Provisions Index

The policy prohibits using Cohere's AI to produce political propaganda, divisive rhetoric, targeted political advertising, or content specifically designed to interfere with elections....

Why it matters: The policy's reference to content that 'could unduly alter people's political views' or 'sow division' covers a broad range of persuasive political content, and operators deploying AI in media, communications, or public affairs contexts should assess whether their use cases fall within or outside this prohibition....

View provision → Watch Cohere →

The policy prohibits using Cohere's AI to build applications that secretly track, monitor, or profile individuals without their knowledge or authorization....

Why it matters: This provision covers location tracking, communications monitoring, and unauthorized profiling, which are categories of data processing subject to significant regulatory obligations under privacy frameworks including GDPR, CCPA, and sector-specific wiretapping laws....

View provision → Watch Cohere →

Everything you create on Midjourney is visible to other users unless you pay for a plan that includes Stealth Mode and turn it on yourself....

Why it matters: The policy states that generated images are public by default, meaning any image you produce, along with the prompts associated with it, may be visible to other platform users unless you take affirmative steps to upgrade your subscription and enable Stealth Mode....

View provision → Watch Midjourney →

Midjourney collects your name, email, payment details, device information, IP address, how you use the service, everything you type or upload, and inferences it draws about your preferences....

Why it matters: The policy discloses a broad set of data categories collected across account, device, behavioral, and content dimensions, including the content of prompts and uploaded images, which may contain personal or sensitive information....

View provision → Watch Midjourney →

Midjourney shares your data with service providers, business partners, and payment processors, and may transfer it if the company is sold; it states it does not sell your data under California law....

Why it matters: The policy authorizes sharing personal information with service providers, business partners, and payment processors, and permits data transfer in the event of a business acquisition; the categories of business partners are not fully enumerated, which limits user visibility into who may receive their data....

View provision → Watch Midjourney →

If you are in the EU or UK, you have rights to see, correct, delete, or transfer your data, and to object to how it is processed; you can exercise these by emailing privacy@midjourney.com....

Why it matters: The policy explicitly grants EU and UK users a defined set of GDPR data subject rights, including the right to erasure and the right to object to processing, which are enforceable under GDPR against Midjourney as a data controller....

View provision → Watch Midjourney →

California residents can ask Midjourney what data it holds on them, request its deletion, or correct it, and Midjourney states it does not sell personal data under California law....

Why it matters: The policy discloses that Midjourney does not sell personal information under CCPA but does not address whether data shared with business partners for advertising or other purposes constitutes CPRA-regulated sharing, which may carry its own opt-out requirement distinct from the sale opt-out....

View provision → Watch Midjourney →

Midjourney states its service is not for children under 13 and will delete any data it discovers was collected from a child under 13....

Why it matters: The policy establishes a minimum age of 13 and invokes a COPPA-aligned framework for handling children's data, but relies on a reactive deletion approach rather than proactive age verification at point of registration....

View provision → Watch Midjourney →

If you send Scale any suggestions or ideas about their website, Scale permanently owns the right to use that feedback however they want, including building new products from it, with no obligation to compensate you....

Why it matters: The terms authorize Scale to use any feedback you submit for any purpose, including creating new commercial products, without any payment or attribution obligation, and this right cannot be revoked once feedback is submitted....

View provision → Watch Scale AI →

Scale reserves the right to examine, record, and copy any information you send or receive through its website, for operational or other purposes, though it takes no responsibility for the content it monitors....

Why it matters: The terms authorize Scale to monitor, record, and copy all information transmitted through the site; the scope of this reservation covers any and all information and identifies operational or other purposes, a broad and open-ended basis....

View provision → Watch Scale AI →

Scale can remove your access to the website at any time, for any reason or no reason at all, and does not have to tell you beforehand....

Why it matters: The terms reserve a unilateral, no-cause termination right with no notice requirement; users have no procedural recourse or advance warning guarantee under this provision....

View provision → Watch Scale AI →

If a third party sues Scale because of something you did on or through the Scale website, you agree to pay Scale's legal costs and any damages, including for any disputes you have with other parties that somehow involve Scale....

Why it matters: This provision requires users to cover Scale's legal defense costs and related liabilities for a broad range of conduct including third-party disputes that may only be tangentially related to Scale's website, and extends coverage to Scale's affiliates, subsidiaries, and agents....

View provision → Watch Scale AI →

Scale is not responsible for lost profits, lost data, or business interruption losses caused by using or being unable to use the Scale website, even if Scale was warned that such harm was possible....

Why it matters: This provision excludes all indirect, incidental, special, consequential, and punitive damages arising from website use or unavailability; this means users generally cannot recover damages for losses such as business disruption or data loss caused by the site....

