Provisions Index

Users who submit any content to WHOOP grant the company a royalty-free, perpetual, worldwide license to use, modify, distribute, and create derivative works from that content for any purpose, without payment or notification to the user....

Why it matters: This provision grants WHOOP perpetual and irrevocable rights to submitted content for any purpose, including commercial use, without any compensation obligation to the submitting user. The scope of 'Content' and whether it encompasses health data entries, user-submitted workout notes, or other personal health information is not expressly limited in this clause....

View provision → Watch Whoop →

WHOOP charges membership fees on a recurring subscription basis and does not issue refunds or credits for any unused portion of a billing period after a charge has been made....

Why it matters: This provision establishes that once a billing period commences, the membership fee for that period is non-refundable regardless of whether the user cancels or discontinues use mid-period. Users who cancel are entitled to access through the end of the paid period but receive no refund for the remaining time....

View provision → Watch Whoop →

WHOOP may modify the Terms of Use at any time and will provide notice by email or in-app notification; continued use of the service after modification constitutes acceptance of the updated terms....

Why it matters: This provision authorizes WHOOP to update the contractual terms governing the service unilaterally, with acceptance inferred from continued use after notice. The notice mechanism relies on email or in-app notification rather than affirmative consent, which may create tension with EU and UK consumer contract requirements....

View provision → Watch Whoop →

WHOOP collects continuous physiological measurements including heart rate, heart rate variability, respiratory rate, blood oxygen levels, skin temperature, sleep data, and activity data via the wearable device and app, which are used to generate personalized health insights....

Why it matters: The agreement discloses collection of a range of physiological and biometric-adjacent data categories on a continuous basis; the handling of this data is governed primarily by the Privacy Policy rather than these Terms, and the Terms incorporate the Privacy Policy by reference without reproducing its data sharing or retention provisions here....

View provision → Watch Whoop →

The agreement limits WHOOP's liability to exclude indirect, incidental, special, consequential, and punitive damages arising from use of the service, to the maximum extent permitted by applicable law....

Why it matters: This provision caps the categories of damages recoverable from WHOOP in any dispute; users who experience harm from data loss, service interruption, or health data mishandling may be limited to direct damages only under these terms. The clause is qualified by applicable law, which may override the limitation in certain jurisdictions....

View provision → Watch Whoop →

WHOOP may terminate or suspend a user's account and access to the service, with or without notice, if WHOOP determines in its sole discretion that the user has violated applicable law or harmed other users, third parties, or WHOOP....

Why it matters: This provision grants WHOOP broad discretion to suspend or terminate accounts without prior notice based on its own assessment of user conduct, which may affect subscribers mid-membership period without a defined appeal or review mechanism disclosed in these Terms....

View provision → Watch Whoop →

WHOOP restricts use of its service to users aged 18 or older and prohibits access by individuals under 18....

Why it matters: This provision establishes a minimum age requirement of 18 for service access, which is operationally significant given that the service collects continuous physiological data; the restriction also determines COPPA applicability, as the 18-year threshold exceeds COPPA's 13-year threshold....

View provision → Watch Whoop →

Klarna installment financing is issued by WebBank with APRs ranging from 0.00% to 35.99% depending on creditworthiness and term length; all loans are subject to credit approval and minimum purchase amounts may apply....

Why it matters: This provision establishes the disclosed cost-of-credit range and issuing bank relationship for Klarna installment financing, which are material Regulation Z disclosure obligations enforceable by the CFPB....

View provision → Watch Klarna →

The Klarna Card, issued by WebBank under a Visa U.S.A. Inc. license, carries a 28.99% APR that applies specifically to all moved or split transactions....

Why it matters: This provision establishes the cost of credit for a specific card feature (moving or splitting transactions) and is a material disclosure for Klarna Card holders who use these features....

View provision → Watch Klarna →

Cashback earned through the Klarna app is deposited into a Klarna Balance account and can only be redeemed within the Klarna platform; cashback issuance is subject to store approval and may be reduced or withheld based on cookie settings, combined offers, product exclusions, or other factors....

Why it matters: This provision establishes that cashback funds are not transferable outside the Klarna platform and that issuance is conditional on multiple third-party and technical factors, which affects the reliability and utility of the cashback benefit....

View provision → Watch Klarna →

Klarna discloses that loans made or arranged to California residents are made under a California Financing Law license, identified by NMLS number 1353190....

Why it matters: This provision establishes Klarna's state licensing basis for offering consumer credit products to California residents, which triggers obligations under the California Financing Law including examination authority by the California DFPI....

