Provisions Index

If Poshmark is acquired, merges with another company, or sells its assets, your personal data may be transferred to the new owner as part of that transaction — even if that company has different privacy practices....

Why it matters: Your personal data could end up with a company you have never interacted with and whose privacy practices you have not agreed to, potentially resulting in materially different data use than what Poshmark disclosed to you....

Poshmark states it does not knowingly collect personal information from children under 13, but the platform is accessible without strict age verification, and users between 13-18 are subject to the general privacy policy....

Why it matters: Without robust age verification, minors may use the platform and have their data collected and shared with advertisers in ways that COPPA prohibits for under-13 users and that raise concerns for teens under state privacy laws....

Poshmark uses cookies, web beacons, pixel tags, and similar tracking technologies on its platform and through third-party advertising networks to track your behavior across the internet and deliver targeted advertising....

Why it matters: These tracking tools allow Poshmark and its advertising partners to build a detailed profile of your online activity — both on and off Poshmark — and use it to target you with ads, which you can partially control through browser settings or platform opt-outs....

California residents have specific rights under state law to know what personal data Poshmark collects, to delete their data, to correct inaccurate data, to opt out of data sale/sharing, and to limit the use of sensitive personal information....

Why it matters: These are legally enforceable rights — Poshmark cannot discriminate against you for exercising them — and they give California users more control over their personal data than users in most other U.S. states....

Microsoft states that it uses personal data, including content you create and interact with, to train and improve its AI-powered products and features such as Copilot....

Why it matters: Your personal data — including things you type, say, or create — may be used to improve Microsoft's AI systems, often without a clear opt-out mechanism surfaced at the point of collection....

Microsoft collects voice data when you use voice-enabled features like Xbox voice commands or Cortana, and may use this data to improve speech recognition services....

Why it matters: Voice data is biometric-adjacent and is subject to strict state laws in Illinois (BIPA) and Texas (CUBI) that require written consent before collection and provide private rights of action....

Microsoft shares personal data across its family of products and subsidiaries, meaning data collected from Xbox may be combined with data from Windows, Bing, LinkedIn, or other Microsoft services....

Why it matters: Data you generate on Xbox may be linked to your identity across Microsoft's entire ecosystem — including search history, professional profile, and productivity data — creating a far more comprehensive profile than users may expect from a gaming platform....

Microsoft states that it requires parental consent for children under 13 to use Xbox services, and parents can manage their child's privacy settings and data through Microsoft Family Safety....

Why it matters: Children under 13 are a protected class under COPPA, and if Microsoft's parental consent mechanisms are insufficient or if data collection from child accounts exceeds what is permitted, both Microsoft and parents face legal exposure, and children's data may be at risk....

Microsoft uses personal data including browsing activity, purchase history, and inferences about your interests to serve you personalized advertisements across Microsoft products and partner sites, and provides an opt-out option....

Why it matters: Personalized advertising based on your gaming, browsing, and purchase history means Microsoft is monetizing your behavioral profile — but you can opt out of interest-based ads through your privacy settings....

Microsoft retains personal data for as long as necessary to provide its services, comply with legal obligations, resolve disputes, and enforce its agreements — meaning data may be kept indefinitely in some cases....

Why it matters: Open-ended data retention tied to business purposes rather than specific collection purposes means your gaming history, voice data, and behavioral profiles may be stored for years beyond your active use of Xbox services....

Microsoft states that users can access, correct, delete, and export their personal data through the Microsoft Privacy Dashboard, and that these rights may vary depending on where you live....

Why it matters: Your ability to control your personal data — including data generated from Xbox gaming — depends on which country you live in, and the mechanisms to exercise these rights require navigating Microsoft's online dashboard....

Microsoft collects location data from your devices, including precise GPS location when you grant permission, and uses this data to provide location-based services and improve its products....

Why it matters: Precise location data is among the most sensitive categories of personal information, and its collection — even with permission — creates risks if retained long-term or combined with other data to infer sensitive information such as health conditions or religious practices....

When voice reporting is enabled in a voice channel, snippets of your voice chat are stored on your device and the devices of other participants. If someone reports a policy violation, those snippets may be sent to Epic for review....

Why it matters: Users may not realize their voice is being recorded in snippets and that a third party reporting them can trigger transmission of audio to Epic, raising serious concerns about audio surveillance and wiretapping laws....

