Provisions Index

Stash states that anonymized or aggregated customer data is not covered by this Privacy Policy and may be used for any business purpose, including marketing, analytics, and detecting security threats....

Why it matters: Once Stash anonymizes your data, it can be used or shared without restriction — and there is no guarantee that anonymized data cannot be re-identified in combination with other datasets....

Stash collects government-issued identification documents and self-portrait photographs ('Selfies') for identity verification purposes as required by federal and industry regulations....

Why it matters: Biometric-adjacent data such as facial images used for identity matching may be subject to state biometric privacy laws (e.g., Illinois BIPA) and creates long-term data retention concerns....

Stash collects your precise and approximate geolocation data, device identifiers, IP addresses, browser type, clickstream data, and behavioral information about how you use the app and website....

Why it matters: Beyond your financial data, Stash tracks where you are and how you behave digitally, building a detailed profile that may be used for marketing or shared with third parties....

Stash retains your personal information for as long as your account is active and for a period after your account is closed, as required by law or for legitimate business purposes....

Why it matters: Closing your Stash account does not immediately result in deletion of your personal data — Stash can retain your sensitive financial information for extended periods after you leave....

You agree to pay Stash's legal costs and damages if Stash faces any claims, lawsuits, or losses arising from your use of the platform, your violation of the Terms, or your violation of anyone else's rights....

Why it matters: This means users could be personally liable for Stash's legal fees and costs in situations arising from the user's conduct on the platform, which can be financially significant....

By using Stash, you consent to receive all communications — including legally required disclosures, account notices, and agreements — electronically via email, app notifications, or website posting....

Why it matters: This means important notices about your account, fees, or legal rights may be delivered only through electronic channels, and you are responsible for checking these channels regularly....

By creating an account, you agree to let Stash share your personal information — including your name, address, phone number, email, and billing details — with third parties to verify your identity and process payments....

Why it matters: Your personal and financial information will be shared with external parties as part of normal account operation, and the scope of these third parties and their data handling practices may not be fully specified in the Terms....

These Terms are governed by the laws of New York State, and any disputes not subject to arbitration must be brought in courts located in New York....

Why it matters: If you live outside New York and need to pursue a legal claim against Stash outside of arbitration, you may be required to do so under New York law and potentially in New York courts, which adds cost and complexity for non-New York residents....

YouTube Kids will not show your child ads that are targeted based on their personal interests or browsing behavior across apps and websites. Only contextual ads (relevant to the content being watched) with frequency capping are permitted....

Why it matters: This is a critical child safety protection, as interest-based ad profiling of minors raises significant legal and ethical concerns under COPPA and GDPR....

When your child uses voice search, the app briefly records their voice to process the query, then immediately deletes the audio recording....

Why it matters: Voice data from children is among the most sensitive categories of biometric-adjacent data; parents should know it is collected even briefly and understand they are trusting Google's deletion claim without independent verification....

YouTube Kids may share your child's individual data with outside companies or organizations, but only when a parent has given consent....

Why it matters: While parental consent is required, the policy does not specify what types of third parties may receive data or what they are permitted to do with it, leaving parents without full visibility into downstream data use....

YouTube Kids may share your child's data with outside parties without parental consent if required by law, a government request, to enforce its terms, or to protect safety and security....

Why it matters: Government or legal access to children's data can occur without a parent's knowledge or consent, which is a standard but important exception that parents should understand....

OpenAI evaluates its own models against safety thresholds it designed itself, using internal teams and selected external red teamers, without mandatory independent third-party auditing before deployment....

Why it matters: The entire safety assurance framework governing GPT-4o's release is self-administered, meaning there is no independent verification that OpenAI's risk ratings or mitigations are accurate or sufficient....

Businesses using the GPT-4o API can turn certain safety features on or off within limits set by OpenAI, including enabling more explicit content, adjusting safe messaging guidelines, and modifying default refusals for specific use cases....

Why it matters: This means that when you interact with a GPT-4o-powered application, the safety settings you experience may be significantly different from ChatGPT's defaults — the business operating that app may have disabled certain protections without informing you....

OpenAI discloses that GPT-4o's consistent personality and values can be undermined by certain types of user prompting, meaning adversarial users may be able to get the model to behave in ways contrary to its intended safety guidelines....

Why it matters: This is a direct acknowledgment that GPT-4o's safety behaviors are not fully robust to manipulation, which has implications for any deployment context where the model may encounter adversarial users — including minors, bad actors, or sophisticated prompt engineers....

OpenAI assessed whether GPT-4o provides meaningful assistance to people trying to carry out cyberattacks and concluded that existing mitigations are sufficient to keep this risk at an acceptable level for deployment....

Why it matters: GPT-4o's ability to assist with code generation, vulnerability analysis, and technical problem-solving means it has inherent dual-use cybersecurity potential that OpenAI acknowledges but has decided is adequately mitigated through refusals and classifiers....