View provision → Watch Klarna →

The Klarna Card is issued by WebBank, a Utah-chartered industrial bank, under a license from Visa U.S.A. Inc.; Klarna operates as the program manager rather than the card issuer....

Why it matters: This provision establishes the legal structure under which the Klarna Card is offered, with WebBank as the creditor of record, which determines the applicable regulatory framework including federal preemption of state usury laws and FDIC oversight....

View provision → Watch Klarna →

The policy states that Equifax collects directly from consumers sensitive personal information including Social Security numbers, financial account data, credit card information, and date of birth, in addition to information obtained from third-party data sources....

Why it matters: This provision establishes that Equifax collects among the most sensitive categories of personal data recognized under U.S. and international privacy law, including government-issued identifiers and financial account credentials, which are subject to heightened protection obligations under CPRA, GLBA, and GDPR....

View provision → Watch Equifax →

The policy discloses that Equifax shares personal information with third parties for cross-context behavioral advertising and authorizes consumers in California and certain other states to opt out of this sharing....

Why it matters: This provision establishes that Equifax engages in data sharing practices that qualify as a sale or share under CPRA and potentially other state privacy statutes, triggering opt-out rights for residents of qualifying states and requiring a conspicuous opt-out mechanism....

View provision → Watch Equifax →

The policy states that consumer rights to access, delete, or correct personal information under state privacy laws do not apply to data Equifax holds or uses in its capacity as a consumer reporting agency under the FCRA....

Why it matters: This provision establishes a material limitation on state privacy rights: because Equifax's core business involves FCRA-governed consumer report data, a substantial portion of the personal information it holds may fall outside the scope of CCPA, CPRA, and comparable state law deletion and access rights, with distinct FCRA dispute procedures applying instead....

View provision → Watch Equifax →

The policy authorizes Equifax to share personal information with affiliates, subsidiaries, service providers, business partners, and marketing partners, including for those third parties' own marketing purposes, subject to consumer opt-out choices....

Why it matters: This provision establishes that personal information including financial and credit data may be shared with marketing partners for independent marketing use, not solely for Equifax's own service delivery, which is a category of sharing with direct implications under CPRA's sale and share definitions and GDPR's data controller and processor distinctions....

View provision → Watch Equifax →

The policy states that Equifax retains personal information for as long as necessary for business, legal, and regulatory purposes without specifying fixed retention periods for most data categories....

Why it matters: This provision establishes an open-ended retention standard that does not specify maximum retention durations for sensitive data categories such as Social Security numbers, financial account data, or credit history, which may require further evaluation under GDPR's storage limitation principle and CPRA's data minimization requirements....

View provision → Watch Equifax →

The policy states that residents of California, Virginia, Colorado, Connecticut, and Texas have rights to access, correct, delete, and opt out of the sale or sharing of personal information, exercisable through Equifax's privacy portal or by telephone....

Why it matters: This provision establishes the consumer rights infrastructure for multiple U.S. state privacy statutes, including CPRA, VCDPA, CPA, CTDPA, and TDPSA, and specifies the operational channels available to exercise those rights....

View provision → Watch Equifax →

The policy states that EU and UK data subjects have rights under GDPR and UK GDPR including access, rectification, erasure, restriction, portability, and objection to processing, and that Equifax's lawful bases for processing include consent, contract performance, legal obligation, and legitimate interest....

Why it matters: This provision establishes that Equifax processes personal data of EU and UK residents subject to GDPR and UK GDPR obligations, including the requirement to document and disclose lawful bases for each processing activity and to respond to data subject rights requests within statutory timeframes....

View provision → Watch Equifax →

The policy authorizes Equifax to disclose personal information including sensitive financial and credit data to law enforcement and government agencies in response to legal process, governmental requests, or when Equifax determines disclosure is necessary to protect rights, property, or safety....

Why it matters: This provision establishes that Equifax may disclose personal information to government entities not only in response to formal legal process but also based on Equifax's own assessment of necessity to protect rights or safety, a standard that is broader than a strict legal compulsion requirement....

View provision → Watch Equifax →

The policy states that Equifax and its service providers use cookies, pixels, web beacons, and log files to collect device identifiers, IP addresses, browser type, operating system, browsing history, and behavioral data from users of its websites and mobile applications for analytics and advertising purposes....

