Provisions Index

You agree to give up your right to participate in any class action lawsuit or class-wide arbitration against Target. All disputes must be handled individually....

Why it matters: Class action lawsuits are often the only practical way for consumers to hold large companies accountable for small-dollar harms — without them, the cost of individual litigation typically exceeds any potential recovery....

When you submit content to Target — such as product reviews, photos, or ideas — you grant Target a permanent, royalty-free, worldwide license to use, reproduce, modify, and distribute that content for any purpose....

Why it matters: Target can use your reviews, images, or creative submissions indefinitely and without paying you, even if you later delete your account or request removal of the content....

Target's financial liability to you for any claim is capped at the greater of the amount you paid in the relevant transaction or $100, regardless of the nature or severity of the harm....

Why it matters: Even if Target causes significant harm — such as a data breach exposing sensitive personal information — your ability to recover damages is severely limited to $100 or your transaction amount....

All disputes with Target are governed by the laws of Minnesota, regardless of where you live or where the dispute arose....

Why it matters: This means you may lose the consumer protection rights available in your home state, as Minnesota law will be applied instead — which may be less favorable to consumers in states with stronger protections like California....

California residents have the right to opt out of the sale or sharing of their personal information with third parties for advertising purposes, exercisable through Target's privacy controls....

Why it matters: Target's page source reveals integrations with DoubleVerify and Google advertising platforms, meaning personal data may be shared with ad networks — California residents can exercise their right to stop this....

You agree to defend and compensate Target for any costs, legal fees, or damages that Target incurs as a result of your use of the site, your content submissions, or your violation of the Terms....

Why it matters: If your use of Target's website or content you submit causes Target to face a legal claim or financial loss, you may be personally required to pay Target's legal costs and any resulting damages....

Target reserves the right to suspend or terminate your account at any time, for any reason, with or without notice, including if Target believes you have violated the Terms....

Why it matters: Target can close your account without warning, which could result in loss of access to accumulated Target Circle rewards, saved payment methods, order history, and digital purchases....

Zelle shares your browsing history, IP address, and unique online identifiers with third-party advertising networks to show you targeted ads on zelle.com and across other websites, even though they state they do not 'sell' your data....

Why it matters: This practice means your online behavior is being monetized to fund targeted advertising, and the 'we don't sell data' claim may be misleading since CPRA treats this type of sharing the same as a sale for opt-out purposes....

By simply using the zelle.com website, you are deemed to have expressly consented to Zelle collecting, using, disclosing, and retaining your personal information as described in the policy — including any future updates to the policy....

Why it matters: This is a broad, implied consent mechanism — you don't have to sign anything or click 'I agree.' Simply visiting the website is treated as consent to data practices you may not have read, including consent to future policy changes....

If you use zelle.com to report a fraud or scam, Zelle will share that report — and your personal information — with the recipient's bank or credit union, not just with your own bank....

Why it matters: Victims of Zelle fraud who report scams through the website may not realize their personal information and fraud details will be disclosed to the financial institution of the person who received the funds, which could have implications for dispute resolution and financial recovery....

Zelle keeps personal information from business inquiries submitted through the website for the duration of the business relationship plus up to 10 additional years, and keeps consumer support form data for up to 5 years....

Why it matters: Retaining personal data for up to 10 years after a business relationship ends goes beyond what most privacy frameworks consider necessary and proportionate, creating long-term exposure for both Zelle and affected individuals....

Formal data rights requests — including the right to know, correct, or delete personal information — are only available to California residents acting in a business-to-business (B2B) capacity, not to ordinary consumers who visit the website....

Why it matters: Most consumers who visit zelle.com are not B2B contacts, meaning the majority of website visitors have no formal mechanism to access, correct, or delete the personal data Zelle has collected about them....

Zelle states its website is not intended for children under 13 and that it does not knowingly collect information from minors, in compliance with the Children's Online Privacy Protection Act (COPPA)....

Why it matters: This is a legally required disclosure under COPPA and is generally standard, but it places the compliance burden on Zelle to ensure it does not inadvertently collect data from minors through cookie-based tracking....

Zelle's website contains links to third-party websites, and Zelle states it is not responsible for the privacy practices or content of those external sites....

