Provisions Index

The policy discloses specific rights for California residents under CCPA and CPRA, including rights to know, delete, correct, opt out of sale or sharing, and non-discrimination, and establishes a mechanism for submitting such requests....

Why it matters: This provision establishes the procedural rights available to California residents regarding their personal information held by Ford, including an opt-out mechanism for data sale and sharing and a non-retaliation commitment, as required under CCPA and CPRA....

View provision → Watch Ford →

The policy discloses that Ford collects precise geolocation data from connected vehicles and mobile devices and classifies this data as sensitive personal information under applicable law....

Why it matters: This provision discloses collection of precise geolocation as a sensitive personal information category, which under CPRA and similar state laws may require specific consent mechanisms, disclosure obligations, and opt-out or opt-in rights distinct from general personal information....

View provision → Watch Ford →

The policy discloses that Ford uses cookies, web beacons, pixel tags, and other tracking technologies to collect browsing activity, device information, and interaction data from website and app users....

Why it matters: This provision establishes Ford's use of tracking technologies for collecting behavioral and device data, which is managed through a OneTrust consent management platform as evidenced in the document's technical implementation, creating consent management obligations under applicable state and potentially international privacy laws....

View provision → Watch Ford →

The policy discloses that Ford may collect audio recordings, visual images, biometric identifiers, and biometric information from consumers, subject to applicable law....

Why it matters: This provision discloses collection of biometric identifiers and biometric information, which are subject to heightened regulatory requirements under statutes such as the Illinois Biometric Information Privacy Act, Texas biometric privacy law, and Washington state biometric law, as well as classification as sensitive personal information under CPRA....

View provision → Watch Ford →

The policy authorizes Ford to share consumer personal information with Ford-authorized dealers for vehicle purchase, service, warranty, and marketing purposes....

Why it matters: This provision establishes that personal information, including contact details, vehicle data, and purchase history, may be shared with Ford's dealer network for both operational and marketing purposes, creating considerations around the scope of dealer data use and consumer opt-out rights....

View provision → Watch Ford →

The policy states that Ford's services are not directed to children under age 13 and that Ford does not knowingly collect personal information from children under 13, with a commitment to delete such data if discovered....

Why it matters: This provision establishes Ford's COPPA compliance posture by disclaiming intentional collection of personal information from children under 13 and committing to deletion if such data is inadvertently collected....

View provision → Watch Ford →

The agreement requires disputes between users and PayPal to be resolved through individual binding arbitration rather than court proceedings, and includes a waiver of participation in class action lawsuits....

Why it matters: This provision requires that users who do not opt out within 30 days of first accepting the agreement resolve all disputes with PayPal through JAMS or AAA arbitration on an individual basis, precluding class action participation. The enforceability of this clause for consumer financial services disputes may be subject to challenge under applicable state consumer protection statutes depending on jurisdiction....

View provision → Watch PayPal →

The agreement authorizes PayPal to hold funds in a limited or terminated account for up to 180 days to cover potential chargebacks, disputes, claims, fees, fines, and penalties....

Why it matters: This provision creates a significant liquidity risk for business users who rely on PayPal balances for operational cash flow, as the agreement reserves the right to withhold funds for up to 180 days following an account limitation or termination triggered by PayPal's assessment of risk or policy violation....

View provision → Watch PayPal →

By opening or converting to a business account, users consent to PayPal obtaining personal and business credit reports from credit reporting agencies at account opening and at any time PayPal determines there is an elevated risk level associated with the account....

Why it matters: This provision establishes ongoing consent for credit report pulls tied to PayPal's unilateral determination of elevated risk, without defining specific criteria for what constitutes an increased risk level, which creates indefinite authorization for credit inquiries during the life of a business account....

View provision → Watch PayPal →

The agreement authorizes PayPal to close an account or require account conversion if PayPal determines that account usage does not match the designated account type, based on PayPal's assessment of the transaction activity....

Why it matters: This provision reserves PayPal's right to close accounts or compel conversion based on its unilateral determination of account usage patterns, which creates a risk of service disruption for users whose payment activity spans personal and commercial transactions without advance notice requirements specified in all circumstances....

View provision → Watch PayPal →

The agreement limits PayPal's total liability to users to the greater of transaction fees paid in the prior 12 months or $500, regardless of the type or amount of damages claimed....

Why it matters: This provision caps PayPal's total financial liability per incident at a level that may be substantially lower than actual financial harm experienced by business users with significant transaction volumes, and the cap applies regardless of the nature of the claim or damages alleged....