View provision → Watch Scale AI →

The document references California as Scale's home state and the agreement is governed by applicable law, but the full governing law and dispute resolution provisions were not fully reproduced in the provided document text....

Why it matters: Governing law and dispute resolution terms determine where and how users can pursue claims against Scale; the truncated document text means the full scope of these provisions cannot be confirmed from the provided excerpt....

View provision → Watch Scale AI →

OpenAI states that data you submit through the API, ChatGPT Enterprise, or ChatGPT Team products is not used to train its AI models unless you separately opt in....

Why it matters: This provision directly addresses one of the most common concerns for enterprise customers: whether their proprietary data, client information, or confidential inputs could be incorporated into OpenAI's model training. The document states this does not happen by default for these specific product tiers....

View provision → Watch OpenAI →

Data you send through OpenAI's API is automatically deleted after 30 days by default, and customers can request that no data be retained at all....

Why it matters: The 30-day retention limit with automatic deletion is a specific, time-bounded data handling commitment that is material for organizations with data minimization obligations under GDPR or other regulations....

View provision → Watch OpenAI →

OpenAI states that enterprise customers own both what they submit to the system and what the AI generates in response, to the extent permitted by OpenAI's terms....

Why it matters: The ownership assignment of AI-generated outputs is operationally significant for enterprise customers who may build products, services, or workflows on top of OpenAI-generated content, as it clarifies that OpenAI does not assert ongoing proprietary claims over those outputs....

View provision → Watch OpenAI →

The no-training default and other enterprise privacy protections described on this page apply only to paid business products. If you use the free consumer version of ChatGPT, different data handling rules apply....

Why it matters: The distinction between enterprise and consumer product data governance is operationally significant: employees or contractors who use personal free ChatGPT accounts for work tasks would not benefit from the enterprise data protections, potentially exposing organizational data to training data practices that the enterprise tier explicitly excludes....

View provision → Watch OpenAI →

Users are not permitted to attempt to disable or work around any of NVIDIA's built-in content filters or safety restrictions within its AI services....

Why it matters: This clause prohibits prompt injection, jailbreaking, or other technical methods designed to cause the AI to produce outputs that its safety controls would otherwise prevent, and violations constitute grounds for account termination....

View provision → Watch NVIDIA NIM →

NVIDIA can cut off your access to its AI services at any time without warning if it decides you have broken the rules or pose a risk, and this decision is entirely at NVIDIA's discretion....

Why it matters: The agreement reserves NVIDIA's right to act unilaterally and without advance notice, which creates operational continuity risk for enterprises and developers who have integrated NIM into production systems....

View provision → Watch NVIDIA NIM →

Users are prohibited from using NVIDIA's AI services to create content that breaks any applicable law, including defamatory, obscene, fraudulent, or copyright-infringing material....

Why it matters: This provision incorporates compliance with all applicable laws as a contractual obligation, meaning that any AI-generated output that violates law in the user's jurisdiction also constitutes a breach of these terms, creating dual exposure to both legal liability and account termination....

View provision → Watch NVIDIA NIM →

OpenAI states it uses an internal framework to assess whether its most powerful AI models pose catastrophic risks before releasing them to the public....

Why it matters: The framework governs whether high-capability AI models are deployed at all, which directly affects what AI capabilities users and developers can access and under what safety conditions those systems are made available....

View provision → Watch OpenAI →

OpenAI states that releasing AI models gradually and learning from actual public use is a core component of how it approaches safety, rather than waiting until systems are fully tested before any public deployment....

Why it matters: This methodology means that users of OpenAI products are, by design, part of the process by which the company identifies real-world safety issues; the document describes this as an intentional safety strategy rather than a limitation of pre-deployment testing....

View provision → Watch OpenAI →

If Pinecone adds a new subprocessor and a business customer objects, the customer has 15 days to raise a written objection. If Pinecone and the customer cannot resolve the dispute within 14 days, the customer's only option is to cancel the affected service subscriptions and receive a refund of unused prepaid amounts....

Why it matters: This clause limits Customer's contractual remedies on subprocessor disputes to termination with prepaid refund, foreclosing other remedies such as damages or injunctive relief. The 15-day objection window is operationally tight for organizations with complex procurement or legal review processes....

View provision → Watch Pinecone →

Pinecone is obligated to notify business customers of any security breach affecting their personal data, enabling those customers to fulfill their own regulatory breach notification obligations....

Why it matters: The DPA defines Security Incidents broadly to include accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to Customer Personal Data. Timely notification enables business customers to comply with their own GDPR Article 33 and Article 34 obligations, which have strict 72-hour supervisory authority notification deadlines....

View provision → Watch Pinecone →

Pinecone can change its security measures at any time as long as the overall security level does not materially decrease. Business customers have no approval right over these changes....