Why it matters: Clicking links on zelle.com to partner or third-party sites takes you outside Zelle's privacy protections, and those sites may have materially different — and potentially less protective — data practices....

Business partners and financial institution contacts who have expressed interest in Zelle's products can opt out of marketing communications by using the unsubscribe link in Zelle's emails or by emailing marketing@earlywarning.com....

Why it matters: This provision provides a mechanism for B2B contacts to stop receiving marketing emails, though Zelle notes it may take 'a reasonable period of time' to process the request — meaning marketing emails may continue temporarily after opt-out....

Uber collects your precise GPS location continuously while the driver app is open, including when it is running in the background on your device. This means Uber knows where you are even when you are not actively on a trip....

Why it matters: This goes beyond what most consumers expect — your location is tracked persistently, not just during rides, enabling Uber to build a detailed picture of your daily movements....

Uber uses a feature called Real-Time ID Check that requires drivers to periodically submit a selfie photo, which is then matched against their profile photo using facial recognition technology. This is used to verify identity and prevent fraud....

Why it matters: Biometric data including facial geometry is among the most sensitive personal information — it cannot be changed if compromised, and collection without explicit written consent and a documented retention schedule may violate state biometric privacy laws....

Uber uses automated systems to make decisions that affect drivers, including fraud detection, account deactivation, and performance scoring. These automated decisions can result in your account being suspended or terminated without prior human review....

Why it matters: Automated deactivation decisions can instantly end a driver's ability to earn income on the platform, and the policy does not clearly guarantee a meaningful right to human review of such decisions in all jurisdictions....

Uber shares driver personal data with marketing and advertising partners, including third-party analytics companies and advertising technology vendors. This means your personal information may be used to deliver targeted advertising....

Why it matters: Drivers may not expect their personal data collected in an employment-like context to be shared with advertisers, and this sharing may constitute a 'sale' or 'sharing' of personal information under California law, triggering opt-out rights....

Uber collects and processes criminal background check results as part of the driver onboarding process. This sensitive data is used to determine eligibility to drive on the platform....

Why it matters: Criminal record data is among the most sensitive categories of personal information, and its collection, retention, and use in automated eligibility decisions creates significant risk of discriminatory impact and regulatory liability under the FCRA....

Uber shares driver personal data with law enforcement agencies, courts, and government authorities when required by law, in response to legal process, or when Uber believes disclosure is necessary to protect safety or comply with legal obligations....

Why it matters: This provision means your personal data — including location history and trip records — can be disclosed to government authorities without your knowledge, which has implications for civil liberties, whistleblower protection, and personal safety in certain contexts....

Uber collects drivers' bank account details, payment information, and tax documentation (including Social Security Numbers or equivalent) in order to process earnings and comply with tax reporting obligations....

Why it matters: Collection of bank account numbers and government tax identification numbers represents some of the highest-risk personal data — a breach or misuse of this data could directly enable financial fraud or identity theft....

Drivers have the right to request access to, correction of, and deletion of their personal data, as well as the right to obtain a copy of their data in a portable format. These rights are exercised through the Uber app or privacy portal....

Why it matters: Knowing and exercising these rights is important because it allows drivers to understand exactly what data Uber holds, correct inaccuracies that might affect their account, and request deletion when they leave the platform....

Uber transfers driver personal data internationally, including to the United States and other countries that may not have the same level of data protection as the country where you are located. Uber uses standard contractual clauses and other transfer mechanisms to enable these transfers....

Why it matters: When your data is transferred to countries with weaker privacy laws — including the US from the EU's perspective — you may have fewer legal protections and less practical recourse if your data is misused....

Uber may collect health-related information from drivers in connection with accessibility accommodations and safety incident reporting. This can include details about disabilities or medical conditions that affect a driver's ability to perform their duties....

Why it matters: Health data is a special category of particularly sensitive personal information under GDPR, and its collection and processing requires explicit consent and heightened security protections — drivers should understand when and why this data is collected....

When you post photos, videos, or other content on Snapchat, you give Snap a permanent, worldwide, royalty-free license to use, copy, modify, distribute, and create derivative works from that content. This license continues even after you delete the content in some cases, particularly where it has be...

Why it matters: This provision means Snap can use your personal photos, videos, and creative content for its own commercial purposes without paying you or asking further permission, which goes beyond what many users expect when sharing privately....

