Provisions Index

Ledger provides the statutory warranty required by French and EU law, guaranteeing that the hardware wallet will conform to its description and be fit for purpose for a defined period after purchase....

Why it matters: This warranty ensures that if your Ledger device is defective or does not function as described at the time of purchase, you are entitled to a repair, replacement, or refund — but the warranty terms are limited to what French law mandates and do not provide extended protections....

Windows automatically collects diagnostic data about your device and how you use it — at minimum a 'Required' level for security, and optionally a broader 'Optional' level that includes detailed usage patterns used to improve and personalise Windows....

Why it matters: Even at the minimum 'Required' level, Microsoft collects device identifiers, error logs, and hardware information; the 'Optional' level significantly expands the scope of data collection to include detailed application usage and browsing behaviour within Microsoft apps....

Microsoft shares your search queries, IP address, location, and device identifiers with advertising partners to deliver targeted ads, though it does not share your name or email address directly with those advertisers....

Why it matters: Even without sharing your name, the combination of search queries, location, device identifiers, and IP address shared with advertising partners can enable re-identification and detailed behavioural profiling by those third parties....

You have the right to see what personal data Microsoft holds about you, correct inaccuracies, download a copy of your data, and in some circumstances ask Microsoft to delete it — all manageable through the Microsoft Privacy Dashboard....

Why it matters: The Privacy Dashboard gives consumers a practical tool to exercise their data rights, but the scope of what can be deleted is limited — some data essential to service delivery or required by law cannot be erased, meaning full data deletion is not always achievable....

Microsoft transfers personal data from the EU and EEA to other countries, including the US, using Standard Contractual Clauses — a legal mechanism approved by the European Commission to make such transfers lawful....

Why it matters: Following the Schrems II ruling (CJEU 2020), the legal validity of data transfers to the US depends on supplementary measures alongside SCCs; while the EU-US Data Privacy Framework (2023) now provides an alternative adequacy basis, any future invalidation of these mechanisms could disrupt Microsoft'...

Reddit automatically collects extensive data about how you use the platform, including your IP address, device type, browser, operating system, pages visited, links clicked, search terms, and inferred location, even if you do not have an account or are logged out....

Why it matters: Reddit is building a detailed behavioral profile of you through automatic data collection regardless of whether you are a registered user, which means even passive browsing of Reddit generates data that can be used for advertising and other purposes....

Reddit allows users to request deletion of their personal data, including account deletion, but warns that some data may be retained for legal, safety, or legitimate business reasons, and that publicly posted content may remain visible even after account deletion....

Why it matters: Deleting your Reddit account does not guarantee that all your personal data or posted content will be removed — Reddit may retain data for an indefinite period under broad exceptions, and your public posts may persist in archived or cached forms....

Reddit transfers personal data from the EU, UK, and other jurisdictions to the United States and other countries, relying on mechanisms such as Standard Contractual Clauses (SCCs) to legitimize these transfers under applicable law....

Why it matters: When your data is transferred from the EU or UK to the US, it moves to a jurisdiction with different privacy protections, and the adequacy of Reddit's transfer mechanisms is subject to ongoing legal challenges that could affect the lawfulness of processing....

California residents have specific rights under the CCPA/CPRA including the right to know what personal information is collected, the right to delete it, the right to correct it, the right to opt out of the sale or sharing of their personal information, and the right not to be discriminated against ...

Why it matters: As a California resident, you have legally enforceable rights to control your personal data on Reddit that go beyond what other US users receive, including the right to opt out of targeted advertising data sharing with a single click....

Reddit retains certain personal data after you delete your account, including data necessary for legal compliance, fraud prevention, and legitimate business purposes. The duration of retention is not always specified precisely, and some retained data may be used to train AI models....

Why it matters: Closing your Reddit account does not result in immediate or complete deletion of all your personal information — Reddit may hold your data for an unspecified period under broad retention exceptions, which limits the effectiveness of your deletion rights....

Figma can suspend or terminate your account and access to all your stored design files at any time, with or without notice, if Figma believes you have violated its terms or for any other reason at its discretion....

Why it matters: Figma can cut off your access to your design work — potentially years of files stored only on their platform — without advance warning, leaving you unable to retrieve your work if the termination is unexpected....

You agree to defend and pay Figma's legal costs and damages if a third party sues Figma because of something you did on the platform, including content you uploaded or shared....

