Provisions Index

The policy states that Medium may update the Privacy Policy at any time, with notification limited to updating the effective date at the top of the document; additional notice through homepage statements or direct notifications is described as discretionary rather than required....

Why it matters: This provision establishes that material changes to data practices may be implemented with only a date revision as mandatory notice, which may be insufficient to satisfy GDPR requirements for transparent communication of material changes to processing activities or CCPA requirements for material updates to privacy notices....

View provision → Watch Medium →

The agreement requires users to be at least 18 years old and a US resident, with use of the service constituting a representation that these requirements are met....

Why it matters: This provision establishes the eligibility conditions for account access, and use of the service constitutes a warranty by the user that they meet both the age and residency requirements....

View provision → Watch Wise →

The agreement states that users consent to Amazon automatically delivering and applying software updates to Kindle devices, and that such updates may affect access to the service or device features. Users do not have the option to decline automatic updates under these terms....

Why it matters: This provision authorizes Amazon to remotely modify Kindle device software without user approval of individual updates, and acknowledges that updates may alter or restrict access to features users currently rely on. The absence of an opt-out mechanism for automatic updates is operationally relevant for users who depend on specific device functionality....

View provision → Watch Kindle →

The agreement limits Amazon's liability to exclude indirect, incidental, special, consequential, or punitive damages arising from use of or inability to access the Kindle service or content, to the extent permitted by applicable law. This limitation applies to loss of data, profits, and other intangible losses....

Why it matters: This provision limits the categories of damages recoverable by users against Amazon, excluding consequential and punitive damages for service disruption or content access failures. The clause includes a statutory carve-out acknowledging that applicable law may limit the scope of this disclaimer in certain jurisdictions....

View provision → Watch Kindle →

The policy states that users have rights to access, rectify, erase, and port their personal data, and to object to or restrict processing, exercisable by emailing privacy@ouraring.com....

Why it matters: This provision establishes the operational mechanism through which users may exercise GDPR, UK GDPR, and CCPA/CPRA data subject rights, centralizing all requests through a single email address. Compliance teams should verify that response timelines meet applicable statutory deadlines (30 days under GDPR, 45 days under CCPA) and that identity verification procedures do not create unreasonable barriers to access....

View provision → Watch Oura →

The notice states that Gemini outputs may be inaccurate, including regarding people and facts, and explicitly states that users should not rely on Gemini for medical, legal, financial, or other professional advice....

Why it matters: This provision discloses limitations on the reliability of Gemini outputs and establishes that users bear responsibility for verifying information generated by the service. The disclaimer also reinforces the earlier human reviewer access disclosure by advising users not to share information they would not want reviewed by a person....

View provision → Watch Google Gemini →

The notice states that users in applicable jurisdictions may have rights including access, correction, deletion, data portability, and objection to processing, with the availability of these rights depending on the user's location....

Why it matters: This provision discloses jurisdiction-specific data subject rights and routes their exercise through Google's privacy tools, establishing the procedural framework for rights requests under GDPR, UK GDPR, CCPA, and equivalent frameworks. The rights are conditional on jurisdiction, and the notice does not enumerate specific response timelines....

View provision → Watch Google Gemini →

The agreement specifies California law as the governing law and San Francisco County courts as the venue for disputes not resolved through arbitration....

Why it matters: This provision establishes California law and California courts as the exclusive legal framework for non-arbitrated disputes, which may affect users in other US states and internationally, as it requires litigation in a specific forum....

View provision → Watch OpenAI →

The agreement prohibits a defined set of user activities including unauthorized content distribution, automated scraping, spam transmission, and interference with platform security and infrastructure....

Why it matters: This provision establishes the behavioral boundaries for platform use and defines categories of conduct that may trigger account suspension or termination under the service modification and termination clause....

View provision → Watch Jasper AI →

The agreement specifies Delaware law as governing and designates Delaware state or federal courts as the exclusive venue for any claims not subject to arbitration....

Why it matters: This provision establishes the legal framework and geographic venue applicable to any disputes that proceed outside arbitration, requiring non-Delaware users to litigate in Delaware courts....