Why it matters: This provision establishes that behavioral and device data is collected through automated tracking technologies not only by Equifax but also by third-party service providers and advertising partners, creating data flows that may qualify as sales or shares under CPRA and that engage GDPR's consent requirements for non-essential cookies....

View provision → Watch Equifax →

This clause requires users to resolve nearly all disputes with OpenSea through individual binding arbitration under AAA rules rather than through court litigation, and prohibits participation in class actions or representative proceedings. A 30-day written opt-out window is available from the date of first acceptance....

Why it matters: This provision requires disputes to proceed through individual arbitration rather than court litigation, and prohibits class or representative actions. The 30-day opt-out mechanism creates a time-sensitive consent management consideration for users and compliance teams tracking acceptance dates....

View provision → Watch OpenSea →

This clause caps OpenSea's total financial liability to any user at the greater of fees actually paid by that user to OpenSea in the preceding six months or $100, regardless of the nature or size of the underlying claim....

Why it matters: This provision establishes an aggregate liability ceiling that is operationally narrow relative to the transaction values that may be involved in NFT marketplace disputes. Enforceability of this cap may be limited under applicable consumer protection law in EU, UK, and certain U.S. state jurisdictions....

View provision → Watch OpenSea →

Users grant OpenSea a worldwide, royalty-free, sublicensable license to use, copy, modify, create derivative works from, distribute, and publicly display any content they submit to the platform, in connection with operating the service....

Why it matters: This provision authorizes OpenSea to sublicense user-submitted content including NFT images, metadata, and creative materials to third parties in connection with service operations. The sublicensability of this grant means the license can be extended to downstream service providers and partners without further user consent....

View provision → Watch OpenSea →

Users are required to defend and reimburse OpenSea for any legal costs, damages, and fees arising from the user's breach of the terms, unauthorized use of the service, or violation of third-party rights including intellectual property and privacy rights....

Why it matters: This provision creates a broad indemnification obligation running from users to OpenSea, covering legal defense costs and damages for any claim arising from user conduct, including third-party IP and privacy claims. The scope extends to attorneys' fees, which may create significant financial exposure for users involved in any contested NFT transaction or content dispute....

View provision → Watch OpenSea →

OpenSea states that it does not hold, control, or take custody of any digital assets at any time and is not a party to any transaction between users, disclaiming responsibility for transaction outcomes or performance....

Why it matters: This provision establishes the operational and legal boundary of OpenSea's role as a technology intermediary rather than a custodian or counterparty, which affects the remedies available to users in the event of transaction failures, smart contract errors, or disputed asset ownership....

View provision → Watch OpenSea →

The agreement is governed by Delaware law, and any disputes not resolved through arbitration must be litigated in state or federal courts in New York County, New York....

Why it matters: This provision requires users outside of New York to submit to New York court jurisdiction for non-arbitrated disputes, which may create practical barriers to litigation for users located in other U.S. states or internationally....

View provision → Watch OpenSea →

This clause prohibits a range of activities including automated scraping, uploading malware, harvesting personally identifiable information, and actions that impose unreasonable load on the platform infrastructure. OpenSea retains sole discretion to determine what constitutes an unreasonable load....

Why it matters: This provision grants OpenSea sole discretion to determine what constitutes prohibited conduct in several categories, including infrastructure load, which creates a broad enforcement trigger that could affect API users, developers, and institutional data consumers....

View provision → Watch OpenSea →

OpenSea may terminate any user's account access at any time, at its sole discretion, without notice. Users may cancel their accounts by emailing support@opensea.io. Certain provisions of the agreement survive termination....

Why it matters: This provision reserves OpenSea's right to terminate platform access without prior notice and without stated cause, which affects users' ability to manage or transfer digital assets held in connected wallets or pending transactions at the time of termination....

View provision → Watch OpenSea →

OpenSea reserves the right to modify the terms at any time at its sole discretion. The company states it will attempt to provide 30 days' notice for material changes, with materiality determined by OpenSea alone. Continued use of the service after changes take effect constitutes acceptance....

Why it matters: This provision gives OpenSea unilateral authority to modify the terms, with materiality of changes determined at its own discretion. Continued platform use constitutes acceptance of revised terms without requiring affirmative user consent....

View provision → Watch OpenSea →

The service is restricted to users aged 13 and older. Users aged 13 to 17 may use the service only with parental or guardian consent and supervision, with the parent or guardian agreeing to be bound by the terms....

Why it matters: This provision establishes minimum age thresholds and parental consent requirements for minor users, which creates COPPA compliance considerations for users under 13 and operational consent verification obligations for users aged 13 to 17....

