Provisions Index

The policy reserves TikTok's right to update advertising rules at any time, treating continued use of the platform after an update as acceptance of the revised terms, and places responsibility on advertisers to monitor for policy changes....

Why it matters: This provision places the monitoring and compliance burden for policy changes on the advertiser, with acceptance of changed terms deemed to occur through continued use rather than through an affirmative acknowledgment process....

View provision → Watch TikTok Ads →

Customers must notify AWS in writing of any disputed invoice charges within 60 days of the invoice or usage report date; failure to do so constitutes a waiver of the right to dispute those charges. Disputes must include reasonable detail about the nature of the disagreement....

Why it matters: This provision establishes a contractual shortened limitations period for billing disputes. Customers with billing cycles that may not be reviewed within 60 days, or who detect billing irregularities after that window, lose the contractual right to dispute charges even if the underlying billing was erroneous. This creates an operational dependency on timely invoice monitoring....

View provision → Watch AWS →

AWS reserves the right to modify the Customer Agreement at any time by posting a revised version on the AWS website, and may change or discontinue service offerings or their features. The agreement states that AWS will provide notice of material service changes through the Service Health Dashboard, email, or the Management Console, but continued use of services constitutes acceptance of modified terms....

Why it matters: This provision establishes that AWS can modify the contractual terms governing all AWS services by posting revised language on its website, with continued service use constituting acceptance. The modification mechanism places the burden on customers to monitor for changes and assess their impact, as no affirmative customer consent or re-execution is required for modifications to take effect....

View provision → Watch AWS →

The agreement assigns full responsibility for all account activity to the customer, including unauthorized activity by third parties such as contractors, agents, or end users, and states that AWS bears no responsibility for unauthorized account access. This responsibility is not conditioned on the customer's knowledge of or consent to the activity....

Why it matters: This provision establishes that customers bear contractual liability for all activity under their AWS accounts, including activity resulting from account compromise, credential theft, or unauthorized third-party access, without AWS bearing responsibility for unauthorized access events. This places the operational and financial risk of account security incidents squarely on the customer....

View provision → Watch AWS →

The agreement states that AWS handles customer content in accordance with the AWS Privacy Notice, that customers retain ownership of their content, and that AWS will access or use customer content only as necessary to provide and maintain services or as otherwise agreed in writing. Customers consent to AWS's collection, use, and processing of their content by accepting the agreement....

Why it matters: This provision establishes both the data ownership framework (customer retains content ownership) and the permitted scope of AWS's access to customer content (limited to service provision and maintenance). For customers processing personal data on AWS, this provision works in conjunction with the separately available Data Processing Addendum, which governs GDPR and equivalent regulatory obligations....

View provision → Watch AWS →

The agreement designates Washington State law as the governing law and establishes exclusive jurisdiction for disputes in state or federal courts in King County, Washington. This applies regardless of where the customer is located or where the dispute arises....

Why it matters: This provision requires that disputes be litigated in King County, Washington courts under Washington State law, regardless of the customer's location. Customers outside Washington State or outside the United States face logistical and financial barriers to pursuing litigation under these terms, which is operationally relevant for dispute resolution planning....

View provision → Watch AWS →

The agreement incorporates the AWS Acceptable Use Policy by reference and assigns sole responsibility to customers for ensuring that their content and all end user activity complies with the AUP and applicable law. Violations are grounds for immediate account suspension....

Why it matters: The AUP is incorporated by reference and can be updated independently by AWS, meaning the conditions under which accounts may be suspended for policy violations can change without a formal amendment to the main agreement. Customers are responsible for ensuring their end users and content comply with the current version of the AUP at all times....

View provision → Watch AWS →

The agreement states that all Content sales are final and non-refundable, non-returnable, and non-replaceable except as expressly provided in the Google ToS, the Google Play Refund Policy, or the relevant Provider's refund policy. Where a refund or return is permitted, the transaction may be cancelled and access to the associated Content may be revoked....