View provision → Watch Jasper AI →

The agreement permits non-commercial and research use of Stability AI models under the open license terms, without requiring a separate commercial license agreement....

Why it matters: This provision defines the boundary of permitted use under the non-commercial license tier and determines whether academic researchers, individual developers, and non-commercial projects may access Stability AI models without entering a commercial agreement....

View provision → Watch Stability AI →

The agreement is governed by California law, with exclusive jurisdiction for any permitted court proceedings in Los Angeles County, California state and federal courts....

Why it matters: This clause establishes California as the governing law and Los Angeles County as the exclusive venue for any litigation not subject to arbitration, which may create a practical barrier for users located outside California who need to pursue court proceedings....

View provision → Watch Whatnot →

The policy states that Rumble implements reasonable security measures but explicitly disclaims any guarantee of absolute data security or protection against interception during transmission....

Why it matters: This provision establishes Rumble's stated security posture and its limitation of representations regarding data security outcomes; the 'reasonable measures' standard is the operative benchmark for FTC enforcement purposes and is consistent with broadly observed industry practice....

View provision → Watch Rumble →

The agreement expressly restricts use of Google Analytics to business, trade, craft, or professional purposes, and prohibits personal or consumer use....

Why it matters: This provision establishes that Google Analytics is contractually available only to businesses and professionals, which operationally excludes personal or consumer use and may affect the applicability of certain consumer protection frameworks in jurisdictions where those frameworks apply only to consumer (non-commercial) contracts....

View provision → Watch Google →

Upon termination of the agreement, any outstanding fees become immediately due and payable, and Google may charge collection expenses including legal fees to the payment method associated with the account holder's Google Ads account....

Why it matters: This provision establishes that termination triggers immediate payment of all outstanding balances and authorizes Google to charge collection costs including legal fees to the payment method on file with Google Ads, even if the account holder intended to terminate the Google Analytics agreement independently of their Google Ads relationship....

View provision → Watch Google →

The agreement grants a limited, revocable, non-exclusive, non-sublicensable license to install and use Google's measurement code and SDKs solely for the purpose of using the service, and prohibits reverse engineering, modification, resale, or interference with the software....

Why it matters: This provision establishes that the license granted to use Google Analytics software is revocable, meaning Google may withdraw it consistent with the termination provisions of the agreement. The prohibition on using third-party-labeled data in the service for any purpose other than generating reports operationally restricts how account holders can use data from multi-account or agency implementations....

View provision → Watch Google →

The agreement requires that all applications displaying Maps Platform content must include Google attribution in the format specified by Google's branding guidelines, and this requirement applies to all contexts in which Maps data or imagery is displayed....

Why it matters: This provision creates an ongoing branding and design obligation for all customer-facing interfaces incorporating Maps content, requiring compliance with Google's specified attribution format rather than the customer's preferred UX approach....

View provision → Watch Google Maps →

The terms grant Meta an unrestricted, royalty-free right to use any feedback or suggestions submitted by developers about the platform, without compensation or attribution obligations....

Why it matters: This provision establishes that developers who submit product feedback, bug reports, or feature suggestions to Meta transfer those contributions under an unrestricted license, which means Meta may incorporate such submissions into its products or services without obligation to the submitting developer....

View provision → Watch Meta →

The agreement states that content submitted by DeepL Pro subscribers is not used to train DeepL's AI models and is processed only to deliver the requested translation or service output....

Why it matters: This provision directly addresses AI training data practices for paid subscribers, establishing that submitted content is excluded from model training use. This distinction is operationally significant for organizations submitting confidential, proprietary, or personally identifiable content through the service....

View provision → Watch DeepL →

The document metadata states that the Privacy Policy governs personal information across CoreWeave's platforms and services, situating it as a cross-platform instrument within CoreWeave's terms of service framework as published at docs.coreweave.com....

Why it matters: The stated cross-platform scope of this policy determines which CoreWeave products and services, including GPU cloud computing, Kubernetes infrastructure, and storage services, are subject to its personal information provisions....

View provision → Watch Weights & Biases →

The Privacy Policy is published within CoreWeave's technical documentation platform at docs.coreweave.com under the Terms of Service section, indicating it is publicly accessible as part of CoreWeave's standard legal documentation....