OpenAI shares your personal data with a wide range of outside companies — including analytics providers, marketing vendors, and cloud hosting services — as well as with OpenAI affiliates....

Why it matters: Sharing data with marketing and analytics vendors creates risk that your data will be used for targeted advertising or profiling beyond what you agreed to when you signed up for ChatGPT....

OpenAI keeps your personal data for as long as it needs to run its services and meet legal requirements, without specifying exact timeframes for most data types....

Why it matters: Vague retention terms mean OpenAI could retain your conversation history and personal data indefinitely, with no clear deadline for deletion....

Depending on where you live, you have legal rights to see, correct, delete, or move your personal data — and you can exercise most of these rights at privacy.openai.com....

Why it matters: These rights are legally enforceable in California, the EU, and many other states, meaning OpenAI must respond to your requests within legally mandated timeframes or face regulatory consequences....

If OpenAI is sold, merged, or acquired, your personal data may be transferred to the new owner as part of that deal....

Why it matters: A new owner acquiring OpenAI could have different privacy practices or business models, and your data would automatically transfer without your explicit consent....

OpenAI takes steps to protect your data from hackers and unauthorized access, but cannot guarantee your data will never be compromised....

Why it matters: The disclaimer that security cannot be guaranteed means that in the event of a data breach, OpenAI's liability may be limited, and sensitive conversation data could be exposed....

OpenAI can change its privacy policy at any time, and may only notify you by updating the date on the webpage — without sending you a direct email or in-app alert for every change....

Why it matters: Material changes to data practices could occur with only a website date-change notice, meaning many users will not be aware of significant shifts in how their data is collected or used....

Parents control who their child can message on Messenger Kids by managing an approved contact list through the parent's Facebook account....

Why it matters: This is a key child safety mechanism — parents can prevent their child from being contacted by strangers or unknown individuals on the platform....

Meta reserves the right to suspend or terminate a child's Messenger Kids account at any time, for any reason, including violations of its terms....

Why it matters: Meta can shut down your child's account without notice, which means access to the service is not guaranteed and any content or conversations stored may become inaccessible....

Meta limits its legal responsibility for damages arising from use of Messenger Kids, meaning parents may have limited recourse if something goes wrong on the platform....

Why it matters: If your child is harmed through the service — for example, through exposure to inappropriate content or a data breach — Meta's financial liability to your family may be significantly capped or excluded....

The Messenger Kids Terms of Service incorporate Meta's broader Privacy Policy by reference, meaning the full privacy policy also governs how your child's data is handled....

Why it matters: By agreeing to the Messenger Kids terms, parents are also agreeing to a separate, lengthy privacy policy that contains additional data collection and sharing provisions they may not have read....

OpenAI can change its rules at any time; for important changes they'll send you an email or in-app notice, and if you keep using the service after that, you automatically agree to the new rules....

Why it matters: This means OpenAI can significantly alter what rights you have, what data they collect, or what you're allowed to do, and simply continuing to use ChatGPT counts as your legal agreement — you must actively stop using the service to avoid being bound by new terms....

OpenAI can suspend or permanently close your account at any time, for violating their rules, for legal reasons, or simply if they decide it's in their interest — and they don't always have to tell you why....

Why it matters: If you rely on ChatGPT for work or creative projects, your account — and all associated data and customizations — could be terminated with limited notice and no guaranteed right of appeal, leaving you without recourse....

Any legal disputes with OpenAI that aren't covered by the arbitration clause will be handled exclusively by courts in San Francisco, California, under California law — even if you live in another country....

Why it matters: Non-US users who are not covered by the arbitration clause may still be required to litigate in California courts under California law, which creates a significant practical barrier to seeking legal remedies abroad....

Users and operators cannot use OpenAI tools to interfere with humans' ability to monitor, correct, or shut down AI systems....

Why it matters: This clause is unusual in the industry and reflects OpenAI's specific safety philosophy — it creates enforceable obligations around AI governance and model safety that go beyond typical content moderation policies....

OpenAI can suspend or terminate your account if it determines you have violated the usage policy, and while there is an appeals process, OpenAI retains ultimate enforcement discretion....

Why it matters: For businesses and developers relying on API access, unilateral termination without detailed advance notice or procedural guarantees creates significant business continuity risk....

OpenAI's tools cannot be used to create content designed to manipulate elections, spread political propaganda, or run coordinated influence operations....

Why it matters: With AI-generated content increasingly implicated in election interference, this clause reflects OpenAI's attempt to limit liability and comply with emerging electoral integrity regulations globally....

Users can request that OpenAI delete their personal data, including conversation history, subject to certain legal and operational exceptions....

Why it matters: Knowing you can request deletion of your data — and understanding the exceptions — is critical for managing your privacy footprint with an AI company that retains extensive interaction data....