Why it matters: This clause establishes the default transactional posture for all Content purchases on Google Play, limiting post-purchase remedies to those expressly defined in linked refund policies. Under this clause, consumers seeking remedies outside those policies have no contractual basis for return, replacement, or refund....

View provision → Watch Google Play Store →

The agreement states that by using Google Play, users consent to receiving automatic updates. While users may manage update preferences in Google Play Settings for some Content, Google reserves the right to push security-critical, usability-critical, or misconduct-preventing updates regardless of user update settings on both Google Play and the device....

Why it matters: This provision establishes that user-configured update preferences may be overridden by Google for updates classified as addressing serious security vulnerabilities, serious usability issues, or misconduct. Under this clause, Google retains unilateral authority to modify installed Content on user devices in circumstances it determines warrant such action....

View provision → Watch Google Play Store →

The agreement states that subscriptions are automatically charged each billing cycle (weekly, monthly, annual, or other) with charges occurring no earlier than 24 hours before each cycle begins. Free trial subscriptions convert to paid subscriptions at the end of the trial period unless cancelled beforehand, with no refund available for the current billing cycle except as provided in the Refund Policy....

Why it matters: This provision establishes automatic recurring charges for subscription Content without requiring affirmative re-authorization each cycle, and conditions avoidance of charges on proactive cancellation before the trial or billing period ends. Under this clause, failure to cancel before a trial ends results in automatic conversion to a paid subscription....

View provision → Watch Google Play Store →

The agreement states that Google may share personal data including name and email address with Content Providers to process transactions or deliver Content, with Providers obligated to use the data per their own privacy policies. Separately, the terms disclose that device identifiers including SIM subscriber ID and SIM serial number are transmitted to the user's mobile network operator to determine billing eligibility....

Why it matters: This provision establishes two distinct personal data sharing flows: transaction-related sharing of name and email with Content Providers governed by each Provider's independent privacy policy, and transmission of device-level SIM identifiers to mobile carriers for billing eligibility. Under this clause, the data protection standards applicable to shared information vary by recipient and are not uniformly governed by Google's Privacy Policy....

View provision → Watch Google Play Store →

The agreement provides at least 30 days advance notice before Play ToS changes take effect, after which continued use of Google Play constitutes acceptance of the new terms. Updated terms apply to all Content including previously purchased or installed Content....

Why it matters: This provision establishes that continued use of Google Play after the 30-day notice period constitutes acceptance of updated terms, and that new terms apply retroactively to previously purchased Content. Under this clause, users who continue using the platform are bound by any updated terms regardless of whether they affirmatively agreed to specific changes....

View provision → Watch Google Play Store →

The agreement states that Google may collect network connection information, potentially malicious URLs, operating system data, and information about all applications installed on the user's device for malware protection purposes. Even if users disable certain protection features, the terms state that information about installed applications may continue to be analyzed for security issues without being sent to Google....

Why it matters: This provision discloses collection of device-level data including the full list of installed applications and network connection information, not limited to apps installed through Google Play, for security analysis purposes. Under this clause, some level of application inventory analysis continues even when users disable certain protection features in device settings....

View provision → Watch Google Play Store →

The agreement requires users who are minors in their country of residence to obtain parental or legal guardian consent before using Google Play and accepting the Terms. Additional age restrictions may apply to specific Content or features....

Why it matters: This provision establishes a parental consent requirement for minor users but relies on self-reporting and parental authorization without describing a verification mechanism. Under this clause, the adequacy of the consent mechanism for minors may require evaluation under applicable children's privacy and digital services regulations....

View provision → Watch Google Play Store →

The notice states that Smartsheet collects identifiers, contact details, account credentials, device and usage data, location-inferred data, payment information, and content data submitted through the platform from website visitors and registered users....

Why it matters: This provision establishes the categories of personal data Smartsheet collects, which determines the scope of applicable data subject rights, retention obligations, and third-party sharing disclosures required under GDPR, CCPA, and other frameworks....