Why it matters: Publication of a privacy policy within a technical documentation platform, rather than a dedicated legal or privacy portal, may affect discoverability and user notice adequacy under applicable regulatory frameworks....

View provision → Watch Weights & Biases →

Full SOC 1 Type 2 and SOC 2 Type 2 reports, as well as bridge letters covering December 2025, are not publicly downloadable and require submission of an access request through the Trust Center portal....

Why it matters: This provision requires organizations to complete a formal access request process before reviewing the underlying audit evidence that typically forms the basis of vendor due diligence assessments, which may introduce timeline dependencies in procurement workflows....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds a SOC 2 Type 2 certification, with the associated report available via access request through the portal....

Why it matters: SOC 2 Type 2 certification indicates that an independent auditor has assessed GitHub Copilot's controls over a defined period against the AICPA Trust Service Criteria; this attestation is a standard requirement in enterprise vendor procurement and data processing agreement assessments....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds ISO/IEC 42001:2023 certification, the international standard for artificial intelligence management systems....

Why it matters: ISO/IEC 42001:2023 certification indicates that GitHub has implemented a documented AI management system meeting the requirements of this standard, which is operationally relevant for enterprise customers assessing Copilot under AI governance policies, the EU AI Act, or internal AI risk frameworks....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds TISAX certification, the Trusted Information Security Assessment Exchange standard used in the automotive industry....

Why it matters: TISAX certification is a prerequisite for many suppliers and service providers operating within the automotive sector supply chain; its disclosure indicates GitHub Copilot has undergone assessment under the VDA ISA (Information Security Assessment) framework administered by ENX Association....

View provision → Watch GitHub →

The Trust Center discloses that GitHub Copilot holds CSA STAR Level 2 certification, indicating a third-party audit of cloud security controls against the Cloud Security Alliance Cloud Controls Matrix....

Why it matters: CSA STAR Level 2 certification requires an independent third-party assessment of cloud security controls, providing enterprise customers with additional audited assurance beyond the SOC 2 Type 2 attestation, specifically framed around cloud computing security practices....

View provision → Watch GitHub →

The Trust Center lists a gated Bug Bounty DLOE (Delivered Letter of Engagement or similar attestation) document covering April through June 2025, available only via an access request....

Why it matters: The availability of a bug bounty program attestation document indicates GitHub maintains a formal vulnerability disclosure and reward program for Copilot-related infrastructure, which is relevant to enterprise security assessments and software supply chain security evaluations....

View provision → Watch GitHub →

The terms commit Telegram to providing at least 30 days' advance notice of material changes to Premium pricing or terms through a message to the user's Telegram account, with the opportunity to cancel before changes take effect....

Why it matters: This provision establishes a minimum notice period and in-app notification mechanism for price and terms changes, giving Premium subscribers a defined window to cancel before any new fees apply....

View provision → Watch Telegram →

The notice states that Zendesk retains personal data for as long as necessary for the stated purposes or as required by law, applying a multi-factor assessment to determine the appropriate retention period including sensitivity, risk, and purpose....

Why it matters: This provision establishes Zendesk's stated data retention framework, which engages GDPR Article 5(1)(e) storage limitation requirements and equivalent principles under other regional frameworks, and is relevant for organizations assessing vendor data lifecycle management practices....

View provision → Watch Zendesk →

The notice states that Zendesk uses personal data to send marketing communications and provides an unsubscribe mechanism via email link or contact with privacy@zendesk.com, while retaining the right to send transactional or account-related communications regardless of marketing opt-out....

Why it matters: This provision establishes the marketing communication opt-out mechanism and clarifies that transactional communications continue after opt-out, which is relevant for CAN-SPAM compliance in the US and ePrivacy Directive requirements in the EU for email marketing....

View provision → Watch Zendesk →

The notice states that Zendesk's services are not directed to children under 16 and that Zendesk does not knowingly collect personal data from that age group, with a mechanism to report and delete such data if discovered....