If you use the MetaHuman feature to create in-game characters, Epic collects images of your face to generate a face mesh. Epic states this is solely to provide the requested functionality and not to identify you....

Why it matters: Facial images are biometric data under several laws including Illinois BIPA and GDPR Article 9, and collection of such data — even with a stated limited purpose — creates significant legal exposure and requires explicit consent in many jurisdictions....

Users who indicate they are children are placed in a 'Cabined Account' with restricted features and limited data collection until a parent provides consent for a full account, verified through Epic's subsidiary Kids Web Services (KWS)....

Why it matters: The use of an Epic subsidiary (KWS) to conduct parental verification for COPPA purposes raises questions about the independence and adequacy of the consent mechanism, and the upgrade pathway from Cabined to full account significantly expands data collection....

Epic shares your personal data with third-party advertising partners to promote the Epic Services, manage advertising, and conduct analytics. This includes data collected automatically such as IP address, device ID, and usage behavior....

Why it matters: Sharing behavioral and device-level data with third-party advertisers is one of the broadest forms of data disclosure in this policy, and under CCPA it may constitute a 'sale' or 'sharing' of personal information requiring an opt-out mechanism....

When you link your Epic account to third-party platforms like PlayStation, Xbox, Facebook, or Steam, Epic receives personal data from those platforms including your display name, user ID, device information, and in some cases your name and email address....

Why it matters: Linking accounts triggers automatic data sharing from third-party platforms to Epic that many users may not anticipate, and the combined data profile this creates is significantly richer than what users provide directly to Epic....

When you use AI-powered features like the Epic Developer Assistant, Epic collects your inputs — which may include information that identifies you — and uses them to generate outputs....

Why it matters: User inputs to AI features may contain sensitive personal information, and the policy does not specify how long input data is retained, whether it is used to train AI models, or whether it is shared with third-party AI providers....

Epic provides users with rights to access, correct, delete, and export their personal data, and to object to or restrict certain processing. These rights are exercisable via account settings or by contacting Epic directly....

Why it matters: The availability and ease of exercising these rights varies by jurisdiction, and users in non-EU/UK regions may find their rights more limited; the policy directs users to contact Epic but does not specify legally mandated response timeframes....

Epic automatically collects usage data, device information, and general location (via IP address) using cookies, log files, and web beacons whenever you visit or use the Epic Services, including for advertising purposes....

Why it matters: Broad automatic tracking across all Epic Services for advertising and analytics purposes is subject to cookie consent requirements in the EU and UK, and users may not be aware of the extent of passive data collection occurring during gameplay or browsing....

When you make a purchase on the Epic Games Store, Epic may collect your credit card number, expiration date, name, and region information to complete the transaction, depending on the payment method used....

Why it matters: Collection and storage of payment card data implicates Payment Card Industry Data Security Standards (PCI DSS) and creates financial fraud risk for users if the data is not adequately secured....

By default, Google saves every conversation you have with Gemini for 18 months, even if you later delete your account. This is automatic unless you manually turn it off....

Why it matters: An 18-month retention window means your AI conversations — which may include sensitive personal, medical, or financial details — are stored far longer than most users would expect, and persist even after account deletion....

Google employees and contractors can read samples of your Gemini conversations to improve the AI. While Google says it tries to separate your name from the conversation, human beings can still see what you typed....

Why it matters: Most users assume AI chat conversations are only processed by automated systems; learning that human reviewers can read their conversations — even in pseudonymised form — fundamentally changes the privacy expectation for Gemini....

Google uses your Gemini conversations to train and improve its AI by default. You have to actively opt out — it is not off by default....

Why it matters: An opt-out model for AI training data use means most users' conversations contribute to AI model development without their active knowledge or consent, which raises significant concerns under GDPR's requirements for a valid lawful basis for processing....

Google itself warns you not to share private, confidential, or sensitive information in Gemini, because it may be read by humans and used to train AI systems....

Why it matters: This warning, buried within the privacy policy, signals that Gemini is not a secure or confidential communication channel — a fact that many users who share medical, financial, or professional information may not realize....

Google does not use conversations from users under 18, or from school accounts, to train its AI. However, data from these accounts is still collected and stored under the standard retention policy....