View provision → Watch Smartsheet →

The notice authorizes sharing of personal data with advertising, analytics, and third-party service providers, as well as corporate affiliates and parties involved in business transactions, for purposes described in the notice and its linked sub-notices....

Why it matters: This provision establishes the categories of third parties with whom personal data may be shared, which is directly relevant to CCPA opt-out rights, GDPR legitimate interests assessments, and the scope of data flows that must be disclosed and contractually managed....

View provision → Watch Smartsheet →

The notice states that EU, UK, and California users are provided with specific data subject rights including access, deletion, correction, and portability, with request mechanisms described in the notice and linked sub-notices....

Why it matters: This provision establishes the data subject rights framework applicable to EU, UK, and California users, determining the procedural mechanisms and timelines through which users may exercise rights under GDPR, UK GDPR, and CCPA, and the obligations Smartsheet bears in responding to those requests....

View provision → Watch Smartsheet →

The notice references a consent management platform (Ketch, as identified in the page source) for managing cookie and tracking technology preferences, authorizing collection of device identifiers, browsing activity, and related data subject to user consent or opt-out choices....

Why it matters: This provision governs the collection of device identifiers and browsing activity through cookies and tracking technologies, determining which data flows are subject to prior consent and which are managed through opt-out, with direct implications for advertising and analytics partner data sharing....

View provision → Watch Smartsheet →

The policy discloses specific rights for California residents under CCPA and CPRA, including rights to know, delete, correct, opt out of sale or sharing, and non-discrimination, and establishes a mechanism for submitting such requests....

Why it matters: This provision establishes the procedural rights available to California residents regarding their personal information held by Ford, including an opt-out mechanism for data sale and sharing and a non-retaliation commitment, as required under CCPA and CPRA....

View provision → Watch Ford →

The policy discloses that Ford uses cookies, web beacons, pixel tags, and other tracking technologies to collect browsing activity, device information, and interaction data from website and app users....

Why it matters: This provision establishes Ford's use of tracking technologies for collecting behavioral and device data, which is managed through a OneTrust consent management platform as evidenced in the document's technical implementation, creating consent management obligations under applicable state and potentially international privacy laws....

View provision → Watch Ford →

The policy authorizes Ford to share consumer personal information with Ford-authorized dealers for vehicle purchase, service, warranty, and marketing purposes....

Why it matters: This provision establishes that personal information, including contact details, vehicle data, and purchase history, may be shared with Ford's dealer network for both operational and marketing purposes, creating considerations around the scope of dealer data use and consumer opt-out rights....

View provision → Watch Ford →

By opening or converting to a business account, users consent to PayPal obtaining personal and business credit reports from credit reporting agencies at account opening and at any time PayPal determines there is an elevated risk level associated with the account....

Why it matters: This provision establishes ongoing consent for credit report pulls tied to PayPal's unilateral determination of elevated risk, without defining specific criteria for what constitutes an increased risk level, which creates indefinite authorization for credit inquiries during the life of a business account....

View provision → Watch PayPal →

The agreement authorizes PayPal to close an account or require account conversion if PayPal determines that account usage does not match the designated account type, based on PayPal's assessment of the transaction activity....

Why it matters: This provision reserves PayPal's right to close accounts or compel conversion based on its unilateral determination of account usage patterns, which creates a risk of service disruption for users whose payment activity spans personal and commercial transactions without advance notice requirements specified in all circumstances....

View provision → Watch PayPal →

Users are required to defend, indemnify, and hold harmless PayPal and its affiliates, officers, employees, and agents from claims, damages, fines, penalties, and legal costs arising from the user's use of PayPal services, breach of the agreement, or PayPal's exercise of its rights under the agreement....

Why it matters: This provision creates a broad indemnification obligation that includes attorneys' fees and extends to claims arising from PayPal's own exercise of its contractual rights, which is an operationally distinct scope that could expose users to liability for costs associated with PayPal's enforcement actions against them....

View provision → Watch PayPal →

PayPal may modify the user agreement for business accounts with as little as 5 days advance notice, provided via posting on the Policy Updates page or other written means including email. Personal accounts receive at least 21 days advance notice of changes that reduce rights or increase responsibilities....