View provision → Watch PayPal →

Users are required to defend, indemnify, and hold harmless PayPal and its affiliates, officers, employees, and agents from claims, damages, fines, penalties, and legal costs arising from the user's use of PayPal services, breach of the agreement, or PayPal's exercise of its rights under the agreement....

Why it matters: This provision creates a broad indemnification obligation that includes attorneys' fees and extends to claims arising from PayPal's own exercise of its contractual rights, which is an operationally distinct scope that could expose users to liability for costs associated with PayPal's enforcement actions against them....

View provision → Watch PayPal →

PayPal may modify the user agreement for business accounts with as little as 5 days advance notice, provided via posting on the Policy Updates page or other written means including email. Personal accounts receive at least 21 days advance notice of changes that reduce rights or increase responsibilities....

Why it matters: The agreement establishes a materially shorter advance notice period for business accounts (5 days) compared to personal accounts (21 days) for changes that reduce rights or increase responsibilities, which reduces the operational window for business account holders to assess and respond to material term changes....

View provision → Watch PayPal →

The agreement requires users to report unauthorized transactions or account access immediately and states that errors on personal account statements must be reported within 60 days, after which the agreement states that the ability to recover lost funds may be limited....

Why it matters: This provision establishes a 60-day reporting window for personal account statement errors and unauthorized transactions, after which the agreement states that fund recovery may not be available if PayPal can demonstrate that timely reporting would have prevented the loss. This timeline interacts with Regulation E error resolution rights for consumer accounts....

View provision → Watch PayPal →

The user agreement incorporates PayPal's Acceptable Use Policy by reference, and account holders agree to comply with it as a condition of account use; violations of the Acceptable Use Policy may result in account limitation, suspension, or termination....

Why it matters: The incorporation of the Acceptable Use Policy by reference means that users are contractually bound by a separate document governing permissible transaction types and activities, and violations of that policy can trigger account enforcement actions including limitation, fund holds, and termination....

View provision → Watch PayPal →

The policy states that content submitted by users to Jasper may be used to train and improve Jasper's AI models, in addition to providing and maintaining the service....

Why it matters: This provision establishes that user-submitted content, which may include proprietary business information, creative assets, or sensitive organizational data, is within scope for AI model training and improvement activities. Enterprise customers and compliance teams may need to evaluate whether this use is addressed in their Data Processing Agreements with Jasper....

View provision → Watch Jasper AI →

The policy authorizes sharing personal information with third-party vendors providing services including data analysis, marketing assistance, and advertising, with those third parties' own privacy policies governing their data practices....

Why it matters: This provision establishes that personal data including identifiers, usage activity, and device information may be disclosed to advertising and analytics third parties whose data handling is governed by their own policies rather than Jasper's, creating data flows that the policy does not fully describe....

View provision → Watch Jasper AI →

The policy discloses that California residents may exercise CCPA and CPRA rights including opt-out of data sale or sharing, access, deletion, correction, and non-discrimination, exercisable by contacting Jasper or using a designated request form....

Why it matters: This provision establishes the specific data rights Jasper recognizes for California residents and the mechanisms through which those rights may be exercised, including contact via privacy@jasper.ai and a web-based privacy request form....

View provision → Watch Jasper AI →

The policy states that users located in the EEA, UK, or Switzerland are entitled to data subject rights under GDPR and UK GDPR, including access, rectification, erasure, restriction, objection, and portability, exercisable by contacting Jasper....

Why it matters: This provision establishes the legal rights framework Jasper applies to EU, UK, and Swiss data subjects and the procedural mechanism for exercising those rights, which is operationally relevant for enterprise customers with European operations....

View provision → Watch Jasper AI →

The policy states that Jasper retains personal data for as long as necessary for the stated collection purposes and legal obligations, without specifying fixed retention periods for each data category....

Why it matters: This provision establishes a purpose-based retention standard without specifying defined retention timelines for different categories of personal data, which may present disclosure adequacy considerations under GDPR's data minimization and storage limitation principles....

View provision → Watch Jasper AI →

The policy authorizes disclosure of personal information to third parties in connection with corporate transactions including mergers, acquisitions, asset sales, and financing, including during the negotiation phase of such transactions....

Why it matters: This provision establishes that personal data including submitted content and user identifiers may be disclosed to prospective acquirers or transaction counterparties prior to any transaction closing, without specifying conditions or limitations on that disclosure....

