Provisions Index

The policy applies not only to individuals with Stripe accounts but also to end customers of businesses that use Stripe to process transactions, who may have no direct relationship with Stripe....

Why it matters: This provision establishes that Stripe processes personal data of individuals who interact with merchant websites powered by Stripe technology, even absent a direct account relationship, which creates distinct data subject rights obligations and controller-processor role considerations under GDPR and CCPA....

View provision → Watch Stripe →

The policy authorizes Stripe to use transaction, identity, and device data across its network of merchants and financial partners for fraud detection and financial risk assessment purposes....

Why it matters: This provision permits Stripe to share personal and financial data across its broader merchant ecosystem for fraud prevention purposes, which implicates data minimization and purpose limitation requirements under GDPR and equivalent frameworks, and may affect individuals' transaction outcomes across multiple unrelated merchants....

View provision → Watch Stripe →

The policy discloses that Stripe may collect biometric data as part of its identity verification services, where applicable under local law....

Why it matters: This provision establishes that biometric data collection is within scope of Stripe's data practices for identity verification purposes, which engages state biometric privacy statutes and GDPR special category data provisions requiring explicit consent....

View provision → Watch Stripe →

The policy authorizes Stripe to share personal data including device identifiers, browsing activity, and transaction-related information with advertising networks and analytics providers....

Why it matters: This provision permits disclosure of behavioral and transactional data to third-party advertising and analytics services, which engages CCPA opt-out rights for sale or sharing of personal information and GDPR consent requirements for non-essential processing....

View provision → Watch Stripe →

The policy discloses that Stripe transfers personal data internationally and relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses as transfer mechanisms for data flows from the EU, UK, and other jurisdictions to the United States....

Why it matters: This provision establishes the legal mechanisms Stripe relies upon for cross-border data transfers, which are subject to ongoing regulatory review and potential challenge; organizations processing EU or UK personal data through Stripe must confirm these mechanisms remain current and adequate under applicable law....

View provision → Watch Stripe →

The policy states that Stripe relies on legitimate interests as one of its legal bases for processing personal data, with the specific basis for each processing activity disclosed in the Privacy Center....

Why it matters: Reliance on legitimate interests as a processing basis under GDPR requires a balancing test against data subject rights and interests; the policy directs users to the Privacy Center for specifics, meaning the legal basis documentation is distributed across multiple documents rather than consolidated in this policy....

View provision → Watch Stripe →

The policy discloses that Stripe collects government-issued identification information, including identification numbers and document images, as part of identity verification processes for account holders and transaction participants....

Why it matters: Collection of government-issued identification data engages heightened sensitivity requirements under multiple privacy frameworks and triggers specific obligations regarding secure storage, limited retention, and restricted sharing under applicable identity verification and financial services regulations....

View provision → Watch Stripe →

This provision designates Perplexity as a data processor and restricts its processing of personal data to documented instructions from the customer acting as controller, with an exception for legally required processing....

Why it matters: This clause establishes the foundational processor-controller relationship required by GDPR Article 28, and its scope directly determines whether Perplexity's AI processing activities remain within the customer's instructed purposes or constitute independent controller activity....

View provision → Watch Perplexity AI →

This provision authorizes Perplexity to use sub-processors to fulfill its service obligations, requires advance notice of sub-processor changes, provides a customer objection window, and permits termination if an objection cannot be resolved....

Why it matters: This clause governs the sub-processor oversight mechanism required by GDPR Article 28(2); the practical enforceability of the objection right depends on the notice period length and whether the termination remedy is commercially available to the customer without penalty....

View provision → Watch Perplexity AI →

This provision incorporates the European Commission's Standard Contractual Clauses as the legal mechanism for transferring EU/EEA/UK personal data to Perplexity's US-based infrastructure, in the absence of an adequacy decision covering that transfer....

Why it matters: The SCCs provide the contractual transfer mechanism required under GDPR Chapter V, but following the CJEU's Schrems II decision, customers must also conduct Transfer Impact Assessments to verify that supplementary measures are in place where US law may impair the SCCs' protections....

View provision → Watch Perplexity AI →

This provision requires Perplexity to maintain technical and organizational security measures proportionate to the risk of processing, and to notify customers without undue delay upon discovering a personal data breach involving customer personal data....

Why it matters: This clause establishes Perplexity's security obligations under GDPR Article 32 and its breach notification obligation under GDPR Article 33; the 'without undue delay' standard for processor-to-controller notification is intended to enable the controller to meet its own 72-hour supervisory authority reporting obligation....