Why it matters: The agreement establishes a materially shorter advance notice period for business accounts (5 days) compared to personal accounts (21 days) for changes that reduce rights or increase responsibilities, which reduces the operational window for business account holders to assess and respond to material term changes....

View provision → Watch PayPal →

The agreement requires users to report unauthorized transactions or account access immediately and states that errors on personal account statements must be reported within 60 days, after which the agreement states that the ability to recover lost funds may be limited....

Why it matters: This provision establishes a 60-day reporting window for personal account statement errors and unauthorized transactions, after which the agreement states that fund recovery may not be available if PayPal can demonstrate that timely reporting would have prevented the loss. This timeline interacts with Regulation E error resolution rights for consumer accounts....

View provision → Watch PayPal →

The user agreement incorporates PayPal's Acceptable Use Policy by reference, and account holders agree to comply with it as a condition of account use; violations of the Acceptable Use Policy may result in account limitation, suspension, or termination....

Why it matters: The incorporation of the Acceptable Use Policy by reference means that users are contractually bound by a separate document governing permissible transaction types and activities, and violations of that policy can trigger account enforcement actions including limitation, fund holds, and termination....

View provision → Watch PayPal →

The policy authorizes sharing personal information with third-party vendors providing services including data analysis, marketing assistance, and advertising, with those third parties' own privacy policies governing their data practices....

Why it matters: This provision establishes that personal data including identifiers, usage activity, and device information may be disclosed to advertising and analytics third parties whose data handling is governed by their own policies rather than Jasper's, creating data flows that the policy does not fully describe....

View provision → Watch Jasper AI →

The policy discloses that California residents may exercise CCPA and CPRA rights including opt-out of data sale or sharing, access, deletion, correction, and non-discrimination, exercisable by contacting Jasper or using a designated request form....

Why it matters: This provision establishes the specific data rights Jasper recognizes for California residents and the mechanisms through which those rights may be exercised, including contact via privacy@jasper.ai and a web-based privacy request form....

View provision → Watch Jasper AI →

The policy states that users located in the EEA, UK, or Switzerland are entitled to data subject rights under GDPR and UK GDPR, including access, rectification, erasure, restriction, objection, and portability, exercisable by contacting Jasper....

Why it matters: This provision establishes the legal rights framework Jasper applies to EU, UK, and Swiss data subjects and the procedural mechanism for exercising those rights, which is operationally relevant for enterprise customers with European operations....

View provision → Watch Jasper AI →

The policy states that Jasper retains personal data for as long as necessary for the stated collection purposes and legal obligations, without specifying fixed retention periods for each data category....

Why it matters: This provision establishes a purpose-based retention standard without specifying defined retention timelines for different categories of personal data, which may present disclosure adequacy considerations under GDPR's data minimization and storage limitation principles....

View provision → Watch Jasper AI →

The policy authorizes disclosure of personal information to third parties in connection with corporate transactions including mergers, acquisitions, asset sales, and financing, including during the negotiation phase of such transactions....

Why it matters: This provision establishes that personal data including submitted content and user identifiers may be disclosed to prospective acquirers or transaction counterparties prior to any transaction closing, without specifying conditions or limitations on that disclosure....

View provision → Watch Jasper AI →

The policy states that Jasper and its third-party partners use cookies, web beacons, pixel tags, and similar tracking technologies to collect browsing activity, device identifiers, and advertising interaction data from users....

Why it matters: This provision establishes that tracking data is collected both by Jasper directly and by third-party partners through the platform, with the data uses extending to advertising interactions, which is relevant to consent requirements under ePrivacy and GDPR for EU users....

View provision → Watch Jasper AI →

Developers grant Perplexity a royalty-free, worldwide license to use content submitted to the API, including prompts and generated outputs, for operating and improving its services. This license applies to any content transmitted through API calls....