View provision → Watch Jasper AI →

The policy states that Jasper's services are not directed to users under age 16 and that Jasper does not knowingly collect personal data from children under 16, with a stated commitment to delete such data if discovered....

Why it matters: This provision establishes the age threshold Jasper applies for child data restrictions at 16 rather than the COPPA threshold of 13, which creates a broader stated restriction aligned with GDPR's Article 8 requirements for children's consent in several EU member states....

View provision → Watch Jasper AI →

The policy states that Jasper and its third-party partners use cookies, web beacons, pixel tags, and similar tracking technologies to collect browsing activity, device identifiers, and advertising interaction data from users....

Why it matters: This provision establishes that tracking data is collected both by Jasper directly and by third-party partners through the platform, with the data uses extending to advertising interactions, which is relevant to consent requirements under ePrivacy and GDPR for EU users....

View provision → Watch Jasper AI →

Developers grant Perplexity a royalty-free, worldwide license to use content submitted to the API, including prompts and generated outputs, for operating and improving its services. This license applies to any content transmitted through API calls....

Why it matters: This provision authorizes Perplexity to use developer-submitted inputs and AI-generated outputs beyond the scope of fulfilling the immediate API request, including for model training and service development purposes. Developers transmitting sensitive, proprietary, or personal data through the API should evaluate whether this license scope is consistent with their own data governance obligations and user-facing privacy commitments....

View provision → Watch Perplexity AI →

Perplexity's maximum financial liability to a developer for any claim is capped at the total fees the developer paid to Perplexity in the twelve months before the event that caused the loss. This applies regardless of the type or magnitude of the loss....

Why it matters: This provision establishes a financial ceiling on Perplexity's liability that is calibrated to historical API spend, which may be substantially lower than the business losses a developer could incur from API failures, data incidents, or service interruptions. This cap directly affects risk transfer analysis for enterprises building revenue-generating or operationally critical applications on the API....

View provision → Watch Perplexity AI →

Perplexity reserves the right to suspend or terminate a developer's API access at any time, without cause and without prior notice, based solely on its own judgment. No minimum notice period or procedural requirement is specified....

Why it matters: This provision establishes that API access is not guaranteed for any duration and may be revoked without warning, creating operational continuity risk for applications and services built on the Perplexity API. Developers with production systems dependent on API availability have no contractual protection against abrupt access termination....

View provision → Watch Perplexity AI →

Developers are required to defend Perplexity and its affiliates against third-party claims arising from the developer's use of the API, violations of the terms, or violations of third-party rights. This obligation includes covering Perplexity's legal fees and any resulting damages....

Why it matters: This provision requires developers to absorb legal costs and liability arising from claims connected to their API use, including claims from third parties affected by the developer's application. The obligation covers attorneys' fees, which can be substantial even in cases that are ultimately resolved without a damages award....

View provision → Watch Perplexity AI →

The terms prohibit use of the API for illegal activity, IP infringement, generation of harmful or deceptive content, and actions that could impair Perplexity's infrastructure. Violation of these restrictions may trigger suspension or termination under the unilateral termination clause....

Why it matters: This provision establishes the operational boundaries for permissible API use and defines the conduct categories that may trigger enforcement action, including access suspension or termination. The prohibition on harmful content generation and deceptive practices is relevant to developers building consumer-facing applications powered by the API....

View provision → Watch Perplexity AI →

Perplexity retains full ownership of the API, underlying AI models, and associated technology. Developers receive only the access rights expressly granted by the agreement and acquire no ownership interest in the API or its components....

Why it matters: This provision establishes that developer integration of the Perplexity API does not create any ownership or license rights beyond those explicitly granted, meaning that Perplexity retains full control over the API's capabilities, pricing, availability, and terms of access at all times....

View provision → Watch Perplexity AI →

The agreement is governed by California law, and disputes must be litigated in state or federal courts in San Francisco County. No arbitration clause or class action waiver is specified in the document text reviewed....

Why it matters: This provision requires developers outside California to litigate disputes in San Francisco County courts, which may create geographic and logistical burdens for international or non-California-based developers. The governing law designation determines which jurisdiction's consumer, contract, and data protection law applies to interpretation of the agreement....

View provision → Watch Perplexity AI →

Individual plan users are subject to data retention by default, meaning code snippets and usage data may be stored unless the user actively enables zero-data retention mode via their profile page. Teams and Enterprise plans receive zero-data retention as a default....