View provision → Watch Perplexity AI →

This provision requires Perplexity to provide technical and organizational assistance to enable enterprise customers to fulfill data subject rights requests, including access, rectification, erasure, restriction, portability, and objection, to the extent feasible given the nature of the processing....

Why it matters: This clause addresses the GDPR Article 28(3)(e) requirement that processors assist controllers with data subject rights obligations; the 'insofar as this is possible' qualification may limit the scope of assistance available for AI-processed data where individual-level data retrieval or deletion is technically constrained....

View provision → Watch Perplexity AI →

This provision grants enterprise customers the right to audit Perplexity's compliance with its DPA obligations, either directly or through a mandated third-party auditor, and requires Perplexity to provide supporting documentation and access....

Why it matters: Audit rights are required under GDPR Article 28(3)(h) and are operationally significant for customers conducting vendor due diligence; the practical scope of the audit right, including whether it covers on-site inspection or documentation review only, determines its utility for compliance verification....

View provision → Watch Perplexity AI →

This provision requires Perplexity to ensure that all personnel with access to customer personal data are bound by confidentiality obligations, either contractual or statutory....

Why it matters: This clause implements the GDPR Article 28(3)(b) personnel confidentiality requirement and is relevant to customers assessing insider risk controls within Perplexity's workforce....

View provision → Watch Perplexity AI →

This provision requires Perplexity to either return or delete all customer personal data upon termination of the agreement, subject to any applicable legal retention requirements, at the customer's election....

Why it matters: This clause implements the GDPR Article 28(3)(g) data return and deletion requirement and is operationally significant for customers managing data lifecycle obligations and vendor offboarding procedures....

View provision → Watch Perplexity AI →

The agreement requires users and Acorns to resolve disputes through binding arbitration rather than in court, with limited exceptions for small claims court and intellectual property injunctive relief. Users retain the option to opt out of this requirement within 30 days of account creation by sending written notice to Acorns....

Why it matters: This provision requires that disputes relating to the Terms, services, or the parties' relationship proceed through individual binding arbitration administered by JAMS, precluding court-based litigation for most claim types. The 30-day opt-out window is time-limited and requires affirmative written action by the user after account creation....

View provision → Watch Acorns →

The agreement requires users to bring any claims against Acorns only as individuals, not as part of a class action, collective action, or representative proceeding. This waiver applies in both arbitration and court proceedings as stated....

Why it matters: This provision establishes that claims must proceed individually rather than collectively, which affects the practical economics of pursuing low-value claims against the platform. Under California law, the enforceability of class action waivers for public injunctive relief claims remains a contested legal question....

View provision → Watch Acorns →

The agreement caps Acorns' total liability to any user at the amount the user paid in subscription fees during the 12 months before the claim arose, with a minimum floor of $25 for users who paid nothing. This cap applies to all claims arising from the terms or services....

Why it matters: This provision establishes that the maximum financial recovery available to a user for any claim against Acorns is limited to 12 months of subscription fees paid, which at Acorns' current pricing tiers represents a low absolute dollar amount relative to potential investment losses or banking service failures. Applicable law, including potential fiduciary duty obligations under securities regulations, may constrain the enforceability of this cap in certain claim contexts....

View provision → Watch Acorns →

The agreement authorizes Acorns to modify the Terms at any time, with notice of material changes delivered via email or in-app notification. Continued use of the services after changes become effective constitutes acceptance of the revised terms, including any fee changes....

Why it matters: This provision establishes that Acorns determines unilaterally whether a change is material and what notice is required, with continued platform use serving as the mechanism for acceptance. This applies to subscription fee modifications as well as substantive rights and obligations under the agreement....

View provision → Watch Acorns →

The agreement grants Acorns a worldwide, non-exclusive, royalty-free license to use, reproduce, modify, publish, transmit, display, and distribute any content users submit to the platform, including the right to sublicense that content. This license covers all media and distribution methods, including those not yet developed....

Why it matters: This provision establishes that user-submitted content, which in the context of a financial services platform may include communications, profile information, and other user-generated material, is licensed to Acorns for broad use and sublicensing across current and future distribution channels. The scope of the license is not expressly limited to operational purposes....

View provision → Watch Acorns →

The agreement authorizes Acorns to terminate or suspend user accounts immediately, without prior notice or stated justification, at Acorns' sole discretion. This applies to access to all services covered by the Terms....

Why it matters: This provision establishes that account access to brokerage, IRA, banking, and custodial investment services may be suspended or terminated without advance notice, which has direct operational implications for users' access to investment accounts and banking services. The absence of a stated notice period or cure mechanism is operationally significant given the financial services context....

