Provisions Index

Epic provides users with rights to access, correct, delete, and export their personal data, and to object to or restrict certain processing. These rights are exercisable via account settings or by contacting Epic directly....

Why it matters: The availability and ease of exercising these rights varies by jurisdiction, and users in non-EU/UK regions may find their rights more limited; the policy directs users to contact Epic but does not specify legally mandated response timeframes....

Epic automatically collects usage data, device information, and general location (via IP address) using cookies, log files, and web beacons whenever you visit or use the Epic Services, including for advertising purposes....

Why it matters: Broad automatic tracking across all Epic Services for advertising and analytics purposes is subject to cookie consent requirements in the EU and UK, and users may not be aware of the extent of passive data collection occurring during gameplay or browsing....

When you make a purchase on the Epic Games Store, Epic may collect your credit card number, expiration date, name, and region information to complete the transaction, depending on the payment method used....

Why it matters: Collection and storage of payment card data implicates Payment Card Industry Data Security Standards (PCI DSS) and creates financial fraud risk for users if the data is not adequately secured....

Google does not use conversations from users under 18, or from school accounts, to train its AI. However, data from these accounts is still collected and stored under the standard retention policy....

Why it matters: While Google provides stronger data use protections for minors and students, data is still collected and retained, and the onus is on school administrators to configure appropriate settings — creating a compliance gap for underfunded or under-resourced educational institutions....

You can delete your Gemini conversation history, but it may stay on Google's servers for a few more weeks after you delete it, and Google may keep some data longer for safety purposes....

Why it matters: The right to delete your data is meaningful only if deletion is complete and prompt — the delay and safety-review exception create ambiguity about how long your data truly persists after you request deletion, which matters for legal rights under GDPR and CCPA....

If you connect third-party extensions to Gemini, your conversation data may be shared with those external companies, and Google is not responsible for how those companies use your data....

Why it matters: Extensions dramatically expand the data sharing surface beyond Google, creating a chain of data processors whose privacy practices users are expected to independently evaluate — a significant consumer protection gap....

Every time you use Gemini, Google automatically collects data about your device and your approximate location, even if you never share that information yourself....

Why it matters: Passive technical data collection — including device identifiers and location — combined with conversation content creates a rich behavioral profile that extends beyond what users typically associate with an AI chat service....

Strava can increase its subscription fees or introduce new fees at any time, and only needs to give you 'reasonable notice' before the change takes effect at your next billing date....

Why it matters: Strava can raise your subscription price without your explicit consent — you are automatically enrolled at the new price unless you cancel, and the Terms do not define what 'reasonable notice' means....

Strava can suspend or terminate your account at any time, at its sole discretion, including if it believes you have violated the Terms or for any other reason Strava determines appropriate....

Why it matters: Strava can cut off your access to all your workout history, routes, and data without prior notice and without being required to give you a specific reason, which could result in loss of years of fitness data....

When you connect Strava to third-party apps like Apple Health, Garmin Connect, or challenge sponsors, your data is shared with those third parties under their own privacy policies, and Strava is not responsible for how they handle it....

Why it matters: Connecting Strava to other fitness apps or devices could result in your health and location data being shared with multiple organizations, each with different privacy standards, and Strava accepts no liability for what those third parties do with your data....

Strava requires users to be at least 13 years old, and in some jurisdictions may require users to be older. If a minor uses Strava with a parent or guardian's permission, the parent or guardian accepts full legal responsibility for all of the minor's actions on the platform....

Why it matters: Parents who allow their children to use Strava can be held personally liable for any Terms violations the child commits, and the child's GPS location and fitness data will be collected and processed under the same terms as adult users....

Strava provides its services 'as is' and 'as available' with no warranties of any kind — meaning Strava does not guarantee the platform will work correctly, be available when you need it, or be free from errors or security vulnerabilities....

Why it matters: If the Strava app fails during a workout, produces inaccurate health data, or experiences a security incident, you cannot hold Strava responsible based on any implied promise that the service would function reliably....

Cash App collects extensive data about how you use the service, and you grant Cash App a broad license to use any content or information you provide. Cash App's Privacy Notice — incorporated by reference — governs how your personal and financial data is collected, used, and shared....