Why it matters: This clause permits Pinecone to alter its technical and organizational security measures unilaterally, subject only to a non-material-diminishment constraint. Business customers relying on specific security configurations for their own compliance frameworks may not receive advance notice of changes to individual security controls....

View provision → Watch Pinecone →

When personal data is transferred from the EU, UK, or Switzerland to countries without adequate data protection laws (such as the United States), Pinecone relies on Standard Contractual Clauses and the UK Addendum as the legal mechanism to authorize those transfers....

Why it matters: The incorporation of EU SCCs (Implementing Decision 2021/914) and the ICO UK Addendum provides the legal transfer mechanism for cross-border data flows from the EU, UK, and Switzerland to Pinecone's operations, which are based in the United States. Compliance with these transfer mechanisms requires that the relevant annexes be properly completed with data flow descriptions and security measures....

View provision → Watch Pinecone →

If an individual asks Pinecone about their personal data, Pinecone will forward that request to the business customer rather than responding directly. Business customers are responsible for handling all such requests themselves....

Why it matters: This clause establishes that data subjects seeking to exercise rights such as access, deletion, or correction under GDPR or CCPA must work through the business customer, not directly with Pinecone. Business customers must therefore have operational processes in place to handle these requests within regulatory deadlines....

View provision → Watch Pinecone →

Pinecone reserves the right to modify the DPA, with changes governed by the procedures described in Section 15 of the Agreement....

Why it matters: This clause reserves Pinecone's right to modify the DPA unilaterally, which may affect the data protection commitments business customers rely upon for their own regulatory compliance. The modification procedure in Section 15 governs how and when changes take effect....

View provision → Watch Pinecone →

You keep ownership of everything you put into Cody and everything Cody produces for you, but you are responsible for making sure the generated code does not violate any software licenses or copyright....

Why it matters: The terms assert user ownership of AI-generated outputs, which is a notable commitment, but the accompanying responsibility clause places compliance obligations for license and copyright adherence on the user rather than Sourcegraph....

View provision → Watch Sourcegraph Cody →

Sourcegraph and its AI partners will not use your code to train their AI models, unless you separately purchase a custom fine-tuning service....

Why it matters: This provision directly addresses a common concern with AI coding tools: whether proprietary code submitted to the service is used to improve models available to other users. The terms state this does not occur for Enterprise and Pro team users....

View provision → Watch Sourcegraph Cody →

The AI providers Sourcegraph works with are required not to store your prompts or the AI's responses after the response is generated....

Why it matters: This provision establishes that third-party LLM providers do not retain Customer Content, which is a material data protection commitment for enterprise users whose proprietary code is transmitted to those providers....

View provision → Watch Sourcegraph Cody →

Sourcegraph will cover you legally and financially if someone claims your use of Cody or its AI-generated outputs infringes their intellectual property, with no dollar limit if you are on a signed Order Form and use the latest version with Sourcegraph's filters....

Why it matters: Uncapped IP indemnification is a notable commitment for enterprise AI coding tools, as it addresses the risk that AI-generated code may reproduce copyrighted material. However, the uncapped protection is conditional on using the most current version and any filters provided by Sourcegraph....

View provision → Watch Sourcegraph Cody →

If you use Cody through Sourcegraph.com without an enterprise account, Sourcegraph collects your code queries, the AI prompts generated from them, and the AI's responses to improve the product, though not to train general AI models....

Why it matters: Non-enterprise Sourcegraph.com users are subject to broader data collection than enterprise users: their User Prompts, LLM Prompts, and Responses are collected for product improvement purposes, whereas Enterprise Cody users have their Customer Content used only to provide the service....

View provision → Watch Sourcegraph Cody →

Apple states that when your Apple Intelligence request is sent to the cloud, your data is used only to answer your request and is not stored afterward. Apple says this is enforced by technical design, not just by policy....

Why it matters: This provision states a direct commitment that user request data is not retained or accessible after processing, which is the primary privacy assurance underpinning Apple Intelligence cloud features....

View provision → Watch Apple Intelligence →

Apple states that its own employees and systems cannot access your data while it is being processed in the cloud, and that this is enforced by cryptography rather than internal policy alone....

Why it matters: This provision states that even compelled access by Apple employees is technically prevented, which is a materially specific claim about resistance to insider access and potentially to legal compulsion....

View provision → Watch Apple Intelligence →

Apple states that Apple Intelligence tries to handle your requests locally on your device first, and only sends data to the cloud when the device cannot handle the request, with the goal of minimizing the data sent to cloud servers....

Why it matters: The routing decision between on-device and cloud processing determines which data is subject to PCC's privacy architecture, and understanding this routing is material for users and organizations assessing the data exposure profile of Apple Intelligence....

