Provisions Index

The agreement requires account holders to post a privacy policy on their properties that discloses the use of Google Analytics, cookie-based data collection, and the sharing of that data with Google and third parties, and requires commercially reasonable efforts to obtain user consent where required by applicable law....

Why it matters: This provision establishes a direct contractual obligation on account holders as data controllers to maintain adequate privacy disclosures, creating compliance dependencies with GDPR consent requirements, CCPA notice obligations, and FTC guidance on deceptive practices. Failure to post an adequate privacy policy constitutes a breach of the agreement and may independently trigger regulatory scrutiny....

View provision → Watch Google →

The agreement prohibits account holders from transmitting to Google any data that could identify individual users, either alone or in combination with other data Google holds or is likely to access, without Google's prior written permission. Where Google does permit PII sharing, it must comply with Google's sensitive data policy....

Why it matters: This provision establishes a contractual prohibition on transmitting personally identifiable information through the Google Analytics service, which has direct implications for analytics implementations that may inadvertently include PII in URL parameters, custom dimensions, or event parameters. The parenthetical reference to data that could identify individuals 'in combination with other information held by Google' is operationally significant because it encompasses data that may not appear identifiable in isolation....

View provision → Watch Google →

The agreement requires account holders operating in the EEA, Switzerland, or UK to comply with the Google Ads Data Processing Terms, which are incorporated by reference and govern GDPR-applicable data processing; the account holder warrants this compliance both for themselves and for their clients....

Why it matters: This provision incorporates by reference a separate data processing agreement governing GDPR compliance, meaning the full scope of GDPR-applicable data processing obligations for EU/EEA, Swiss, and UK account holders is not contained within this document alone. Account holders must separately review and comply with the Google Ads Data Processing Terms, and warrant compliance on behalf of their clients as well....

View provision → Watch Google →

Users grant Tabnine a worldwide, royalty-free, sublicensable license to use, reproduce, modify, publish, and distribute any content submitted through the service, including code and prompts, across any current or future media....

Why it matters: This provision requires users to grant Tabnine broad rights over submitted content, including proprietary source code, which may have IP implications for enterprise users with confidentiality obligations to clients or third parties....

View provision → Watch Tabnine →

Tabnine's total financial liability for any claim arising from the terms or the service is capped at the greater of fees paid in the prior three months or one hundred US dollars....

Why it matters: This provision limits the maximum financial recovery available to any user or entity against Tabnine to a nominal amount, which is particularly material for enterprise users who may experience significant losses from service failures, data loss, or IP-related incidents....

View provision → Watch Tabnine →

The Maps Platform Terms prohibit customers from using Maps Platform APIs, data, or content to create products or services that compete with Google Maps products, including navigation, mapping, or places-discovery applications....

Why it matters: This provision restricts the downstream commercial use of any geographic, routing, or places data obtained through Maps Platform APIs, and compliance teams should evaluate whether current or planned product roadmaps fall within its scope before committing to Maps Platform as a foundational infrastructure layer....

View provision → Watch Google Maps →

The terms restrict developers to using platform-sourced data only for the specific purposes disclosed to users and permitted by Meta's policies, prohibiting use for purposes such as surveillance, selling data to third parties, or targeting based on sensitive attributes....

Why it matters: This provision defines the permissible scope of data use for all platform-integrated applications, establishing that use of user data outside the stated core functionality or Meta's advertising policies constitutes a terms violation that may trigger audit, restriction, or termination of platform access....

View provision → Watch Meta →

Developers are required to delete all platform-sourced data promptly upon loss of platform access and upon any user request for deletion, unless Meta has provided written authorization for retention or applicable law requires otherwise....

Why it matters: This provision creates a time-sensitive operational obligation that applies upon platform access termination or user request, requiring developers to have implemented data mapping and deletion workflows capable of identifying and purging all Meta platform-sourced data across their systems and sub-processors....

View provision → Watch Meta →

Meta reserves the right to limit, suspend, or terminate developer access to its platform if Meta determines or reasonably believes a violation has occurred, or to protect platform integrity or user safety, without specifying an advance notice requirement for such actions....

Why it matters: This provision grants Meta discretionary authority to terminate platform access based on its own reasonable belief of a violation or for protective purposes, which creates operational risk for any business whose products or revenue depend on continued API access, as termination may occur without a defined cure period or advance notice....

View provision → Watch Meta →

The terms explicitly prohibit developers from selling, licensing, purchasing, or transferring any data obtained through Meta's platform to third parties, including data brokers....

Why it matters: This provision establishes an absolute contractual prohibition on commercialization of platform-sourced data through sale, licensing, or brokerage channels, which constitutes a significant restriction on permissible business models for applications built on Meta's platform....