Why it matters: This provision establishes a materially different default data protection posture for individual users compared to organizational plan users, requiring individual users to take an affirmative opt-in action to prevent retention of code snippets and interaction data. Compliance teams assessing GDPR or CCPA obligations for individual developer users should evaluate whether this opt-in structure satisfies applicable data minimization and consent requirements....

View provision → Watch Windsurf →

The Bing API receives query data derived from user inputs, conversation history, and potentially code data as part of web search functionality. Unlike other inference providers, Windsurf does not have a zero-data retention agreement with Bing, and this integration must be explicitly enabled by Team or Enterprise administrators....

Why it matters: This provision identifies a specific subprocessor relationship where code-derived data is transmitted to a third party without the zero-data retention agreement that applies to other inference providers. Enterprise compliance teams should assess the Bing API data flow against their data classification policies and third-party risk frameworks before enabling this feature....

View provision → Watch Windsurf →

The document discloses that OpenAI, Anthropic, and Google Cloud Vertex models may be used for background processing tasks such as summarization regardless of which model the user has selected for their primary AI interactions. Enterprise administrators can disable specific providers at the organizational level....

Why it matters: This provision establishes that user model selection does not fully constrain which inference providers receive code-derived data, as background tasks may route data to additional providers. Enterprise administrators have controls to disable specific providers, but individual users do not appear to have equivalent granular controls outside of zero-data retention mode....

View provision → Watch Windsurf →

The document asserts that users own code generated by Windsurf products to the extent permitted by law, and discloses that attribution filtering is applied to intercept generated code similar to non-permissively licensed code before it is shown to users. The document also acknowledges limitations in making representations about third-party model training data....

Why it matters: This provision establishes the scope of the ownership assertion and the technical mechanism used to reduce non-permissive license exposure, while acknowledging that representations cannot be made about third-party model training data. Enterprise customers are offered indemnity clauses as a complementary contractual protection for compliance purposes....

View provision → Watch Windsurf →

The document provides a comprehensive list of subprocessors, identifying for each whether they see code data and under what conditions. Multiple infrastructure and analytics providers including GCP, Crusoe, Modal, Oracle Cloud, and dashboard tools including Retool, Raindrop, Metabase, and Tableau may access code data for individual users not on zero-data retention mode....

Why it matters: This provision discloses the full subprocessor chain and the conditions under which each provider may access code-derived data, enabling enterprise compliance teams to conduct third-party risk assessments and verify alignment with their vendor approval requirements. The disclosure that multiple analytics dashboard tools may expose code logs for users not on zero-data retention mode is operationally significant for individual user data governance....

View provision → Watch Windsurf →

The document discloses that Windsurf makes background requests to its servers without user-triggered input events, for the purposes of building context, understanding developer intent, and scanning for potential next steps. Embedding computation requests are also made proactively to process existing codebases....

Why it matters: This provision establishes that data transmission to Windsurf servers occurs continuously during IDE use, not only in response to explicit user actions. Compliance teams assessing network traffic, data minimization, and consent requirements should account for this continuous background data transmission in their assessments....

View provision → Watch Windsurf →

The document discloses account deletion and zero-data retention mechanisms, distinguishing between default protections for enterprise and teams users versus opt-in protections for individual users. The document includes a dedicated section on account deletion linked from the table of contents, though the full text of that section was not available in the provided document excerpt....

Why it matters: This provision establishes the data deletion and retention framework that governs how long and under what conditions user data including code snippets is retained or purged. The opt-in structure for individual users creates a material difference in the default data lifecycle applicable to different user categories....

View provision → Watch Windsurf →

The policy states that RunPod collects account identifiers (name, email, password), billing and payment information, and user communications directly provided by users during account creation and platform use....

Why it matters: This provision defines the baseline categories of personal data that RunPod collects and processes, which establishes the scope of data subject rights requests and the perimeter of any applicable data processing agreements between RunPod and its enterprise customers....

View provision → Watch RunPod →

The policy states that RunPod automatically collects IP addresses, browser type, pages visited, timestamps, device information, and platform interaction data without requiring affirmative user input....

Why it matters: This provision authorizes passive collection of IP addresses, browsing activity within the platform, and device identifiers, which are categories of personal data subject to GDPR and CCPA protections and may require disclosure in cookie consent frameworks....

View provision → Watch RunPod →

The policy authorizes sharing of personal information with third-party vendors providing payment processing, data analysis, email delivery, hosting, customer service, and marketing services on RunPod's behalf....

Why it matters: This provision establishes that personal data flows to multiple categories of third-party service providers, requiring RunPod to maintain data processing agreements with each and potentially triggering sub-processor notification obligations for enterprise customers under their own data processing agreements with RunPod....