View provision → Watch Apple Intelligence →

NVIDIA grants you a restricted license to use the software only for your own internal business purposes, and you cannot transfer, sublicense, or share this license with others....

Why it matters: The license is explicitly limited to internal use, meaning the agreement does not permit commercial redistribution, sublicensing, or building products for external sale without separate authorization from NVIDIA....

View provision → Watch NVIDIA NIM →

NVIDIA retains full ownership of the software and all associated intellectual property; you receive only a use license and cannot attempt to examine or replicate the underlying code....

Why it matters: The terms establish that no IP rights transfer to the licensee and prohibit reverse engineering, which affects organizations that need to audit, customize, or port the software for compliance or operational purposes....

View provision → Watch NVIDIA NIM →

NVIDIA limits its financial liability to you by excluding responsibility for indirect or consequential damages, such as lost profits, lost data, or business disruption, even if NVIDIA was aware such harm was possible....

Why it matters: The agreement excludes a broad range of damage categories that are often the most significant in enterprise AI deployment failures, including lost profits, data loss, and business interruption, which limits the practical financial recourse available to licensees....

View provision → Watch NVIDIA NIM →

If you violate any term of the agreement, your license ends automatically and you must immediately stop using the software and delete all copies....

Why it matters: Automatic termination without notice or cure period means that any breach, including inadvertent or minor violations, could immediately end access to NIM-dependent systems and require deletion of deployed software....

View provision → Watch NVIDIA NIM →

NVIDIA provides the software without any guarantees about its quality, fitness for purpose, or that it does not infringe on others' intellectual property rights....

Why it matters: The agreement provides no warranty that the software will function as expected, be fit for any particular enterprise purpose, or be free of IP infringement claims, transferring all performance and IP risk to the licensee....

View provision → Watch NVIDIA NIM →

Baseten collects personal identifiers including your name, email address, phone number, and physical address when you use its services, in addition to technical usage data generated by your activity....

Why it matters: The policy states that a broad range of personal identifiers may be collected, and the phrase 'may include, but is not limited to' means the listed categories are not exhaustive....

View provision → Watch Baseten →

Baseten automatically collects technical data about how you use the service, including your IP address, browser type, pages visited, time spent on pages, and unique device identifiers, without requiring any action from you....

Why it matters: The policy states that usage data is collected automatically, meaning this data collection occurs regardless of whether a user actively provides information, and includes device identifiers and behavioral browsing data....

View provision → Watch Baseten →

Baseten uses third-party companies to analyze how the service is used and may send you marketing emails, though you can unsubscribe from those emails using the link provided....

Why it matters: The policy authorizes sharing of personal data with third-party analytics providers and use of personal data for marketing purposes; the specific third parties are identified separately in the Detailed Information section, which is relevant for assessing the scope of data flows....

View provision → Watch Baseten →

If Baseten is sold, merged, or its assets are acquired by another company, your personal data may be transferred to the new entity, though Baseten states it will provide notice before this happens....

Why it matters: The policy authorizes transfer of personal data to a successor entity in a business transaction; while notice is promised, the policy does not specify how far in advance notice will be given or what rights users have to object or delete their data before the transfer....

View provision → Watch Baseten →

If you are a California resident, you have the right under the CCPA to request access to your data, request deletion, and opt out of the sale of your personal information, and Baseten must respond within one month....

Why it matters: The policy states that California residents can exercise rights to know, delete, and opt out of sale; the one-month response commitment is explicitly stated and provides a concrete timeline for users who submit requests....

View provision → Watch Baseten →

Baseten states it will not sell the personal data of users under 16 without affirmative opt-in consent from the minor (if aged 13 to 16) or their parent or guardian (if under 13)....

Why it matters: The policy establishes an opt-in requirement for sale of minors' personal information consistent with CCPA requirements, distinguishing between the 13 to 16 age group and children under 13, for whom parental consent is required....

View provision → Watch Baseten →

Baseten keeps your personal data for as long as needed for the purposes described in the policy, for legal compliance, resolving disputes, and enforcing its agreements, without specifying a fixed retention period....

Why it matters: The policy does not specify fixed retention periods for different categories of personal data, instead using purpose-based and legal-obligation criteria, which means users cannot determine from this document alone how long specific data types will be retained....

View provision → Watch Baseten →

Your personal data may be transferred to and processed in other countries where data protection laws may be different from those in your home country, and by accepting this policy you are stated to consent to that transfer....

Why it matters: The policy authorizes international data transfers and asserts that policy acceptance constitutes consent to such transfers; this approach may not satisfy GDPR requirements for lawful transfer mechanisms, which generally require Standard Contractual Clauses, adequacy decisions, or other specified safeguards rather than relying on broad consent through policy acceptance....

View provision → Watch Baseten →