View provision → Watch OpenSea →

The policy states that HubSpot collects personal data that users directly provide, data generated through use of the services, and data received from third-party websites, services, and partners....

Why it matters: This provision establishes the three primary collection channels and authorizes ingestion of data from external third-party sources in addition to direct user input and behavioral data, which has implications for data mapping and consent chain documentation....

View provision → Watch HubSpot →

The policy states that HubSpot acts as a data controller for visitor and user data but as a data processor for data that business customers submit into HubSpot products, directing data subject inquiries about that second category to the relevant HubSpot customer rather than to HubSpot....

Why it matters: This provision establishes a bifurcated data governance structure in which data subject rights requests for customer-submitted data must be directed to HubSpot's business customers, not to HubSpot directly, which affects how data subjects can exercise GDPR and CCPA rights depending on the category of data at issue....

View provision → Watch HubSpot →

The policy authorizes HubSpot to share user data with advertising vendors who use cookies, web beacons, and similar tracking technologies to deliver targeted advertisements on third-party websites and services....

Why it matters: This provision authorizes disclosure of user browsing and activity data to advertising technology vendors for cross-site targeting purposes, which may require evaluation under GDPR consent requirements and ePrivacy Directive guidance applicable to cookie-based tracking in EU member states....

View provision → Watch HubSpot →

The policy discloses that personal data may be transferred internationally, including to the United States, and states that HubSpot uses Standard Contractual Clauses as a transfer mechanism for EU data....

Why it matters: This provision establishes Standard Contractual Clauses as the primary mechanism for cross-border data transfers out of the EEA, which requires that a transfer impact assessment be conducted and documented for organizations subject to GDPR requirements....

View provision → Watch HubSpot →

The policy states that individuals in the EEA, UK, and Switzerland have rights to access, rectification, erasure, restriction, objection, and portability of their personal data, and the right to lodge complaints with supervisory authorities....

Why it matters: This provision documents HubSpot's acknowledgment of GDPR and UK GDPR data subject rights and the supervisory authority complaint pathway, establishing the operational framework for EU and UK individuals to exercise rights in relation to HubSpot-controlled data....

View provision → Watch HubSpot →

The policy states that California residents have rights under the CCPA and CPRA to know, delete, and opt out of the sale or sharing of their personal information, and have a right to non-discrimination for exercising these rights....

Why it matters: This provision documents HubSpot's CCPA and CPRA compliance posture for California residents and establishes the non-discrimination guarantee, which is a statutory requirement under CPRA....

View provision → Watch HubSpot →

The policy states that HubSpot uses cookies, web beacons, and similar tracking technologies to monitor user activity and store information, and discloses that refusing cookies may limit access to certain service features....

Why it matters: This provision establishes HubSpot's use of persistent and session-based tracking mechanisms across its services, which engages consent requirements under GDPR and ePrivacy rules for EU users and disclosure obligations under CCPA for California users....

View provision → Watch HubSpot →

The policy states that personal data is retained for as long as there is a legitimate business need, including service delivery and legal, tax, or accounting compliance obligations, without specifying fixed retention periods for individual data categories....

Why it matters: This provision establishes a principles-based rather than fixed-period retention framework, which may require evaluation under GDPR data minimization and storage limitation principles where specific retention schedules are expected by supervisory authorities....

View provision → Watch HubSpot →

The policy states that HubSpot may send marketing communications about third-party products and services using personal information, and provides opt-out by unsubscribe link or email to privacy@hubspot.com....

Why it matters: This provision authorizes use of personal information for third-party promotional communications, which engages CAN-SPAM Act requirements in the US and GDPR consent or legitimate interests analysis for EU users, as well as CASL for Canadian users....

View provision → Watch HubSpot →

The policy states that HubSpot may update the privacy policy at any time, with notification via webpage posting and, where appropriate, by email or other means, and advises users to review the policy periodically....

Why it matters: This provision reserves the right to modify privacy practices with notification that may consist solely of a webpage update, without guaranteeing direct individual notice for material changes, which may require evaluation under GDPR requirements for informing data subjects of material changes to processing activities....

View provision → Watch HubSpot →

The page organizes X's Master Services Agreement into region-specific documents covering Americas (US/Canada, Brazil, Rest of Americas), Europe/Middle East/Africa (UK, Rest of EMEA), and Asia Pacific (Indonesia, Japan, Korea, Philippines, Rest of APAC), with each region linking to a separate hosted agreement document....