View provision → Watch Acorns →

The agreement disclaims all express and implied warranties regarding the services, including warranties of merchantability, fitness for a particular purpose, and non-infringement. Services are provided on an as-is basis with no warranty of availability or performance....

Why it matters: This provision establishes that Acorns makes no contractual warranties regarding service availability, performance, or fitness for purpose, which in the context of investment and banking services has operational implications for users relying on platform availability for account management. The enforceability of warranty disclaimers in regulated financial services contexts may be constrained by applicable securities and consumer protection regulations....

View provision → Watch Acorns →

The agreement states that Delaware law governs the Terms and disputes arising from them, without applying conflict of law principles that might direct a court to apply another state's law. This is a standard governing law selection clause for a Delaware-incorporated entity....

Why it matters: This provision establishes Delaware law as the applicable governing framework for contractual disputes, which has implications for how courts interpret the Terms and what consumer protections may apply. Users in states with stronger consumer protection statutes, such as California, may have rights under those statutes that apply regardless of the contractual choice of Delaware law....

View provision → Watch Acorns →

The policy authorizes collection of government-issued identity document images, national identification numbers including social security numbers and tax IDs, and criminal background check results for Taskers and other applicable users....

Why it matters: This provision establishes that the platform collects categories of information classified as sensitive under multiple privacy frameworks including GDPR and CCPA, including national identification numbers and criminal record data, which carry heightened regulatory obligations for processing, storage, and disclosure....

View provision → Watch TaskRabbit →

The policy authorizes TaskRabbit to share personal information with unnamed third parties for advertising purposes, with additional detail on advertising-related cookie use referenced in the Cookie Policy....

Why it matters: This provision establishes a basis for personal information disclosure to third-party advertising entities without identifying those entities by name, which may require evaluation against GDPR Article 13 transparency obligations and CCPA disclosure requirements for categories of third parties receiving data....

View provision → Watch TaskRabbit →

The policy reserves TaskRabbit's right to disclose personal information to third parties at its sole discretion when it believes there has been an injury or interference with user rights, company rights, partner rights, or the rights of the general public....

Why it matters: This provision establishes a broad discretionary disclosure basis that extends beyond law enforcement requests and legal obligations, authorizing disclosure based on the company's own assessment of injury or interference with a wide range of parties including partners and the general public....

View provision → Watch TaskRabbit →

The policy designates TaskRabbit, Inc., a US entity, as the sole data controller for all EEA, Swiss, and UK users' personal information, notwithstanding the existence of TaskRabbit Limited, TaskRabbit GmbH, and TaskRabbit Poland Sp. z o.o. as separate legal entities....

Why it matters: This provision establishes that a US-domiciled entity is the data controller for EU and UK data subjects, which requires legally adequate transfer mechanisms for personal data flowing from the EEA or UK to the United States, and may require evaluation of local representative obligations under GDPR Article 27....

View provision → Watch TaskRabbit →

The policy acknowledges that advertising technology activities may qualify as a CCPA sale and provides a Do Not Sell My Personal Information opt-out mechanism for California residents via a linked third-party opt-out platform....

Why it matters: This provision discloses that advertising data sharing may meet the CCPA definition of sale and establishes an operative opt-out right for California residents, while simultaneously asserting that the company does not sell data in the traditional sense, a qualification that may affect the scope of the opt-out as understood by consumers....

View provision → Watch TaskRabbit →

The policy authorizes collection of location data including precise latitude and longitude coordinates as well as IP-derived and postal code level location information....

Why it matters: This provision establishes that the platform collects precise geographic coordinates in addition to approximate location data, which constitutes sensitive personal information under CCPA and may require distinct handling under GDPR and applicable state privacy laws....

View provision → Watch TaskRabbit →

The policy notifies Canadian users that their personal information is stored on US-based servers and states that accepting the policy constitutes acknowledgment of this cross-border transfer....

Why it matters: This provision frames Canadian user consent to cross-border data transfer as implicit in accepting the privacy policy, which may require evaluation against Canadian privacy legislation governing cross-border transfers and accountability obligations....

View provision → Watch TaskRabbit →

The policy states that personal information is retained for as long as necessary to provide services and fulfill stated purposes, after which it will be deleted or deidentified, subject to legal obligations and applicable law....

Why it matters: The retention provision does not specify defined retention periods for any category of personal information, relying instead on general necessity language, which may require evaluation against GDPR data minimization and storage limitation principles requiring specific, documented retention schedules....