View provision → Watch Meta →

The terms prohibit developers from using platform-sourced data to make decisions about or to target users based on sensitive personal characteristics including health status, financial information, race, ethnicity, political or religious beliefs, sexual orientation or gender identity, or union membership....

Why it matters: This provision establishes categorical prohibitions on specific uses of platform data that intersect with anti-discrimination law and data protection frameworks governing special categories of personal data, creating compliance obligations for any developer whose application processes or could infer such attributes from platform data....

View provision → Watch Meta →

The terms place full legal compliance responsibility on developers, including obtaining any required user consents and providing applicable privacy notices, for all data processed through their applications using Meta's platform....

Why it matters: This provision allocates primary legal and regulatory compliance responsibility to developers rather than to Meta, requiring developers to independently satisfy all applicable notice, consent, and data protection obligations under local law without reliance on Meta's own compliance infrastructure....

View provision → Watch Meta →

The terms state that channel administrators who organize giveaways are solely responsible for legal compliance with applicable giveaway regulations, delivery of prizes, and any resulting legal or administrative consequences; Telegram explicitly disclaims liability for all such outcomes. All giveaway purchases are stated to be nonrefundable....

Why it matters: This provision assigns all legal and regulatory compliance obligations for giveaway conduct to the organizing channel administrator, and Telegram's disclaimer of liability for prizes and regulatory sanctions creates a direct exposure for channel operators who use this feature across multiple jurisdictions....

View provision → Watch Telegram →

The policy states that user-submitted prompts and generated images may be used by Leonardo AI to train and improve its AI models, with an opt-out available by contacting the company's privacy team....

Why it matters: This provision establishes a default-on data practice in which user-submitted creative prompts and generated outputs are authorized for use in AI model training; the opt-out mechanism places the procedural burden on users to contact the company rather than providing an in-platform toggle....

View provision → Watch Leonardo AI →

The agreement states that a Stripe Connect Platform may restrict the user's ability to end the platform's access to their Stripe account and may limit the user's ability to view, access, or activate certain Stripe services. The scope of these restrictions is governed by the separately negotiated Platform Provider Agreement between the user and the platform....

Why it matters: This provision establishes that a third party's contractual authority over the user's Stripe account access and service activation is governed by a separate agreement that Stripe is not party to, creating an operational dependency on the Platform Provider Agreement for determining the user's actual account rights....

View provision → Watch Stripe →

The agreement states that a Stripe Connect Platform may designate itself as a data controller and instruct Stripe to process the user's data, subject to the terms of the separately negotiated Platform Provider Agreement. This creates a data processing structure in which the platform controls how Stripe processes the user's data....

Why it matters: This provision establishes a data processing relationship in which a third-party platform holds data controller authority over the user's data processed by Stripe, which has direct implications for data subject rights fulfillment, lawful basis documentation, and accountability obligations under GDPR and equivalent frameworks....

View provision → Watch Stripe →

This provision requires users to resolve all disputes with Wise individually through AAA arbitration rather than in court, and prohibits participation in class action lawsuits or consolidated proceedings....

Why it matters: This provision requires that all disputes, including those regarding fees, account suspensions, or unauthorized transactions, proceed through individual arbitration administered by the AAA. It forecloses class action participation, which is the primary collective redress mechanism for consumers in financial services disputes involving smaller individual claim amounts....

View provision → Watch Wise →

Wise may suspend or terminate account access and withhold funds without prior notice if it determines there is a breach of the agreement, a regulatory compliance requirement, or a suspected risk of fraud or financial crime....

Why it matters: This provision grants Wise operational authority to restrict account access and withhold funds based on its internal determination of compliance risk or policy violation, without requiring prior notice to the account holder. For business accounts and users with significant balances, this creates a material access risk....

View provision → Watch Wise →

The agreement requires that disputes between users and WHOOP be resolved through binding individual arbitration rather than court proceedings, with limited exceptions for small claims court and intellectual property injunctions....

Why it matters: This provision requires users to resolve disputes through individual arbitration proceedings administered by JAMS or AAA, which means disputes including those involving health data collection or billing practices proceed outside of the court system. The clause also includes a class action waiver, which is addressed separately....

View provision → Watch Whoop →

The agreement prohibits users from bringing or participating in class action lawsuits or class arbitration proceedings against WHOOP; all claims must be pursued individually....

Why it matters: This provision requires that all claims be brought on an individual basis, which means users may not aggregate claims with other subscribers in class or representative proceedings, including class arbitration. This applies to the full scope of claims covered by the arbitration clause....