Why it matters: If your use of Figma — such as uploading copyrighted material or client data without authorization — results in a lawsuit against Figma, you are personally responsible for covering Figma's legal defense costs and any resulting damages....

You must be at least 13 years old to use Figma (or 16 years old if you are in the European Economic Area), and Figma does not knowingly collect personal information from children below these thresholds....

Why it matters: Parents and educators should be aware that Figma is not legally available to children under 13 (or 16 in the EU), and any use by minors below these ages violates the ToS and may result in account termination and deletion of the minor's data....

Figma's ToS is governed by California law, and any disputes must be resolved in courts located in San Francisco, California — unless you are required to use arbitration or are an EEA/UK user with different legal protections....

Why it matters: If you have a dispute with Figma that is not subject to arbitration, you must litigate it in California, which is impractical and expensive for most users who live elsewhere....

Figma provides its services 'as is' and 'as available,' meaning it makes no guarantees that the platform will work correctly, be available at all times, or that your stored files will not be lost....

Why it matters: Figma expressly disclaims all warranties, so if the platform experiences an outage, data loss, or security breach, you cannot hold Figma responsible for failing to provide a reliable service — your only recourse is the capped liability provision....

TaskRabbit participates in the EU-US Data Privacy Framework (DPF), which it uses as the legal basis for transferring EU and UK residents' personal data to US servers....

Why it matters: The DPF is the current post-Schrems II mechanism for EU-US data transfers, but its legal adequacy has been challenged and could be invalidated, which would affect the lawfulness of TaskRabbit's data transfers....

If TaskRabbit is acquired, merged, or sells its assets, your personal information may be shared with and transferred to the new business owner, even during pre-deal negotiations....

Why it matters: Your personal data — including sensitive identity, financial, and background check information — could be transferred to an entirely different company in a deal you have no notice of or control over....

Users have rights to access the personal information TaskRabbit holds about them, correct inaccuracies, and request deletion — subject to TaskRabbit's ability to verify your identity....

Why it matters: These rights are fundamental consumer protections, but the policy conditions their exercise on identity verification, and TaskRabbit explicitly reserves the right to deny requests if it cannot verify your identity — which can be a practical barrier....

TaskRabbit collects your precise or approximate location data and detailed device information (including IP address, device type, and advertising ID) and relies on 'legitimate interests' rather than consent as the legal basis for this collection for EEA/UK users....

Why it matters: Using legitimate interests rather than consent for location and device data collection means TaskRabbit does not need your permission before collecting this data — though EU/UK users retain the right to object to this processing....

Twilio shares your browsing behavior and device identifiers with third-party vendors including Google Tag Manager, Adobe Launch, Segment, and Visual Website Optimizer for advertising targeting and website analytics purposes....

Why it matters: This data sharing funds Twilio's marketing activities but means your browsing activity on twilio.com is tracked and shared with multiple advertising and analytics companies, potentially building profiles about your interests and behavior....

This privacy notice explicitly covers only data collected on Twilio's website and does not apply to data processed through Twilio's API products — meaning the communications data of end-users of Twilio-powered apps is governed by separate contracts, not this notice....

Why it matters: Consumers who receive SMS messages or calls routed through Twilio's platform may not realize their communications data is not protected by this policy, creating a transparency gap about how their personal data is handled in Twilio's core business....

Twilio transfers personal data collected on its website to servers and vendors located in the United States and other countries, using Standard Contractual Clauses or other legal mechanisms to legitimize transfers from the EU and UK....

Why it matters: If you are in the EU or UK, your personal data is transferred to the US where data protection laws differ significantly from GDPR, and you should be aware of the transfer mechanisms Twilio uses to protect your data....

Twilio uses TrustArc's consent management platform to obtain and record your preferences for cookies, including advertising and analytics cookies, and you can change your preferences at any time using the consent tool on the site....

Why it matters: Your ability to control whether Twilio and its advertising partners track your browsing behavior depends entirely on whether the TrustArc consent tool is properly configured and honors your choices, including signals from privacy tools like the Global Privacy Control....

Twilio states that individuals in the EU, UK, and California have rights to access, delete, correct, and port their personal data, and can submit requests through Twilio's privacy portal or by contacting privacy@twilio.com....