View provision → Watch TaskRabbit →

US and Canadian users are required to resolve disputes with Taskrabbit through binding individual arbitration rather than court proceedings, and the agreement includes a class action waiver. A 30-day opt-out window is available after initial acceptance of the terms....

Why it matters: This provision requires US and Canadian users to submit claims against Taskrabbit to individual binding arbitration, which means disputes are resolved through a private arbitration process rather than through the court system. The 30-day opt-out window is a fixed, time-limited mechanism; users who do not act within that period are contractually bound to arbitration for the duration of their use of the platform....

View provision → Watch TaskRabbit →

The agreement states that all fees, including Task Payments and Taskrabbit's platform fees, are non-refundable unless expressly stated otherwise in the agreement. Specific refund conditions, if any, are set out in the incorporated Fees, Payments and Cancellation Supplemental Terms....

Why it matters: This provision establishes a default non-refundable fee policy applicable to all platform transactions. The practical scope of this policy depends on the contents of the incorporated Fees, Payments and Cancellation Supplemental Terms, which are not fully reproduced in this document....

View provision → Watch TaskRabbit →

The agreement states that Taskrabbit assumes no responsibility or liability for the quality, legality, timing, or outcome of tasks, and that the formation of a Service Agreement between Client and Tasker creates no liability for Taskrabbit. Users acknowledge Taskrabbit does not supervise, direct, or control Tasker work....

Why it matters: This provision establishes a broad disclaimer of Taskrabbit's operational involvement in and liability for task outcomes, reinforcing the platform's characterization of itself as a marketplace intermediary rather than a service provider. The breadth of this disclaimer may be subject to scrutiny under applicable consumer protection and employment classification law in various jurisdictions....

View provision → Watch TaskRabbit →

Taskrabbit grants users a limited, non-exclusive, non-transferable, and revocable license to access and use the platform and app for personal use only. The license is conditioned on compliance with the agreement and the Acceptable Use Policy, and users are prohibited from copying, reverse engineering, or retransmitting platform content without Taskrabbit's prior written consent....

Why it matters: This provision establishes the conditional and revocable nature of user access to the platform. The license is contingent on compliance with the agreement and the Acceptable Use Policy, meaning a violation of either document could result in revocation of platform access....

View provision → Watch TaskRabbit →

The agreement classifies Taskers as independent contractors of Clients rather than employees of Taskrabbit or Clients. The terms state that Taskers set their own rates, use their own tools, and may work on competing platforms without restriction from Taskrabbit....

Why it matters: This provision establishes the contractual classification of Taskers as independent contractors, which determines the applicable labor, tax, and benefits obligations between the parties. The classification assertion in the contract does not resolve applicable legal standards for worker classification, which vary by jurisdiction and may be determined by regulatory or judicial authorities independent of the agreement's characterization....

View provision → Watch TaskRabbit →

The agreement states that Taskrabbit may terminate a user's agreement or restrict platform access for failure to maintain accurate account information, for posing a threat to platform safety and integrity, or for any other reasonable business concern. The terms do not specify a notice or cure period for these termination grounds....

Why it matters: This provision authorizes Taskrabbit to restrict or terminate user access based on a broadly defined reasonable business concern standard, without specifying advance notice requirements or a cure period. For Taskers who operate the platform as their primary business channel, termination without notice or opportunity to remedy creates material operational risk....

View provision → Watch TaskRabbit →

The agreement requires all task-related communications including scoping, payment discussions, and task-related questions to remain within the Taskrabbit platform's Chat Thread, both before and after task completion. Users who communicate or transact outside the platform may be in breach of this obligation....

Why it matters: This provision requires users to conduct all task-related communications and payment arrangements exclusively through the platform, including after task completion. This condition affects both Clients and Taskers and is a compliance requirement whose violation may constitute grounds for account action under the agreement....

View provision → Watch TaskRabbit →

The agreement states that Taskers may be subject to identity verification and criminal background checks conducted by third-party services as a condition of platform registration and ongoing use. Taskrabbit explicitly disclaims responsibility for the accuracy or reliability of background check results....

Why it matters: This provision establishes that background checks are conducted by third-party services and that Taskrabbit disclaims liability for their accuracy. Clients selecting Taskers based on background check status should note that the agreement simultaneously uses background check designations as informational signals while disclaiming any endorsement or guarantee of their reliability....

View provision → Watch TaskRabbit →

The policy states that code inputs submitted to the AI assistant by free-tier users may be used to improve Tabnine's AI models by default, while paid-plan users have access to telemetry controls that can prevent this use....