Why it matters: As a financial platform, Cash App has access to highly sensitive personal and financial data including transaction history, linked bank accounts, government-issued ID information, Social Security numbers, and device data — understanding how this data is used and shared is critical to assessing priva...

If you want to transfer money from your Cash App Balance to your linked bank account immediately, Cash App charges a fee of 0.5% to 2.5% (minimum $0.25 to $1.00, maximum $75). The free option takes 1-3 business days....

Why it matters: Users who need immediate access to their own money — for example, those living paycheck to paycheck — may routinely pay percentage-based fees to access funds they have already earned, which can add up to significant costs over time....

Cash App includes generative AI features subject to a separate set of terms (Section XXI). By using these features, you agree that AI-generated outputs may be inaccurate and that you should not rely on them for financial, legal, or medical decisions....

Why it matters: Embedding generative AI into a financial platform creates significant risk for consumers who may rely on AI-generated financial guidance without understanding its limitations — particularly in a context where they are making real money decisions....

Cash App allows minors aged 13 and older to open a 'Sponsored Account' supervised by a parent or guardian, with certain feature restrictions. The sponsoring adult is responsible for the minor's account activity....

Why it matters: Extending financial services — including peer-to-peer payments, a debit card, and potential exposure to investing features — to users as young as 13 raises significant child financial safety concerns and creates complex legal responsibilities for the sponsoring adult....

Cash App can change these Terms at any time by posting updated terms on its website or notifying you through the app. Your continued use of Cash App after the change takes effect means you accept the new terms....

Why it matters: Cash App can add new fees, change your rights, expand data collection, or modify dispute resolution procedures at any time — and simply using the app after receiving a notification counts as your agreement, even if you did not actively review or consent to the changes....

When you submit content to Target — such as product reviews, photos, or ideas — you grant Target a permanent, royalty-free, worldwide license to use, reproduce, modify, and distribute that content for any purpose....

Why it matters: Target can use your reviews, images, or creative submissions indefinitely and without paying you, even if you later delete your account or request removal of the content....

All disputes with Target are governed by the laws of Minnesota, regardless of where you live or where the dispute arose....

Why it matters: This means you may lose the consumer protection rights available in your home state, as Minnesota law will be applied instead — which may be less favorable to consumers in states with stronger protections like California....

You agree to defend and compensate Target for any costs, legal fees, or damages that Target incurs as a result of your use of the site, your content submissions, or your violation of the Terms....

Why it matters: If your use of Target's website or content you submit causes Target to face a legal claim or financial loss, you may be personally required to pay Target's legal costs and any resulting damages....

Target reserves the right to suspend or terminate your account at any time, for any reason, with or without notice, including if Target believes you have violated the Terms....

Why it matters: Target can close your account without warning, which could result in loss of access to accumulated Target Circle rewards, saved payment methods, order history, and digital purchases....

By simply using the zelle.com website, you are deemed to have expressly consented to Zelle collecting, using, disclosing, and retaining your personal information as described in the policy — including any future updates to the policy....

Why it matters: This is a broad, implied consent mechanism — you don't have to sign anything or click 'I agree.' Simply visiting the website is treated as consent to data practices you may not have read, including consent to future policy changes....

If you use zelle.com to report a fraud or scam, Zelle will share that report — and your personal information — with the recipient's bank or credit union, not just with your own bank....

Why it matters: Victims of Zelle fraud who report scams through the website may not realize their personal information and fraud details will be disclosed to the financial institution of the person who received the funds, which could have implications for dispute resolution and financial recovery....

Zelle keeps personal information from business inquiries submitted through the website for the duration of the business relationship plus up to 10 additional years, and keeps consumer support form data for up to 5 years....

Why it matters: Retaining personal data for up to 10 years after a business relationship ends goes beyond what most privacy frameworks consider necessary and proportionate, creating long-term exposure for both Zelle and affected individuals....

Uber collects and processes criminal background check results as part of the driver onboarding process. This sensitive data is used to determine eligibility to drive on the platform....

Why it matters: Criminal record data is among the most sensitive categories of personal information, and its collection, retention, and use in automated eligibility decisions creates significant risk of discriminatory impact and regulatory liability under the FCRA....

Uber shares driver personal data with law enforcement agencies, courts, and government authorities when required by law, in response to legal process, or when Uber believes disclosure is necessary to protect safety or comply with legal obligations....