Why it matters: Knowing how to exercise your data rights is essential if you want to find out what information Twilio has about you or have it deleted — and the process needs to be straightforward and timely to be meaningful....

Twilio uses Segment, its own customer data platform subsidiary, to collect and analyze behavioral data from visitors to twilio.com, creating a direct pipeline between website visitor data and Twilio's broader marketing and customer data infrastructure....

Why it matters: Unlike using a fully independent third-party analytics tool, Twilio's use of its own Segment platform means your website browsing data can be integrated with other data Twilio holds about you as a customer or prospect, enabling more extensive profiling than typical analytics cookies....

Square shares personal and financial data with banks, card networks (such as Visa and Mastercard), and other financial institution partners in order to process transactions and comply with financial regulations....

Why it matters: Your financial transaction data flows to multiple third-party financial institutions and payment networks as part of normal processing — this sharing is largely non-optional if you use Square-powered payment services....

California residents have the right to know what personal data Square collects, request deletion or correction of their data, opt out of the sale or sharing of their personal information, and not be discriminated against for exercising these rights....

Why it matters: These rights give California consumers meaningful control over their personal data held by Square, including the ability to stop Square from sharing their information with third parties for targeted advertising or other purposes....

Square retains personal and financial data for as long as necessary to provide its services, comply with legal obligations, resolve disputes, enforce agreements, and prevent fraud — which may mean data is retained indefinitely in some circumstances....

Why it matters: Even if you close your Square account or request data deletion, Square may retain certain records — including transaction history and identity data — to comply with financial regulations or fraud prevention obligations, limiting the practical effect of deletion requests....

EU and EEA users have rights under GDPR to access, correct, delete, port, and restrict processing of their personal data, as well as the right to object to processing and to not be subject to solely automated decisions....

Why it matters: EU users have stronger legal protections than users in many other jurisdictions, including the right to full data erasure and the right to object to profiling — Square is legally obligated to respond to these requests within one month....

Square's services are not directed at children under the age of 13, and Square states it does not knowingly collect personal data from children under 13 without parental consent....

Why it matters: If a child under 13 uses Square's services without parental knowledge, Square may have inadvertently collected their data — and parents have the right to request deletion of any such data....

Square uses cookies, pixel tags, and similar tracking technologies on its websites and may allow third-party advertising and analytics partners to collect data about users' online behavior across sites....

Why it matters: Third-party tracking technologies enable Square and its partners to monitor your browsing behavior beyond Square's own properties, which can be used for targeted advertising and behavioral profiling without explicit consent in some jurisdictions....

Poshmark can change these Terms of Service at any time by posting an updated version on their website, and your continued use of the platform after changes are posted means you agree to the new terms....

Why it matters: You could be bound by significantly different terms — including new fees, data practices, or dispute resolution rules — without receiving direct personal notice, simply by continuing to use the app....

Poshmark can suspend or permanently close your account at any time, for any reason, including violations of their policies — and they are not required to refund any outstanding balance or pending transactions....

Why it matters: If your account is suspended, you could lose access to pending sale proceeds, active listings, and your transaction history with limited ability to appeal or recover funds....

Poshmark maintains a list of items and transaction types that are not permitted on the platform — selling prohibited items can result in immediate account suspension and potential forfeiture of proceeds....

Why it matters: Sellers who unknowingly list prohibited items (such as certain counterfeit goods, hazardous materials, or regulated items) face account termination and possible financial penalties, and buyers may receive no recourse for prohibited transactions....

Poshmark's terms are governed by California law, and any disputes not resolved through arbitration must be brought in courts located in San Francisco County, California....

Why it matters: If you live outside California and have a dispute that is not subject to arbitration, you would need to litigate in California courts, which is expensive and impractical for most consumers....

Poshmark requires users to be at least 13 years old, and users between 13 and 18 must have parental permission to use the platform and engage in financial transactions....

Why it matters: Minors who use Poshmark are conducting real financial transactions — buying and selling goods — and parents may be liable for transactions made by their children under their supervision....

Patreon collects a wide range of information about you, including your name, email address, payment details, IP address, browsing behavior on the platform, and any messages you send through the service....

Why it matters: The breadth of data collected — including financial and behavioral data — means Patreon holds a detailed profile of both your identity and your activity, which can be used for purposes beyond simply running the platform....