Why it matters: This provision authorizes Perplexity to use developer-submitted inputs and AI-generated outputs beyond the scope of fulfilling the immediate API request, including for model training and service development purposes. Developers transmitting sensitive, proprietary, or personal data through the API should evaluate whether this license scope is consistent with their own data governance obligations and user-facing privacy commitments....

View provision → Watch Perplexity AI →

Perplexity's maximum financial liability to a developer for any claim is capped at the total fees the developer paid to Perplexity in the twelve months before the event that caused the loss. This applies regardless of the type or magnitude of the loss....

Why it matters: This provision establishes a financial ceiling on Perplexity's liability that is calibrated to historical API spend, which may be substantially lower than the business losses a developer could incur from API failures, data incidents, or service interruptions. This cap directly affects risk transfer analysis for enterprises building revenue-generating or operationally critical applications on the API....

View provision → Watch Perplexity AI →

Perplexity reserves the right to suspend or terminate a developer's API access at any time, without cause and without prior notice, based solely on its own judgment. No minimum notice period or procedural requirement is specified....

Why it matters: This provision establishes that API access is not guaranteed for any duration and may be revoked without warning, creating operational continuity risk for applications and services built on the Perplexity API. Developers with production systems dependent on API availability have no contractual protection against abrupt access termination....

View provision → Watch Perplexity AI →

Developers are required to defend Perplexity and its affiliates against third-party claims arising from the developer's use of the API, violations of the terms, or violations of third-party rights. This obligation includes covering Perplexity's legal fees and any resulting damages....

Why it matters: This provision requires developers to absorb legal costs and liability arising from claims connected to their API use, including claims from third parties affected by the developer's application. The obligation covers attorneys' fees, which can be substantial even in cases that are ultimately resolved without a damages award....

View provision → Watch Perplexity AI →

The terms prohibit use of the API for illegal activity, IP infringement, generation of harmful or deceptive content, and actions that could impair Perplexity's infrastructure. Violation of these restrictions may trigger suspension or termination under the unilateral termination clause....

Why it matters: This provision establishes the operational boundaries for permissible API use and defines the conduct categories that may trigger enforcement action, including access suspension or termination. The prohibition on harmful content generation and deceptive practices is relevant to developers building consumer-facing applications powered by the API....

View provision → Watch Perplexity AI →

Individual plan users are subject to data retention by default, meaning code snippets and usage data may be stored unless the user actively enables zero-data retention mode via their profile page. Teams and Enterprise plans receive zero-data retention as a default....

Why it matters: This provision establishes a materially different default data protection posture for individual users compared to organizational plan users, requiring individual users to take an affirmative opt-in action to prevent retention of code snippets and interaction data. Compliance teams assessing GDPR or CCPA obligations for individual developer users should evaluate whether this opt-in structure satisfies applicable data minimization and consent requirements....

View provision → Watch Windsurf →

The Bing API receives query data derived from user inputs, conversation history, and potentially code data as part of web search functionality. Unlike other inference providers, Windsurf does not have a zero-data retention agreement with Bing, and this integration must be explicitly enabled by Team or Enterprise administrators....

Why it matters: This provision identifies a specific subprocessor relationship where code-derived data is transmitted to a third party without the zero-data retention agreement that applies to other inference providers. Enterprise compliance teams should assess the Bing API data flow against their data classification policies and third-party risk frameworks before enabling this feature....

View provision → Watch Windsurf →

The document discloses that OpenAI, Anthropic, and Google Cloud Vertex models may be used for background processing tasks such as summarization regardless of which model the user has selected for their primary AI interactions. Enterprise administrators can disable specific providers at the organizational level....

Why it matters: This provision establishes that user model selection does not fully constrain which inference providers receive code-derived data, as background tasks may route data to additional providers. Enterprise administrators have controls to disable specific providers, but individual users do not appear to have equivalent granular controls outside of zero-data retention mode....

View provision → Watch Windsurf →

The document asserts that users own code generated by Windsurf products to the extent permitted by law, and discloses that attribution filtering is applied to intercept generated code similar to non-permissively licensed code before it is shown to users. The document also acknowledges limitations in making representations about third-party model training data....