Why it matters: This provision establishes Zendesk's age threshold at 16 for data collection purposes, engaging COPPA requirements in the US for children under 13 and GDPR Article 8 requirements for children under 16 in EU member states that have not lowered the threshold, which varies by country....

View provision → Watch Zendesk →

The policy states that Leonardo AI uses cookies, web beacons, and tracking technologies to collect IP addresses, browser type, operating system, referring URLs, device identifiers, and browsing activity, with user controls available via browser settings and a cookie consent tool....

Why it matters: This provision establishes the tracking technology framework, including the categories of technical and behavioral data collected, and references a cookie consent tool as the primary mechanism for user control....

View provision → Watch Leonardo AI →

The policy states that personal data is retained for the period necessary to provide services, meet legal obligations, resolve disputes, and enforce agreements, after which it is stated to be deleted or anonymized....

Why it matters: This provision establishes a purpose-based retention framework without specifying fixed retention periods for different data categories, which may affect compliance with GDPR storage limitation requirements and user ability to predict how long their data is held....

View provision → Watch Leonardo AI →

The agreement establishes that where any conflict exists between the Stripe Services Agreement and the Connected Account Agreement regarding the user's use of Stripe Connect Services, the Connected Account Agreement takes precedence. The Stripe Services Agreement is incorporated by reference but is subordinate to this document on Connect-specific matters....

Why it matters: This provision establishes the hierarchical relationship between the two governing documents, meaning that compliance teams must read both documents and identify any conflicts to determine which terms actually govern the user's rights and obligations in the Connect context....

View provision → Watch Stripe →

WHOOP restricts use of its service to users aged 18 or older and prohibits access by individuals under 18....

Why it matters: This provision establishes a minimum age requirement of 18 for service access, which is operationally significant given that the service collects continuous physiological data; the restriction also determines COPPA applicability, as the 18-year threshold exceeds COPPA's 13-year threshold....

View provision → Watch Whoop →

Klarna discloses that loans made or arranged to California residents are made under a California Financing Law license, identified by NMLS number 1353190....

Why it matters: This provision establishes Klarna's state licensing basis for offering consumer credit products to California residents, which triggers obligations under the California Financing Law including examination authority by the California DFPI....

View provision → Watch Klarna →

The agreement is governed by Delaware law, and any disputes not resolved through arbitration must be litigated in state or federal courts in New York County, New York....

Why it matters: This provision requires users outside of New York to submit to New York court jurisdiction for non-arbitrated disputes, which may create practical barriers to litigation for users located in other U.S. states or internationally....

View provision → Watch OpenSea →

The policy states that HubSpot may send marketing communications about third-party products and services using personal information, and provides opt-out by unsubscribe link or email to privacy@hubspot.com....

Why it matters: This provision authorizes use of personal information for third-party promotional communications, which engages CAN-SPAM Act requirements in the US and GDPR consent or legitimate interests analysis for EU users, as well as CASL for Canadian users....

View provision → Watch HubSpot →

The policy states that HubSpot may update the privacy policy at any time, with notification via webpage posting and, where appropriate, by email or other means, and advises users to review the policy periodically....

Why it matters: This provision reserves the right to modify privacy practices with notification that may consist solely of a webpage update, without guaranteeing direct individual notice for material changes, which may require evaluation under GDPR requirements for informing data subjects of material changes to processing activities....

View provision → Watch HubSpot →

The page organizes X's Master Services Agreement into region-specific documents covering Americas (US/Canada, Brazil, Rest of Americas), Europe/Middle East/Africa (UK, Rest of EMEA), and Asia Pacific (Indonesia, Japan, Korea, Philippines, Rest of APAC), with each region linking to a separate hosted agreement document....

Why it matters: The index structure establishes that X's advertising MSA is administered through jurisdiction-specific documents rather than a single global agreement, meaning that the operative contractual terms, including governing law, payment conditions, and dispute resolution, vary by the advertiser's applicable region....

View provision → Watch X →

The statement discloses that users in certain jurisdictions, including the EU, UK, and California, have rights including access, correction, deletion, data portability, objection to processing, restriction of processing, and withdrawal of consent. The availability of each right depends on applicable law and the legal basis for processing....

