardo AI →

The policy states the platform is not directed to users under 13 and that the company does not knowingly collect personal data from children under 13, with a parental contact mechanism for reported violations....

Why it matters: This provision establishes Leonardo AI's stated COPPA compliance posture; the policy does not describe the technical or operational mechanism by which users under 13 are identified and excluded from the platform....

View provision → Watch Leonardo AI →

The policy states that Leonardo AI uses cookies, web beacons, and tracking technologies to collect IP addresses, browser type, operating system, referring URLs, device identifiers, and browsing activity, with user controls available via browser settings and a cookie consent tool....

Why it matters: This provision establishes the tracking technology framework, including the categories of technical and behavioral data collected, and references a cookie consent tool as the primary mechanism for user control....

View provision → Watch Leonardo AI →

The policy states that personal data is retained for the period necessary to provide services, meet legal obligations, resolve disputes, and enforce agreements, after which it is stated to be deleted or anonymized....

Why it matters: This provision establishes a purpose-based retention framework without specifying fixed retention periods for different data categories, which may affect compliance with GDPR storage limitation requirements and user ability to predict how long their data is held....

View provision → Watch Leonardo AI →

The agreement states that a Stripe Connect Platform may restrict the user's ability to end the platform's access to their Stripe account and may limit the user's ability to view, access, or activate certain Stripe services. The scope of these restrictions is governed by the separately negotiated Platform Provider Agreement between the user and the platform....

Why it matters: This provision establishes that a third party's contractual authority over the user's Stripe account access and service activation is governed by a separate agreement that Stripe is not party to, creating an operational dependency on the Platform Provider Agreement for determining the user's actual account rights....

View provision → Watch Stripe →

The agreement states that a Stripe Connect Platform may designate itself as a data controller and instruct Stripe to process the user's data, subject to the terms of the separately negotiated Platform Provider Agreement. This creates a data processing structure in which the platform controls how Stripe processes the user's data....

Why it matters: This provision establishes a data processing relationship in which a third-party platform holds data controller authority over the user's data processed by Stripe, which has direct implications for data subject rights fulfillment, lawful basis documentation, and accountability obligations under GDPR and equivalent frameworks....

View provision → Watch Stripe →

The agreement states that the user bears sole responsibility for goods and services sold to their customers and any obligations owed to those customers, with Stripe explicitly disclaiming all liability for those matters. This allocation applies to the user's use of Stripe Services in connection with their commerce activity....

Why it matters: This provision establishes that all customer-facing commercial obligations, including delivery, refunds, disputes, and consumer protection compliance, rest with the user rather than Stripe, which is relevant to how the user structures their own terms of service and customer liability arrangements....

View provision → Watch Stripe →

The agreement establishes that where any conflict exists between the Stripe Services Agreement and the Connected Account Agreement regarding the user's use of Stripe Connect Services, the Connected Account Agreement takes precedence. The Stripe Services Agreement is incorporated by reference but is subordinate to this document on Connect-specific matters....

Why it matters: This provision establishes the hierarchical relationship between the two governing documents, meaning that compliance teams must read both documents and identify any conflicts to determine which terms actually govern the user's rights and obligations in the Connect context....

View provision → Watch Stripe →

The agreement requires users to ensure that all information provided to Stripe, whether submitted directly or through a connected platform, is accurate and complete. This obligation applies to information provided through either channel....

Why it matters: This provision establishes a continuing accuracy obligation that applies to information submitted through the platform as well as directly, meaning the user bears responsibility for the accuracy of data submitted on their behalf by the platform if that data originates from the user....

View provision → Watch Stripe →

The agreement states that activity on the user's account, including transaction information and other features, may be submitted or performed through either the Stripe Dashboard or the Stripe API, with the specific features available described in the Documentation. A Stripe Connect Platform may restrict the user's ability to view, access, or activate certain Services....

Why it matters: This provision establishes that the user's operational access to their account data and transaction information may be administered through two channels, either of which may be restricted by the connected platform, affecting the user's visibility into their own account activity....

View provision → Watch Stripe →

The Stripe Services Agreement is fully incorporated into this Connected Account Agreement by reference, and undefined capitalized terms in this document take their meanings from the Stripe Services Agreement. The Connected Account Agreement prevails over the Stripe Services Agreement where conflicts arise on Connect-specific matters....

Why it matters: This provision means that the full terms of the Stripe Services Agreement, including its arbitration, liability limitation, termination, and data processing provisions, apply to Connected Account users unless superseded by this document, requiring review of both documents to assess the user's complete contractual position....