Why it matters: While Google provides stronger data use protections for minors and students, data is still collected and retained, and the onus is on school administrators to configure appropriate settings — creating a compliance gap for underfunded or under-resourced educational institutions....

You can delete your Gemini conversation history, but it may stay on Google's servers for a few more weeks after you delete it, and Google may keep some data longer for safety purposes....

Why it matters: The right to delete your data is meaningful only if deletion is complete and prompt — the delay and safety-review exception create ambiguity about how long your data truly persists after you request deletion, which matters for legal rights under GDPR and CCPA....

If you connect third-party extensions to Gemini, your conversation data may be shared with those external companies, and Google is not responsible for how those companies use your data....

Why it matters: Extensions dramatically expand the data sharing surface beyond Google, creating a chain of data processors whose privacy practices users are expected to independently evaluate — a significant consumer protection gap....

Every time you use Gemini, Google automatically collects data about your device and your approximate location, even if you never share that information yourself....

Why it matters: Passive technical data collection — including device identifiers and location — combined with conversation content creates a rich behavioral profile that extends beyond what users typically associate with an AI chat service....

Unless you opt out within 30 days of creating your account, you must resolve any dispute with Strava through private binding arbitration rather than in court, and you cannot join a class action lawsuit against Strava. EU residents are exempt from this requirement....

Why it matters: This clause removes your right to sue Strava in court or join other users in a class action, which is typically the only practical way individuals can hold large companies accountable for widespread harms like data breaches....

When you post or share any content — including your workout data, GPS routes, photos, and activity information — you give Strava a worldwide, royalty-free license to use, copy, modify, distribute, and commercially exploit that content, including in aggregated or de-identified forms....

Why it matters: This license means Strava can use your fitness routes, workout patterns, and health data to build commercial data products and sell insights derived from your activity, even if you later delete your account....

Your Strava subscription automatically renews every billing period until you cancel, and you must cancel at least 24 hours before the renewal date to avoid being charged. Strava does not provide refunds except for a 14-day cooling-off period available to users outside the United States....

Why it matters: If you forget to cancel before the 24-hour cutoff, you will be charged for the next full billing period with no right to a refund — and US users have no cooling-off period at all....

Strava can increase its subscription fees or introduce new fees at any time, and only needs to give you 'reasonable notice' before the change takes effect at your next billing date....

Why it matters: Strava can raise your subscription price without your explicit consent — you are automatically enrolled at the new price unless you cancel, and the Terms do not define what 'reasonable notice' means....

Strava's total financial liability to you for any claim — including data breaches, privacy violations, or service failures — is capped at the greater of the fees you paid in the last 12 months or $100, whichever is more....

Why it matters: If Strava's mishandling of your sensitive GPS or health data causes you real harm, the most you can recover under this Terms is $100 or one year of subscription fees, which is likely far less than any actual damages....

Strava can suspend or terminate your account at any time, at its sole discretion, including if it believes you have violated the Terms or for any other reason Strava determines appropriate....

Why it matters: Strava can cut off your access to all your workout history, routes, and data without prior notice and without being required to give you a specific reason, which could result in loss of years of fitness data....

When you connect Strava to third-party apps like Apple Health, Garmin Connect, or challenge sponsors, your data is shared with those third parties under their own privacy policies, and Strava is not responsible for how they handle it....

Why it matters: Connecting Strava to other fitness apps or devices could result in your health and location data being shared with multiple organizations, each with different privacy standards, and Strava accepts no liability for what those third parties do with your data....

Strava requires users to be at least 13 years old, and in some jurisdictions may require users to be older. If a minor uses Strava with a parent or guardian's permission, the parent or guardian accepts full legal responsibility for all of the minor's actions on the platform....

Why it matters: Parents who allow their children to use Strava can be held personally liable for any Terms violations the child commits, and the child's GPS location and fitness data will be collected and processed under the same terms as adult users....

Strava provides its services 'as is' and 'as available' with no warranties of any kind — meaning Strava does not guarantee the platform will work correctly, be available when you need it, or be free from errors or security vulnerabilities....

Why it matters: If the Strava app fails during a workout, produces inaccurate health data, or experiences a security incident, you cannot hold Strava responsible based on any implied promise that the service would function reliably....