Why it matters: This provision means your personal data — including location history and trip records — can be disclosed to government authorities without your knowledge, which has implications for civil liberties, whistleblower protection, and personal safety in certain contexts....

Uber collects drivers' bank account details, payment information, and tax documentation (including Social Security Numbers or equivalent) in order to process earnings and comply with tax reporting obligations....

Why it matters: Collection of bank account numbers and government tax identification numbers represents some of the highest-risk personal data — a breach or misuse of this data could directly enable financial fraud or identity theft....

Drivers have the right to request access to, correction of, and deletion of their personal data, as well as the right to obtain a copy of their data in a portable format. These rights are exercised through the Uber app or privacy portal....

Why it matters: Knowing and exercising these rights is important because it allows drivers to understand exactly what data Uber holds, correct inaccuracies that might affect their account, and request deletion when they leave the platform....

Uber may collect health-related information from drivers in connection with accessibility accommodations and safety incident reporting. This can include details about disabilities or medical conditions that affect a driver's ability to perform their duties....

Why it matters: Health data is a special category of particularly sensitive personal information under GDPR, and its collection and processing requires explicit consent and heightened security protections — drivers should understand when and why this data is collected....

Snap can change these Terms of Service at any time and will notify you of significant changes, but continued use of Snapchat after changes are posted means you automatically agree to the new terms. You have no right to negotiate or reject changes — your only option is to stop using the service....

Why it matters: This means the legal agreement you accepted when you joined Snapchat can be changed in ways that are less favorable to you, and simply continuing to use the app constitutes your legal agreement to the new terms even if you did not explicitly review or accept them....

You agree to defend and pay Snap's legal costs if someone sues Snap because of something you did on the platform — including content you posted, how you used the app, or if you violated these Terms or someone else's rights....

Why it matters: This clause means that if your Snapchat activity leads to a lawsuit against Snap, you could be personally responsible for Snap's legal fees and damages, which could be very costly....

For US users, these Terms are governed by the laws of California, and disputes must be resolved in Los Angeles, California. For users outside the US, Snap Group Limited (an Irish entity) is the contracting party, and Irish law and EU regulations govern the agreement....

Why it matters: For US users, this means you may need to travel to Los Angeles to pursue any court claims against Snapchat that survive arbitration, which creates a practical barrier to seeking legal remedies. For non-US users, this determines which legal protections apply to your account....

When you use Target Circle (Target's loyalty program), Target collects detailed records of your purchases, deals you activate, and engagement behavior, using this data to build a profile that informs personalized marketing and advertising both from Target and its brand partners....

Why it matters: Target Circle membership creates a persistent, identity-linked behavioral profile tied to your name, email, and purchase history that is used for commercial profiling at a scale most consumers don't realize when they sign up for discounts....

Target states that its services are not directed at children under 13 and that it does not knowingly collect personal information from children under 13 without verifiable parental consent, in accordance with federal law....

Why it matters: If a child under 13 uses Target's website, app, or loyalty program without parental awareness, Target's data collection practices could implicate federal children's privacy law, creating risk for both the company and families....

Target sends promotional emails, SMS messages, and push notifications based on your purchase history and preferences, and you can opt out of marketing communications through your account settings, email unsubscribe links, or by texting STOP for SMS....

Why it matters: Without managing your communication preferences, Target will continue to send targeted marketing messages informed by your purchase history and behavioral data across multiple channels, including email, text, and app notifications....

Target retains your personal information for as long as necessary to provide services and meet legal obligations, and consumers in qualifying states can request deletion of their personal data, subject to exceptions for legal holds, fraud prevention, and transaction completion....

Why it matters: Target can retain your personal data — including purchase history, behavioral profiles, and financial information — for extended periods, and deletion requests are subject to a number of exceptions that may limit the practical scope of this right....

Target shares your personal information with third-party service providers, business partners, and in some cases what may function as data brokers, for purposes including analytics, fraud prevention, advertising, and operational support....

Why it matters: The breadth of third-party data sharing — spanning analytics vendors, advertising technology providers, loyalty program administrators, and financial partners — means your data reaches a wide ecosystem of companies beyond Target, with varying privacy protections....

Figma shares your personal data — including behavioral data, device identifiers, and usage information — with advertising partners and analytics providers such as Google and Meta to serve targeted advertisements and analyze platform performance....