Patreon uses a third-party vendor called Transcend to manage requests from users who want to access, delete, or export their personal data, meaning your privacy rights request is processed by an external company rather than directly by Patreon....

Why it matters: Routing your data rights request through a third-party vendor introduces an additional layer of processing that could affect how quickly and completely your request is fulfilled....

Patreon collects detailed financial information from creators, including payout details, tax identification information, and earnings data, which may be shared with financial partners and tax compliance services....

Why it matters: Creators provide sensitive financial and tax identity information to Patreon, and this data is shared with third-party financial and compliance vendors, creating additional exposure if those vendors experience a breach....

Patreon retains your personal data for as long as your account is active and for a period after closure, as required for legal, tax, and business purposes, which may mean your data is held long after you stop using the service....

Why it matters: Even after you close your Patreon account, your personal and financial data may be retained for months or years for compliance and business reasons, limiting the effectiveness of deletion requests....

You can request to close your Patreon account and have your personal data deleted, but some information may be retained for legal, tax, or fraud prevention purposes even after closure....

Why it matters: Knowing how to close your account and what happens to your data afterward helps you make an informed decision about leaving the platform and understand what privacy protections remain after you leave....

Max does not present its actual Terms of Use on this page. Instead, it provides a list of links to separate, country-specific terms documents, meaning the rules that govern your account depend entirely on which regional document applies to your location....

Why it matters: If you do not navigate to and read your specific regional terms, you are agreeing to rules you have never seen, which could include mandatory arbitration, class action waivers, or data sharing provisions that significantly affect your rights....

Max provides its terms in dozens of languages and country-specific versions, meaning the actual contractual terms — including your rights — may differ significantly depending on where you live and which language version you access....

Why it matters: Users in different countries may have materially different rights, including different dispute resolution mechanisms, data rights, and cancellation terms, even though they are using the same streaming service....

T-Mobile's services are not directed to children under 13, and the company states it does not knowingly collect personal data from children under 13 without verifiable parental consent. However, T-Mobile offers family plans where minors are account lines, creating practical data collection exposure....

Why it matters: If T-Mobile collects data from children under 13 on family plan lines without adequate COPPA-compliant parental consent, both the company and parents face significant risks — the company faces FTC enforcement fines, and children's location, communication, and behavioral data may be processed and sha...

T-Mobile provides customers — and particularly California residents — with rights to access, correct, delete, and obtain a portable copy of their personal data. Requests can be submitted through the Privacy Center online or by phone....

Why it matters: These rights give you meaningful control over the personal data T-Mobile holds about you, including the ability to find out exactly what data they have, request deletion of data you don't want retained, and correct inaccurate information that could affect your account or credit....

T-Mobile retains your personal data for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements — but does not commit to specific maximum retention periods for most data categories. This means data may be retained indefinitely in some circums...

Why it matters: Indefinite or open-ended data retention means your historical location records, call logs, financial data, and behavioral profiles could be stored for years or decades, increasing the risk of exposure in future data breaches and limiting your practical ability to delete your data footprint....

Square can change these Terms of Service at any time, and your continued use of Square's services after notice is posted constitutes your acceptance of the new terms, even if you did not read them....

Why it matters: This provision allows Square to materially alter the contract governing your business relationship without requiring your explicit consent, meaning new obligations or restrictions can bind you simply because you kept using the service....

When you submit content — such as your business name, logo, or other materials — to Square, you grant Square a broad, royalty-free license to use, reproduce, modify, and display that content in connection with operating and promoting its services....

Why it matters: Businesses that upload branding, product images, or other proprietary content to Square's platform grant Square significant rights to that content, which may extend beyond what users reasonably expect....

By accepting these Terms, you also agree to Square's Acceptable Use Policy, which lists categories of businesses and transaction types that are prohibited from using Square's services — and violation of that policy can result in immediate account termination....

Why it matters: The full scope of restrictions on your ability to use Square is not contained in this document alone — you must also comply with a separate policy document that can be updated independently, and any violation can result in losing access to your payment processing....

You agree to indemnify and hold Square harmless from any claims, losses, or expenses — including legal fees — that arise from your use of Square's services, your violation of these Terms, or your violation of any third party's rights....

Why it matters: This clause means that if a third party sues Square because of something you did using its platform, you are responsible for covering Square's legal costs and any resulting judgment, which could be financially significant....