If you provide feedback, suggestions, or ideas to Strava about the platform or its features — including Beta Features — Strava can use, modify, and commercialize that feedback without paying you, crediting you, or seeking your further permission....

Why it matters: Any suggestions or feature ideas you share with Strava become theirs to use and profit from without compensation, and you waive any intellectual property rights in that feedback....

If you have a dispute with Cash App, you must resolve it through private arbitration with a single arbitrator — not through a court or jury trial. This applies to virtually all disputes about your account, transactions, or Cash App's services....

Why it matters: Arbitration is typically faster and cheaper for large companies, but it removes your access to courts, limits discovery, and results in decisions that are nearly impossible to appeal — meaning Cash App has a significant structural advantage in any dispute....

You agree to resolve disputes with Cash App only as an individual — you cannot join or lead a class action lawsuit or any group legal proceeding against Cash App....

Why it matters: Class actions are the primary legal mechanism consumers use to hold financial companies accountable for widespread but individually small harms — like improper fees charged to millions of users — and waiving this right means Cash App faces no collective accountability risk....

Cash App's maximum financial responsibility to you for any claim is limited to either the fees you paid in the last 12 months or $200 — whichever is greater — even if you suffered a much larger financial loss....

Why it matters: If Cash App makes an error that costs you thousands of dollars — for example, a wrongful account freeze or a transaction error — this clause means you may only recover a tiny fraction of your actual loss....

Cash App can restrict, suspend, or close your account at any time, with or without notice, including if they suspect policy violations or illegal activity — and any balance in your account may be temporarily or permanently held....

Why it matters: Many Cash App users rely on their Cash App Balance as a primary financial account for payroll deposits, bill payments, and daily spending — an unexpected account closure with a held balance could leave users without access to their own money for an indefinite period....

Cash App collects extensive data about how you use the service, and you grant Cash App a broad license to use any content or information you provide. Cash App's Privacy Notice — incorporated by reference — governs how your personal and financial data is collected, used, and shared....

Why it matters: As a financial platform, Cash App has access to highly sensitive personal and financial data including transaction history, linked bank accounts, government-issued ID information, Social Security numbers, and device data — understanding how this data is used and shared is critical to assessing priva...

If you want to transfer money from your Cash App Balance to your linked bank account immediately, Cash App charges a fee of 0.5% to 2.5% (minimum $0.25 to $1.00, maximum $75). The free option takes 1-3 business days....

Why it matters: Users who need immediate access to their own money — for example, those living paycheck to paycheck — may routinely pay percentage-based fees to access funds they have already earned, which can add up to significant costs over time....

Cash App includes generative AI features subject to a separate set of terms (Section XXI). By using these features, you agree that AI-generated outputs may be inaccurate and that you should not rely on them for financial, legal, or medical decisions....

Why it matters: Embedding generative AI into a financial platform creates significant risk for consumers who may rely on AI-generated financial guidance without understanding its limitations — particularly in a context where they are making real money decisions....

Once you send money through Cash App's peer-to-peer service, the transaction is generally final and cannot be cancelled or reversed — Cash App does not guarantee recovery of funds sent to the wrong person....

Why it matters: Unlike credit card payments or bank wire recalls, Cash App P2P payments are treated as final — if you send money to the wrong person by mistake or are a victim of a scam, you likely cannot get your money back....

Cash App allows minors aged 13 and older to open a 'Sponsored Account' supervised by a parent or guardian, with certain feature restrictions. The sponsoring adult is responsible for the minor's account activity....

Why it matters: Extending financial services — including peer-to-peer payments, a debit card, and potential exposure to investing features — to users as young as 13 raises significant child financial safety concerns and creates complex legal responsibilities for the sponsoring adult....

Cash App can change these Terms at any time by posting updated terms on its website or notifying you through the app. Your continued use of Cash App after the change takes effect means you accept the new terms....

Why it matters: Cash App can add new fees, change your rights, expand data collection, or modify dispute resolution procedures at any time — and simply using the app after receiving a notification counts as your agreement, even if you did not actively review or consent to the changes....

If you have a dispute with Target, you must resolve it through private arbitration rather than going to court. This means a private arbitrator — not a judge or jury — decides the outcome of your dispute....

Why it matters: Arbitration removes your ability to have a public court hearing, limits discovery rights, and the decision is typically final and binding with very limited appeal rights....