Why it matters: The index structure establishes that X's advertising MSA is administered through jurisdiction-specific documents rather than a single global agreement, meaning that the operative contractual terms, including governing law, payment conditions, and dispute resolution, vary by the advertiser's applicable region....

View provision → Watch X →

The statement discloses that Zoom collects audio recordings, video, chat messages, transcripts, whiteboard content, and other material generated during meetings, calls, and webinars. This collection applies regardless of whether recording or transcription features are explicitly activated by the user....

Why it matters: This provision establishes that Zoom's data collection scope includes the substantive content of communications, not only metadata or usage signals. For enterprise accounts processing confidential business discussions, legal communications, or healthcare-related conversations, this collection scope is relevant to data classification and retention assessments....

View provision → Watch Zoom →

The statement asserts that Zoom does not use customer-generated meeting content such as audio, video, chat, or transcripts to train Zoom's own AI models or those of third parties. The statement separately discloses that Zoom may use service-generated data, usage data, and telemetry to improve and operate AI-powered features....

Why it matters: This provision establishes a stated restriction on using meeting content for AI model training, which is directly relevant to enterprise and institutional customers with confidentiality or data use obligations. The distinction between 'customer content' covered by this restriction and other data categories used for AI improvement is a material interpretive boundary that compliance teams should assess against their contractual requirements....

View provision → Watch Zoom →

The statement authorizes sharing of personal data, potentially including meeting content and user information, with third-party applications connected through the Zoom App Marketplace or API integrations when enabled by the user or account administrator. Zoom states that data shared with these third parties is then governed by the third party's own privacy policies rather than Zoom's statement....

Why it matters: This provision establishes that enabling third-party integrations creates a separate data relationship governed outside Zoom's privacy framework. For enterprise accounts, administrators enabling Marketplace apps on behalf of an organization are authorizing data flows that Zoom's own privacy protections do not cover, requiring independent vendor assessment for each integration....

View provision → Watch Zoom →

The statement authorizes Zoom to share data with advertising and analytics partners who use cookies, pixel tags, and tracking technologies to collect browsing and usage data across Zoom's products and potentially other websites. This data may be used to deliver targeted advertising....

Why it matters: This provision establishes that Zoom's web and product surfaces involve third-party tracking infrastructure for advertising purposes. California residents have CCPA and CPRA rights to opt out of the sale or sharing of personal information for cross-context behavioral advertising, and the statement should provide a mechanism to exercise this right....

View provision → Watch Zoom →

The statement restricts Zoom's products to users 16 years of age and older and states that Zoom does not knowingly collect personal data from users under 16. Users under 16 are directed not to use Zoom's products....

Why it matters: This provision establishes Zoom's stated age threshold at 16, which is above the 13-year threshold established by COPPA in the United States but aligns with GDPR's default age of digital consent in several EU member states. Educational institutions deploying Zoom for students younger than 16 should review whether separate contractual terms or product configurations govern those deployments....

View provision → Watch Zoom →

The statement discloses that users in certain jurisdictions, including the EU, UK, and California, have rights including access, correction, deletion, data portability, objection to processing, restriction of processing, and withdrawal of consent. The availability of each right depends on applicable law and the legal basis for processing....

Why it matters: This provision establishes the range of data subject rights Zoom recognizes under applicable law and the mechanism by which users can exercise them. For enterprise customers, understanding which rights apply to employee or customer data processed through Zoom is relevant to their own data subject access request workflows....

View provision → Watch Zoom →

The statement discloses that Zoom retains personal data for varying periods depending on data type, purpose, legal obligations, and dispute resolution requirements, without specifying fixed retention periods for most data categories....

Why it matters: The absence of specific retention period commitments for most data categories in the statement means users and enterprises cannot determine from this document alone how long meeting recordings, transcripts, or usage data are retained. This is relevant for compliance teams conducting data minimization assessments....

View provision → Watch Zoom →

The statement authorizes Zoom to disclose personal data, including meeting content, to government authorities and law enforcement when required by law or when Zoom determines disclosure is necessary to protect rights or safety. No specific warrant or court order requirement is stated as a threshold in the privacy statement itself....

Why it matters: This provision establishes that Zoom may share user data including meeting content with law enforcement in response to legal process or in Zoom's assessment of necessity for safety purposes. The scope of Zoom's discretionary disclosure authority and any transparency reporting practices are relevant to enterprise and institutional risk assessments....

View provision → Watch Zoom →