US users must resolve any legal disputes with Snap through binding individual arbitration rather than in court, and cannot join class action lawsuits against Snap. This means if Snap harms many users in the same way, each person must individually pursue their claim in arbitration rather than joining...

Why it matters: This provision substantially limits your legal options against Snapchat — arbitration is typically more favorable to corporations than courts, and class actions are the primary way consumers effectively challenge large companies over small-dollar widespread harms....

Snap can change these Terms of Service at any time and will notify you of significant changes, but continued use of Snapchat after changes are posted means you automatically agree to the new terms. You have no right to negotiate or reject changes — your only option is to stop using the service....

Why it matters: This means the legal agreement you accepted when you joined Snapchat can be changed in ways that are less favorable to you, and simply continuing to use the app constitutes your legal agreement to the new terms even if you did not explicitly review or accept them....

Snap can suspend or terminate your Snapchat account at any time, for any reason, without prior notice. If your account is terminated, you may lose access to all of your content, friends lists, Snap Score, and any digital items or purchases associated with your account....

Why it matters: Without appeal rights or advance notice, users who have significant data, memories, or digital purchases stored in Snapchat can lose everything if Snap decides to terminate their account, including content that may not be recoverable....

You agree to defend and pay Snap's legal costs if someone sues Snap because of something you did on the platform — including content you posted, how you used the app, or if you violated these Terms or someone else's rights....

Why it matters: This clause means that if your Snapchat activity leads to a lawsuit against Snap, you could be personally responsible for Snap's legal fees and damages, which could be very costly....

Snap limits its responsibility to you for any damages or losses you suffer while using Snapchat. In most cases, Snap's total financial liability to you is capped at the greater of $100 or the amount you paid Snap in the past 12 months — even if you suffer much larger actual losses....

Why it matters: If Snapchat's service causes you harm — such as a data breach exposing your private photos, or loss of content — you can only recover a maximum of $100 from Snap in most circumstances, regardless of the actual damage caused....

Snapchat requires users to be at least 13 years old to create an account. Users under 18 in some regions may require parental consent, and Snap represents that it does not knowingly collect data from children under 13. However, the platform relies primarily on users self-reporting their age....

Why it matters: Snapchat's age verification relies on self-reported age rather than technical verification, which means children under 13 may access the platform without parental knowledge, and COPPA protections may not be effectively enforced....

For US users, these Terms are governed by the laws of California, and disputes must be resolved in Los Angeles, California. For users outside the US, Snap Group Limited (an Irish entity) is the contracting party, and Irish law and EU regulations govern the agreement....

Why it matters: For US users, this means you may need to travel to Los Angeles to pursue any court claims against Snapchat that survive arbitration, which creates a practical barrier to seeking legal remedies. For non-US users, this determines which legal protections apply to your account....

Target operates an advertising business called Roundel that uses your purchase history, browsing behavior, and other personal data to serve you targeted ads — and to help other companies target you with ads both on and off Target's platforms....

Why it matters: This provision means your shopping data is not just used to improve your Target experience — it is monetized through an advertising network, which is a significant expansion of data use that many consumers would not expect....

Target allows consumers — particularly those in California and other states with privacy laws — to opt out of the sale or sharing of their personal information for targeted advertising purposes, including through a web form or phone call....

Why it matters: Without actively opting out, your personal data continues to be used for cross-context behavioral advertising by default, meaning Target and its partners can profit from your data unless you take affirmative steps to stop them....

Target collects information that qualifies as 'sensitive' under privacy law, including precise geolocation, financial account details, and health or wellness inferences derived from purchase history (e.g., buying baby products or medications)....

Why it matters: Sensitive personal information carries heightened legal protections under CPRA and analogous state laws, and Target's collection of health-adjacent purchase inferences and precise location data creates significant privacy risks if used for profiling or shared with third parties....

When you use Target Circle (Target's loyalty program), Target collects detailed records of your purchases, deals you activate, and engagement behavior, using this data to build a profile that informs personalized marketing and advertising both from Target and its brand partners....

Why it matters: Target Circle membership creates a persistent, identity-linked behavioral profile tied to your name, email, and purchase history that is used for commercial profiling at a scale most consumers don't realize when they sign up for discounts....