View provision → Watch RunPod →

The policy reserves the right to share or transfer user personal data to acquiring entities or counterparties during or in connection with mergers, asset sales, financing transactions, or acquisitions involving RunPod....

Why it matters: This provision permits transfer of user personal data to third parties as part of corporate transactions, including during the negotiation phase prior to transaction completion, which may occur without direct user notification depending on the transaction structure....

View provision → Watch RunPod →

The policy acknowledges GDPR data subject rights for EU/EEA users, including access, correction, deletion, objection to processing, restriction of processing, and data portability, exercisable by contacting RunPod directly....

Why it matters: This provision establishes that RunPod asserts GDPR compliance obligations for EU/EEA users and commits to honoring the full range of GDPR data subject rights, which creates enforceable obligations under EU law and may be subject to supervisory authority review....

View provision → Watch RunPod →

The policy acknowledges CCPA rights for California residents, including the right to know about data collection and use, the right to request deletion, and the right to opt out of sale of personal information....

Why it matters: This provision creates enforceable CCPA obligations for California residents and requires RunPod to maintain operationally functional opt-out and deletion mechanisms, subject to enforcement by the California Privacy Protection Agency....

View provision → Watch RunPod →

The policy authorizes use of personal information to send promotional communications about RunPod products, services, events, and partner offerings, and provides an opt-out mechanism via unsubscribe links or email to privacy@runpod.io....

Why it matters: This provision authorizes marketing communications that may include partner offerings, extending the use of personal data beyond RunPod's own services, and provides a stated opt-out mechanism that users can exercise at any time....

View provision → Watch RunPod →

The policy states that personal data is retained for as long as necessary to fulfill the stated processing purposes, with retention extended where required or permitted by applicable law, but does not specify defined retention periods for individual data categories....

Why it matters: This provision establishes an open-ended, purpose-based retention standard without specifying retention schedules for individual data categories such as billing records, usage logs, or account identifiers, which may require supplementation to satisfy GDPR data minimization and storage limitation principles....

View provision → Watch RunPod →

The policy states that RunPod may update the privacy policy at any time and will notify users by posting the revised policy on its website, without committing to direct user notification such as email for material changes....

Why it matters: This provision permits policy changes to take effect upon posting without requiring direct outbound notification to users, which may create a practical gap in user awareness of material changes to data processing terms and may require evaluation under GDPR requirements for transparent communication of changes....

View provision → Watch RunPod →

The page source contains Google Tag Manager (GTM-NXVXDK) deployed as an active script on the Writer Trust page, enabling third-party tag and tracking technology execution. No visible consent mechanism or tracking disclosure appears in the rendered page content provided....

Why it matters: Google Tag Manager deployment on a public-facing web page enables loading of additional tracking, analytics, and advertising tags, which may involve collection of visitor identifiers, browsing behavior, and device information. The absence of a visible consent interface or tracking disclosure in the document as provided may require evaluation under applicable privacy regulations for EU/EEA and California visitors....

View provision → Watch Writer →

The page states that Writer's platform is designed to meet enterprise security, privacy, and compliance requirements, presenting this as a trust assurance to prospective and current enterprise customers....

Why it matters: This provision constitutes a public-facing compliance representation made by Writer, Inc. to enterprise customers. The specific frameworks, certifications, and audit mechanisms underlying this claim are not disclosed in the document text provided, as the page was truncated before substantive content appeared....

View provision → Watch Writer →

The page source includes HubSpot analytics tracking code that identifies the page as a standard page and transmits page interaction data to HubSpot's platform. No visible disclosure of this tracking appears in the rendered document content provided....

Why it matters: HubSpot tracking on this page may involve collection of visitor identifiers, IP addresses, and behavioral data transmitted to HubSpot as a third-party processor. For an enterprise AI platform's Trust page, the presence of undisclosed third-party behavioral tracking requires evaluation under applicable privacy regulations....

View provision → Watch Writer →

The agreement contains a binding arbitration provision and a class action waiver, disclosed prominently in the notice section, requiring users to resolve disputes through individual arbitration rather than court proceedings or class actions....

Why it matters: This provision establishes that disputes arising under the agreement must proceed through individual binding arbitration, which precludes class or representative proceedings. The enforceability of class action waivers and arbitration clauses in consumer contracts varies by jurisdiction; California courts and certain other jurisdictions have applied heightened scrutiny to such provisions in consumer-facing agreements....

View provision → Watch Uniswap →