Why it matters: This means that your professional activity on a design platform is being used to build advertising profiles and target you with ads, which many users of a B2B SaaS tool would not expect, and which triggers opt-out rights for California residents....

Figma transfers personal data internationally — including from the EU, UK, and Canada to the United States — using mechanisms such as Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework to make those transfers lawful....

Why it matters: For EU and UK users, this means your personal data is being processed in the United States, a jurisdiction without an EU-equivalent level of data protection, and the lawfulness of that transfer depends on mechanisms that have been subject to legal challenge....

Figma grants users in the EU, UK, California, and Canada specific rights over their personal data, including the right to access, delete, correct, or export their data, and to object to or restrict certain types of processing....

Why it matters: These rights give you meaningful control over your personal data held by Figma, but the exercise of these rights depends on Figma's response timelines and the completeness of the data it identifies and returns....

Figma uses cookies, pixel tags, and similar tracking technologies to collect data about your browsing behavior, device, and interactions with its services, and shares some of this data with advertising and analytics partners....

Why it matters: Tracking technologies allow Figma and its partners to build detailed profiles of your online behavior, which is used for targeted advertising and product analytics — and under EU/UK law, most non-essential cookies require your explicit prior consent....

Figma's services are not directed at children under 16 (or under 13 in the US), and Figma states it does not knowingly collect personal information from children below the applicable age threshold....

Why it matters: If a child under the relevant age limit creates a Figma account, Figma claims it will delete the data upon discovery — but the policy relies on self-reported age rather than active verification, which may not prevent underage account creation....

Strava commits that health data collected from connected devices like Garmin or Apple Health will not be sold, used for advertising, or disclosed to third parties without your prior consent....

Why it matters: This is a significant consumer protection commitment, but it applies only to health data from connected devices — not all data Strava collects — and the policy still permits use of this health data for AI model training and service improvement....

Strava shares your personal information, including activity and location data, with third-party service providers who help run Strava's platform, and with business partners for co-branded events and other purposes....

Why it matters: Data shared with third-party service providers and partners can be used beyond Strava's direct control, potentially for purposes you did not anticipate, and the policy does not provide a complete list of these parties....

Strava provides privacy controls allowing users to set who can see their activities and data, including options for 'Everyone,' 'Followers,' or 'Only Me' — but the policy notes that some features like the Global Heatmap and Flyby use data from activities regardless of these settings unless separatel...

Why it matters: The existence of privacy controls is positive, but the complexity of multiple overlapping settings — including separate opt-outs for Heatmap, Flyby, and other features — means users may believe their data is private when it is still being used in ways they did not intend....

When you delete your Strava account, the policy states that your data will be deleted, but some data may be retained for legal, safety, or business purposes, and aggregated or deidentified data derived from your activities may be retained indefinitely....

Why it matters: Account deletion does not guarantee complete erasure of all data derived from your activities — aggregated and deidentified data (including contributions to the Global Heatmap) may persist even after your account is gone....

Ledger reserves the right to cancel any order at its discretion, including after payment has been made, for reasons such as suspected fraud, product unavailability, or export restrictions....

Why it matters: This means Ledger can cancel your purchase even after you have paid, which could delay access to a security device you may urgently need, and creates uncertainty about the finality of confirmed orders....

Consumers in the EU have a 14-day right to withdraw from the purchase and return the Ledger device without giving any reason, starting from the day they receive the product....

Why it matters: This is a legally mandated consumer protection right in the EU that gives you a cooling-off period to return your Ledger device for a full refund, even if you have already opened and tested it....

Ledger's sales terms are governed exclusively by French law, and any disputes must be brought before French courts, regardless of where the buyer is located....

Why it matters: If you have a legal dispute with Ledger about your purchase — for example, a refund refused or a defective product — you may be required to pursue it under French law in French courts, which could be costly and impractical for consumers outside France....

By purchasing a Ledger device, the buyer agrees to comply with all applicable export control and sanctions laws, and represents that they are not located in or subject to a sanctioned jurisdiction....

Why it matters: This clause shifts a legal compliance obligation onto the buyer — if you are inadvertently subject to export restrictions you were unaware of, Ledger disclaims responsibility and your order may be cancelled or voided....