View provision → Watch Whoop →

WHOOP collects continuous physiological measurements including heart rate, heart rate variability, respiratory rate, blood oxygen levels, skin temperature, sleep data, and activity data via the wearable device and app, which are used to generate personalized health insights....

Why it matters: The agreement discloses collection of a range of physiological and biometric-adjacent data categories on a continuous basis; the handling of this data is governed primarily by the Privacy Policy rather than these Terms, and the Terms incorporate the Privacy Policy by reference without reproducing its data sharing or retention provisions here....

View provision → Watch Whoop →

The policy states that Equifax collects directly from consumers sensitive personal information including Social Security numbers, financial account data, credit card information, and date of birth, in addition to information obtained from third-party data sources....

Why it matters: This provision establishes that Equifax collects among the most sensitive categories of personal data recognized under U.S. and international privacy law, including government-issued identifiers and financial account credentials, which are subject to heightened protection obligations under CPRA, GLBA, and GDPR....

View provision → Watch Equifax →

The policy discloses that Equifax shares personal information with third parties for cross-context behavioral advertising and authorizes consumers in California and certain other states to opt out of this sharing....

Why it matters: This provision establishes that Equifax engages in data sharing practices that qualify as a sale or share under CPRA and potentially other state privacy statutes, triggering opt-out rights for residents of qualifying states and requiring a conspicuous opt-out mechanism....

View provision → Watch Equifax →

The policy states that consumer rights to access, delete, or correct personal information under state privacy laws do not apply to data Equifax holds or uses in its capacity as a consumer reporting agency under the FCRA....

Why it matters: This provision establishes a material limitation on state privacy rights: because Equifax's core business involves FCRA-governed consumer report data, a substantial portion of the personal information it holds may fall outside the scope of CCPA, CPRA, and comparable state law deletion and access rights, with distinct FCRA dispute procedures applying instead....

View provision → Watch Equifax →

The policy authorizes Equifax to share personal information with affiliates, subsidiaries, service providers, business partners, and marketing partners, including for those third parties' own marketing purposes, subject to consumer opt-out choices....

Why it matters: This provision establishes that personal information including financial and credit data may be shared with marketing partners for independent marketing use, not solely for Equifax's own service delivery, which is a category of sharing with direct implications under CPRA's sale and share definitions and GDPR's data controller and processor distinctions....

View provision → Watch Equifax →

This clause requires users to resolve nearly all disputes with OpenSea through individual binding arbitration under AAA rules rather than through court litigation, and prohibits participation in class actions or representative proceedings. A 30-day written opt-out window is available from the date of first acceptance....

Why it matters: This provision requires disputes to proceed through individual arbitration rather than court litigation, and prohibits class or representative actions. The 30-day opt-out mechanism creates a time-sensitive consent management consideration for users and compliance teams tracking acceptance dates....

View provision → Watch OpenSea →

This clause caps OpenSea's total financial liability to any user at the greater of fees actually paid by that user to OpenSea in the preceding six months or $100, regardless of the nature or size of the underlying claim....

Why it matters: This provision establishes an aggregate liability ceiling that is operationally narrow relative to the transaction values that may be involved in NFT marketplace disputes. Enforceability of this cap may be limited under applicable consumer protection law in EU, UK, and certain U.S. state jurisdictions....

View provision → Watch OpenSea →

The policy states that HubSpot acts as a data controller for visitor and user data but as a data processor for data that business customers submit into HubSpot products, directing data subject inquiries about that second category to the relevant HubSpot customer rather than to HubSpot....

Why it matters: This provision establishes a bifurcated data governance structure in which data subject rights requests for customer-submitted data must be directed to HubSpot's business customers, not to HubSpot directly, which affects how data subjects can exercise GDPR and CCPA rights depending on the category of data at issue....

View provision → Watch HubSpot →

The policy discloses that Stripe may collect biometric data as part of its identity verification services, where applicable under local law....

Why it matters: This provision establishes that biometric data collection is within scope of Stripe's data practices for identity verification purposes, which engages state biometric privacy statutes and GDPR special category data provisions requiring explicit consent....

View provision → Watch Stripe →

The policy discloses that Stripe collects government-issued identification information, including identification numbers and document images, as part of identity verification processes for account holders and transaction participants....

Why it matters: Collection of government-issued identification data engages heightened sensitivity requirements under multiple privacy frameworks and triggers specific obligations regarding secure storage, limited retention, and restricted sharing under applicable identity verification and financial services regulations....

View provision → Watch Stripe →

This provision incorporates the European Commission's Standard Contractual Clauses as the legal mechanism for transferring EU/EEA/UK personal data to Perplexity's US-based infrastructure, in the absence of an adequacy decision covering that transfer....