Why it matters: This provision establishes the scope of the ownership assertion and the technical mechanism used to reduce non-permissive license exposure, while acknowledging that representations cannot be made about third-party model training data. Enterprise customers are offered indemnity clauses as a complementary contractual protection for compliance purposes....

View provision → Watch Windsurf →

The document provides a comprehensive list of subprocessors, identifying for each whether they see code data and under what conditions. Multiple infrastructure and analytics providers including GCP, Crusoe, Modal, Oracle Cloud, and dashboard tools including Retool, Raindrop, Metabase, and Tableau may access code data for individual users not on zero-data retention mode....

Why it matters: This provision discloses the full subprocessor chain and the conditions under which each provider may access code-derived data, enabling enterprise compliance teams to conduct third-party risk assessments and verify alignment with their vendor approval requirements. The disclosure that multiple analytics dashboard tools may expose code logs for users not on zero-data retention mode is operationally significant for individual user data governance....

View provision → Watch Windsurf →

The document discloses account deletion and zero-data retention mechanisms, distinguishing between default protections for enterprise and teams users versus opt-in protections for individual users. The document includes a dedicated section on account deletion linked from the table of contents, though the full text of that section was not available in the provided document excerpt....

Why it matters: This provision establishes the data deletion and retention framework that governs how long and under what conditions user data including code snippets is retained or purged. The opt-in structure for individual users creates a material difference in the default data lifecycle applicable to different user categories....

View provision → Watch Windsurf →

The policy states that RunPod automatically collects IP addresses, browser type, pages visited, timestamps, device information, and platform interaction data without requiring affirmative user input....

Why it matters: This provision authorizes passive collection of IP addresses, browsing activity within the platform, and device identifiers, which are categories of personal data subject to GDPR and CCPA protections and may require disclosure in cookie consent frameworks....

View provision → Watch RunPod →

The policy authorizes sharing of personal information with third-party vendors providing payment processing, data analysis, email delivery, hosting, customer service, and marketing services on RunPod's behalf....

Why it matters: This provision establishes that personal data flows to multiple categories of third-party service providers, requiring RunPod to maintain data processing agreements with each and potentially triggering sub-processor notification obligations for enterprise customers under their own data processing agreements with RunPod....

View provision → Watch RunPod →

The policy reserves the right to share or transfer user personal data to acquiring entities or counterparties during or in connection with mergers, asset sales, financing transactions, or acquisitions involving RunPod....

Why it matters: This provision permits transfer of user personal data to third parties as part of corporate transactions, including during the negotiation phase prior to transaction completion, which may occur without direct user notification depending on the transaction structure....

View provision → Watch RunPod →

The policy acknowledges GDPR data subject rights for EU/EEA users, including access, correction, deletion, objection to processing, restriction of processing, and data portability, exercisable by contacting RunPod directly....

Why it matters: This provision establishes that RunPod asserts GDPR compliance obligations for EU/EEA users and commits to honoring the full range of GDPR data subject rights, which creates enforceable obligations under EU law and may be subject to supervisory authority review....

View provision → Watch RunPod →

The policy acknowledges CCPA rights for California residents, including the right to know about data collection and use, the right to request deletion, and the right to opt out of sale of personal information....

Why it matters: This provision creates enforceable CCPA obligations for California residents and requires RunPod to maintain operationally functional opt-out and deletion mechanisms, subject to enforcement by the California Privacy Protection Agency....

View provision → Watch RunPod →

The policy states that personal data is retained for as long as necessary to fulfill the stated processing purposes, with retention extended where required or permitted by applicable law, but does not specify defined retention periods for individual data categories....

Why it matters: This provision establishes an open-ended, purpose-based retention standard without specifying retention schedules for individual data categories such as billing records, usage logs, or account identifiers, which may require supplementation to satisfy GDPR data minimization and storage limitation principles....

View provision → Watch RunPod →