View provision → Watch Stripe →

This provision requires users to resolve all disputes with Wise individually through AAA arbitration rather than in court, and prohibits participation in class action lawsuits or consolidated proceedings....

Why it matters: This provision requires that all disputes, including those regarding fees, account suspensions, or unauthorized transactions, proceed through individual arbitration administered by the AAA. It forecloses class action participation, which is the primary collective redress mechanism for consumers in financial services disputes involving smaller individual claim amounts....

View provision → Watch Wise →

Wise may suspend or terminate account access and withhold funds without prior notice if it determines there is a breach of the agreement, a regulatory compliance requirement, or a suspected risk of fraud or financial crime....

Why it matters: This provision grants Wise operational authority to restrict account access and withhold funds based on its internal determination of compliance risk or policy violation, without requiring prior notice to the account holder. For business accounts and users with significant balances, this creates a material access risk....

View provision → Watch Wise →

Wise discloses that it is not a bank and that customer funds are not FDIC-insured, but are instead safeguarded by being held in segregated bank accounts or US Treasury securities separate from Wise's operating funds....

Why it matters: This provision establishes the legal and financial structure under which customer funds are held, which is materially different from a bank deposit relationship. In the event of Wise's insolvency, customer funds held in safeguarded accounts are treated differently than FDIC-insured deposits, and recovery would depend on applicable state money transmission law and the legal status of segregated funds....

View provision → Watch Wise →

Wise may amend the Customer Agreement by posting updated terms on its website or notifying users by email, with changes taking effect 30 days after notice unless regulatory requirements require immediate effect; continued use of services after the effective date constitutes acceptance of the updated terms....

Why it matters: This provision establishes a unilateral amendment mechanism that allows Wise to modify material contract terms with 30 days notice in most circumstances. Continued use of services after the effective date constitutes acceptance, meaning users who do not close their accounts before the effective date are contractually bound by the updated terms....

View provision → Watch Wise →

Users must provide accurate personal identity information and documentation as required by AML and KYC regulations; Wise may request additional documentation at any time, and failure to provide it may result in account suspension or termination....

Why it matters: This provision establishes ongoing identity verification obligations for users, grounding them in regulatory AML and KYC requirements under the Bank Secrecy Act and USA PATRIOT Act. The ongoing nature of the verification obligation means account status can be affected by requests made at any point during the account lifecycle, not only at onboarding....

View provision → Watch Wise →

Users must report transfer errors or unauthorized transactions to Wise within 60 days of the statement or notification date; failure to report within this period may result in loss of error correction rights under the agreement....

Why it matters: This provision establishes the error resolution timeline applicable to electronic fund transfers, which interacts with Regulation E's statutory error resolution requirements. Regulation E establishes specific timelines and procedures for provisional credit and investigation of claimed errors in electronic fund transfers that Wise, as a covered financial institution for EFT purposes, must follow....

View provision → Watch Wise →

The agreement is governed by New York law, and any disputes not subject to arbitration must be brought exclusively in state or federal courts in New York County....

Why it matters: This provision establishes New York as the governing law jurisdiction and exclusive venue for non-arbitrable disputes. Users located outside New York who have claims not covered by arbitration would be required to pursue them in New York courts, which may create a practical access barrier depending on the nature and value of the claim....

View provision → Watch Wise →

Wise limits its total liability per claim to the greater of fees paid in the prior 12 months or $100, and excludes indirect, incidental, special, consequential, and punitive damages to the extent permitted by law....

Why it matters: This provision caps Wise's financial exposure for any individual claim, which is particularly relevant for users who experience transaction failures, unauthorized transfers, or incorrect conversions involving amounts that may significantly exceed the liability cap. The exclusion of consequential damages further limits recovery for losses resulting from service failures....

View provision → Watch Wise →

The agreement requires that disputes between users and WHOOP be resolved through binding individual arbitration rather than court proceedings, with limited exceptions for small claims court and intellectual property injunctions....

Why it matters: This provision requires users to resolve disputes through individual arbitration proceedings administered by JAMS or AAA, which means disputes including those involving health data collection or billing practices proceed outside of the court system. The clause also includes a class action waiver, which is addressed separately....

View provision → Watch Whoop →

The agreement prohibits users from bringing or participating in class action lawsuits or class arbitration proceedings against WHOOP; all claims must be pursued individually....

Why it matters: This provision requires that all claims be brought on an individual basis, which means users may not aggregate claims with other subscribers in class or representative proceedings, including class arbitration. This applies to the full scope of claims covered by the arbitration clause....

View provision → Watch Whoop →