Why it matters: This provision establishes the range of data subject rights Zoom recognizes under applicable law and the mechanism by which users can exercise them. For enterprise customers, understanding which rights apply to employee or customer data processed through Zoom is relevant to their own data subject access request workflows....

View provision → Watch Zoom →

This provision requires Perplexity to ensure that all personnel with access to customer personal data are bound by confidentiality obligations, either contractual or statutory....

Why it matters: This clause implements the GDPR Article 28(3)(b) personnel confidentiality requirement and is relevant to customers assessing insider risk controls within Perplexity's workforce....

View provision → Watch Perplexity AI →

The agreement states that Delaware law governs the Terms and disputes arising from them, without applying conflict of law principles that might direct a court to apply another state's law. This is a standard governing law selection clause for a Delaware-incorporated entity....

Why it matters: This provision establishes Delaware law as the applicable governing framework for contractual disputes, which has implications for how courts interpret the Terms and what consumer protections may apply. Users in states with stronger consumer protection statutes, such as California, may have rights under those statutes that apply regardless of the contractual choice of Delaware law....

View provision → Watch Acorns →

The agreement requires all task-related communications including scoping, payment discussions, and task-related questions to remain within the Taskrabbit platform's Chat Thread, both before and after task completion. Users who communicate or transact outside the platform may be in breach of this obligation....

Why it matters: This provision requires users to conduct all task-related communications and payment arrangements exclusively through the platform, including after task completion. This condition affects both Clients and Taskers and is a compliance requirement whose violation may constitute grounds for account action under the agreement....

View provision → Watch TaskRabbit →

The policy establishes that EU/EEA users may exercise GDPR data subject rights including access, rectification, erasure, restriction of processing, data portability, and objection to processing by contacting Tabnine at privacy@tabnine.com....

Why it matters: This provision describes the procedural mechanism through which EU/EEA users may exercise statutory data rights. Organizations deploying Tabnine for EU-based employees should confirm that Tabnine's response processes meet GDPR's one-month response requirement....

View provision → Watch Tabnine →

The policy enumerates data subject rights including access, portability, deletion, amendment, restriction, objection, and complaint to national data protection authorities. These rights are stated to apply under applicable data protection legislation and in certain circumstances....

Why it matters: This provision describes the data subject rights framework Telegram asserts it supports, including portability and the right to lodge complaints with national authorities. The qualification of rights as applying under applicable legislation and in certain circumstances reflects standard GDPR language conditioning these rights on legal basis and specific circumstances....

View provision → Watch Telegram →

The policy states that Telegram does not use user data for ad targeting or commercial purposes, and that sponsored messages in public channels are based solely on channel topic rather than user data analysis....

Why it matters: This provision establishes a stated commitment that user data is not analyzed or mined for advertising purposes, which is operationally distinct from advertising-supported platforms that use behavioral or demographic data for targeting. This commitment applies to Telegram's own advertising system; it does not govern data practices of third-party bot developers....

View provision → Watch Telegram →

All advertisers who choose to promote content with X Ads are subject to an approval process covering both their account and their ad content; the process is described as designed to support platform quality and safety and to verify compliance with X's advertising policies....

Why it matters: This provision establishes that ad campaigns on X are conditional on completion of an approval process, and that both the advertiser account and individual ad content are reviewed; the document does not specify approval timelines or procedural guarantees, which is an operational planning consideration for advertisers....

View provision → Watch X →

The policy grants state-specific privacy rights including access, deletion, correction, portability, and opt-out of sale, sharing, targeted advertising, and profiling, with availability depending on the user's state of residence....

Why it matters: This provision operationalizes Zillow's compliance with CCPA/CPRA and analogous state privacy statutes by establishing the rights framework, request process, and response obligations applicable to covered residents....

View provision → Watch Zillow →

The policy states that Zillow's services are not directed to children under 13, prohibits knowing collection of personal information from this age group, and commits to deleting such data upon discovery....

Why it matters: This provision establishes Zillow's stated compliance posture under COPPA, which governs online collection of personal information from children under 13 and is enforced by the FTC....

View provision → Watch Zillow →