Why it matters: This provision establishes a default data use practice for free-tier users that includes their submitted code in AI training pipelines, with opt-out access tied to subscription tier. Enterprise compliance teams should evaluate whether this default treatment is compatible with confidentiality obligations over employee-submitted code....

View provision → Watch Tabnine →

The policy authorizes sharing of user data including identifiers, usage data, and behavioral data with third-party analytics, advertising, and marketing service providers such as Google, HubSpot, LinkedIn, Hotjar, Microsoft Clarity, Reddit, and Twitter/X....

Why it matters: This provision authorizes a broad set of third-party data disclosures to advertising and analytics vendors whose tracking scripts are loaded on the Tabnine website. For EU users, this sharing may require valid cookie consent under the ePrivacy Directive and GDPR....

View provision → Watch Tabnine →

The policy establishes that EU/EEA users may exercise GDPR data subject rights including access, rectification, erasure, restriction of processing, data portability, and objection to processing by contacting Tabnine at privacy@tabnine.com....

Why it matters: This provision describes the procedural mechanism through which EU/EEA users may exercise statutory data rights. Organizations deploying Tabnine for EU-based employees should confirm that Tabnine's response processes meet GDPR's one-month response requirement....

View provision → Watch Tabnine →

The policy provides California residents with a right to opt out of the sale or sharing of their personal information for behavioral advertising purposes, accessible via a designated link on the Tabnine website or by email....

Why it matters: This provision describes the opt-out mechanism available to California residents under CCPA as amended by CPRA. The operational availability and functionality of the designated opt-out link is a compliance requirement subject to California AG and CPPA enforcement....

View provision → Watch Tabnine →

The policy states that personal data transferred from the EU/EEA to third countries is protected through Standard Contractual Clauses (SCCs) as approved by the European Commission....

Why it matters: This provision establishes the legal transfer mechanism for cross-border data flows from the EU/EEA, which is a requirement under GDPR Chapter V. Enterprise customers should confirm that executed SCCs are in place and reflect the current 2021 EU Commission SCC templates....

View provision → Watch Tabnine →

The policy states that Tabnine collects telemetry data from plugin usage including feature interactions, usage frequency, performance metrics, and error logs, used for product improvement purposes....

Why it matters: This provision establishes that telemetry data is collected by default from plugin users. For enterprise deployments, the scope of telemetry collection and the ability to disable it at an organizational level is operationally significant for both privacy compliance and confidentiality management....

View provision → Watch Tabnine →

The policy states that personal data is retained for the duration necessary to provide services and meet legal obligations, after which Tabnine takes steps to delete or anonymize it, without specifying fixed retention periods for individual data categories....

Why it matters: The absence of specific retention periods for categories such as code snippet data, telemetry, and account information means users and enterprise customers cannot determine from the policy alone when their data will be deleted. GDPR's data minimization and storage limitation principles require that retention periods be defined and justified....

View provision → Watch Tabnine →

The policy discloses that Whatnot may sell or share personal information as defined under California law, and provides California residents the right to opt out via a designated link on the platform....

Why it matters: This provision requires Whatnot to maintain a functional opt-out mechanism for California residents and to accurately disclose which categories of personal information are sold or shared with advertising and analytics partners, as required under CCPA and CPRA....

View provision → Watch Whatnot →

The policy states that sellers are required to submit government-issued identification documents and financial account information (bank account details) to Whatnot for identity verification and payout processing....

Why it matters: This provision requires sellers to submit sensitive personal and financial data categories that are subject to heightened protection under state financial privacy laws, data breach notification statutes, and potentially federal requirements depending on the nature of payout processing relationships....

View provision → Watch Whatnot →

The policy authorizes Whatnot to share personal information including behavioral and device data with advertising partners, analytics providers, and social media platforms for targeted advertising and usage analysis, with those third parties permitted to use tracking technologies across Whatnot and other websites....

Why it matters: This provision authorizes cross-site behavioral tracking via third-party advertising and analytics partners, which may constitute a 'sale' or 'sharing' of personal information under California law and triggers opt-out and disclosure obligations; it also engages ePrivacy and GDPR consent requirements for EU and UK users....

View provision → Watch Whatnot →

The policy states that Whatnot collects audio and video content from seller and user livestreams, along with session metadata including stream duration, viewer counts, and interaction data....

Why it matters: Collection of audiovisual content from livestreams constitutes collection of biometric-adjacent data in some jurisdictions and may engage state biometric privacy statutes; session and interaction metadata from livestreams can be used for behavioral profiling and platform personalization as described elsewhere in the policy....

View provision → Watch Whatnot →