Target states that its services are not directed at children under 13 and that it does not knowingly collect personal information from children under 13 without verifiable parental consent, in accordance with federal law....

Why it matters: If a child under 13 uses Target's website, app, or loyalty program without parental awareness, Target's data collection practices could implicate federal children's privacy law, creating risk for both the company and families....

Target sends promotional emails, SMS messages, and push notifications based on your purchase history and preferences, and you can opt out of marketing communications through your account settings, email unsubscribe links, or by texting STOP for SMS....

Why it matters: Without managing your communication preferences, Target will continue to send targeted marketing messages informed by your purchase history and behavioral data across multiple channels, including email, text, and app notifications....

Target retains your personal information for as long as necessary to provide services and meet legal obligations, and consumers in qualifying states can request deletion of their personal data, subject to exceptions for legal holds, fraud prevention, and transaction completion....

Why it matters: Target can retain your personal data — including purchase history, behavioral profiles, and financial information — for extended periods, and deletion requests are subject to a number of exceptions that may limit the practical scope of this right....

Target shares your personal information with third-party service providers, business partners, and in some cases what may function as data brokers, for purposes including analytics, fraud prevention, advertising, and operational support....

Why it matters: The breadth of third-party data sharing — spanning analytics vendors, advertising technology providers, loyalty program administrators, and financial partners — means your data reaches a wide ecosystem of companies beyond Target, with varying privacy protections....

Figma states that it may use the content you upload to its platform — including design files and other materials — to train, develop, and improve its AI and machine learning features and products....

Why it matters: This provision means that proprietary designs, client work, brand assets, or confidential prototypes you store in Figma could be used to improve Figma's AI products, potentially beyond what users and enterprise customers expect when they sign up for a design tool....

Figma shares your personal data — including behavioral data, device identifiers, and usage information — with advertising partners and analytics providers such as Google and Meta to serve targeted advertisements and analyze platform performance....

Why it matters: This means that your professional activity on a design platform is being used to build advertising profiles and target you with ads, which many users of a B2B SaaS tool would not expect, and which triggers opt-out rights for California residents....

Figma transfers personal data internationally — including from the EU, UK, and Canada to the United States — using mechanisms such as Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework to make those transfers lawful....

Why it matters: For EU and UK users, this means your personal data is being processed in the United States, a jurisdiction without an EU-equivalent level of data protection, and the lawfulness of that transfer depends on mechanisms that have been subject to legal challenge....

Figma grants users in the EU, UK, California, and Canada specific rights over their personal data, including the right to access, delete, correct, or export their data, and to object to or restrict certain types of processing....

Why it matters: These rights give you meaningful control over your personal data held by Figma, but the exercise of these rights depends on Figma's response timelines and the completeness of the data it identifies and returns....

Figma uses cookies, pixel tags, and similar tracking technologies to collect data about your browsing behavior, device, and interactions with its services, and shares some of this data with advertising and analytics partners....

Why it matters: Tracking technologies allow Figma and its partners to build detailed profiles of your online behavior, which is used for targeted advertising and product analytics — and under EU/UK law, most non-essential cookies require your explicit prior consent....

Figma retains your personal data for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce its agreements, without specifying fixed maximum retention periods for most data categories....

Why it matters: The absence of specific retention periods means Figma may retain your personal data indefinitely while your account exists, and it is not entirely clear when data will be deleted after account closure....

Figma's services are not directed at children under 16 (or under 13 in the US), and Figma states it does not knowingly collect personal information from children below the applicable age threshold....

Why it matters: If a child under the relevant age limit creates a Figma account, Figma claims it will delete the data upon discovery — but the policy relies on self-reported age rather than active verification, which may not prevent underage account creation....

In the event of a merger, acquisition, asset sale, or similar corporate transaction, Figma may transfer your personal data to the acquiring company as part of the transaction....

Why it matters: This provision means your personal data — including design files, account details, and usage history — could be transferred to a new company without your explicit consent if Figma is sold or undergoes a major corporate restructuring....

Strava collects health data like heart rate, HRV, and VO2max from connected devices and uses this data — along with your location — to train AI and machine learning models that power Strava's features....

Why it matters: Health and biometric data is among the most sensitive personal information, and using it to train AI models creates risks of re-identification, unintended disclosure, and processing beyond the original purpose for which you shared it....