OpenAI transfers personal data internationally, including from the EU and UK to the United States, using legal mechanisms such as Standard Contractual Clauses....

Why it matters: If you are based in the EU or UK, your personal data may be sent to the US where privacy protections differ, and understanding the safeguards in place is important for assessing your privacy risk....

Users in the European Union have additional rights under GDPR including the right to object to processing, restrict processing, and lodge complaints with a supervisory authority....

Why it matters: EU users have stronger legal protections than users in other regions, including the ability to challenge how OpenAI uses their data and to escalate complaints to national data protection authorities....

California residents have specific rights under the CCPA/CPRA including the right to know what data is collected, opt out of data sale or sharing, and request deletion....

Why it matters: California residents have some of the strongest consumer data rights in the US, and OpenAI is obligated to honor these rights including responding to opt-out requests within legally required timeframes....

OpenAI retains personal data for as long as necessary to provide services, comply with legal obligations, and improve its models, with specific retention periods varying by data type....

Why it matters: OpenAI may hold your personal data — including conversations — for extended periods, meaning information shared years ago could still be on file unless you actively request deletion....

OpenAI may share your personal data with law enforcement, government agencies, or other parties when required by law or to protect safety and prevent harm....

Why it matters: Your conversation data and personal information could be disclosed to authorities without your knowledge in response to legal requests, which is important to understand before sharing sensitive topics....

When you agree to OpenAI's Terms of Use, you are also automatically agreeing to several other separate documents — including the Privacy Policy and Usage Policies — even if you haven't read them....

Why it matters: Incorporating multiple separate policy documents by reference means the full scope of your legal obligations and OpenAI's data rights are spread across at least four distinct documents, making it practically difficult for consumers to understand the complete terms of their agreement....

If you live in the European Union, a different and separate set of terms applies to you — not these ones — and those EU terms include additional legal rights that consumers outside the EU do not receive....

Why it matters: This provision creates a two-tier system where EU residents receive stronger legal protections under GDPR-compliant terms, while consumers in other regions (including the US, UK, and rest of world) are subject to terms with fewer mandatory protections — a disparity that is legally permissible but di...

OpenAI has a separate list of prohibited uses — called the Usage Policies — that you agree to follow, and you cannot use ChatGPT to break laws, copy others' work, create harmful content, or try to bypass the safety features built into the AI....

Why it matters: Violating these prohibitions can result in immediate account suspension or termination without notice, and OpenAI retains broad discretion to determine what constitutes a violation, meaning users risk losing access to paid services without clear recourse....

Your Claude Pro subscription automatically renews and your payment method is charged at the end of each billing period unless you cancel at least 24 hours before the renewal date....

Why it matters: If you forget to cancel in time, you will be charged for another full subscription period and will generally not receive a refund....

You agree to compensate Anthropic for any costs, losses, or legal claims it faces as a result of your use of the services, your content, or your violation of the terms....

Why it matters: If someone sues Anthropic because of something you did or submitted using Claude, you are legally responsible for covering Anthropic's legal costs and any damages....

Anthropic can suspend or terminate your account at any time, with or without notice, if it believes you have violated the terms or for any other reason....

Why it matters: You could lose access to Claude and any paid subscription without warning or refund if Anthropic decides to terminate your account....

Almost all payments to Anthropic are non-refundable, except where required by law or expressly provided in the terms....

Why it matters: If you are dissatisfied with the service, experience technical issues, or have your account terminated, you will generally not get your money back....

You must be at least 18 years old, or the minimum age of digital consent in your country, whichever is higher, to use Anthropic's services....

Why it matters: Minors are prohibited from using Claude.ai and Claude Pro, and parents or guardians should be aware that the services are not designed or permitted for children....

Anthropic assigns to you any rights it may have in the AI-generated outputs (responses) from Claude, subject to your compliance with the terms....

Why it matters: You own the AI-generated content Claude produces for you, but this ownership is conditional on following Anthropic's rules — and Anthropic makes no guarantees that outputs are unique or free from third-party IP claims....

Parents and guardians can request to review, delete, or prevent further collection of their child's personal information, and Roblox recommends parental supervision of children using the platform....

Why it matters: Parents have legally enforceable rights under COPPA to control their child's data on Roblox, but they must actively exercise these rights by contacting Roblox....

Roblox uses cookies and similar tracking technologies on its website and services to collect data about your browsing behavior, device, and interactions for analytics and advertising purposes....

Why it matters: Cookies allow Roblox and its partners to track your activity across sessions and potentially across the web, which affects your privacy and the ads you see....

If you live in the EU, EEA, UK, or Switzerland, you have specific rights including accessing, correcting, deleting, or restricting your personal data, and you can contact Roblox's designated EU/UK representatives....

Why it matters: EU and UK users have stronger legal rights over their personal data than users in most other jurisdictions, and Roblox is obligated to respond to these requests....