Why it matters: The SCCs provide the contractual transfer mechanism required under GDPR Chapter V, but following the CJEU's Schrems II decision, customers must also conduct Transfer Impact Assessments to verify that supplementary measures are in place where US law may impair the SCCs' protections....

View provision → Watch Perplexity AI →

The agreement requires users and Acorns to resolve disputes through binding arbitration rather than in court, with limited exceptions for small claims court and intellectual property injunctive relief. Users retain the option to opt out of this requirement within 30 days of account creation by sending written notice to Acorns....

Why it matters: This provision requires that disputes relating to the Terms, services, or the parties' relationship proceed through individual binding arbitration administered by JAMS, precluding court-based litigation for most claim types. The 30-day opt-out window is time-limited and requires affirmative written action by the user after account creation....

View provision → Watch Acorns →

The agreement requires users to bring any claims against Acorns only as individuals, not as part of a class action, collective action, or representative proceeding. This waiver applies in both arbitration and court proceedings as stated....

Why it matters: This provision establishes that claims must proceed individually rather than collectively, which affects the practical economics of pursuing low-value claims against the platform. Under California law, the enforceability of class action waivers for public injunctive relief claims remains a contested legal question....

View provision → Watch Acorns →

The agreement caps Acorns' total liability to any user at the amount the user paid in subscription fees during the 12 months before the claim arose, with a minimum floor of $25 for users who paid nothing. This cap applies to all claims arising from the terms or services....

Why it matters: This provision establishes that the maximum financial recovery available to a user for any claim against Acorns is limited to 12 months of subscription fees paid, which at Acorns' current pricing tiers represents a low absolute dollar amount relative to potential investment losses or banking service failures. Applicable law, including potential fiduciary duty obligations under securities regulations, may constrain the enforceability of this cap in certain claim contexts....

View provision → Watch Acorns →

The policy authorizes collection of government-issued identity document images, national identification numbers including social security numbers and tax IDs, and criminal background check results for Taskers and other applicable users....

Why it matters: This provision establishes that the platform collects categories of information classified as sensitive under multiple privacy frameworks including GDPR and CCPA, including national identification numbers and criminal record data, which carry heightened regulatory obligations for processing, storage, and disclosure....

View provision → Watch TaskRabbit →

The policy designates TaskRabbit, Inc., a US entity, as the sole data controller for all EEA, Swiss, and UK users' personal information, notwithstanding the existence of TaskRabbit Limited, TaskRabbit GmbH, and TaskRabbit Poland Sp. z o.o. as separate legal entities....

Why it matters: This provision establishes that a US-domiciled entity is the data controller for EU and UK data subjects, which requires legally adequate transfer mechanisms for personal data flowing from the EEA or UK to the United States, and may require evaluation of local representative obligations under GDPR Article 27....

View provision → Watch TaskRabbit →

US and Canadian users are required to resolve disputes with Taskrabbit through binding individual arbitration rather than court proceedings, and the agreement includes a class action waiver. A 30-day opt-out window is available after initial acceptance of the terms....

Why it matters: This provision requires US and Canadian users to submit claims against Taskrabbit to individual binding arbitration, which means disputes are resolved through a private arbitration process rather than through the court system. The 30-day opt-out window is a fixed, time-limited mechanism; users who do not act within that period are contractually bound to arbitration for the duration of their use of the platform....

View provision → Watch TaskRabbit →

The agreement states that Taskrabbit assumes no responsibility or liability for the quality, legality, timing, or outcome of tasks, and that the formation of a Service Agreement between Client and Tasker creates no liability for Taskrabbit. Users acknowledge Taskrabbit does not supervise, direct, or control Tasker work....

Why it matters: This provision establishes a broad disclaimer of Taskrabbit's operational involvement in and liability for task outcomes, reinforcing the platform's characterization of itself as a marketplace intermediary rather than a service provider. The breadth of this disclaimer may be subject to scrutiny under applicable consumer protection and employment classification law in various jurisdictions....

View provision → Watch TaskRabbit →

The agreement classifies Taskers as independent contractors of Clients rather than employees of Taskrabbit or Clients. The terms state that Taskers set their own rates, use their own tools, and may work on competing platforms without restriction from Taskrabbit....

Why it matters: This provision establishes the contractual classification of Taskers as independent contractors, which determines the applicable labor, tax, and benefits obligations between the parties. The classification assertion in the contract does not resolve applicable legal standards for worker classification, which vary by jurisdiction and may be determined by regulatory or judicial authorities independent of the agreement's characterization....

View provision → Watch TaskRabbit →

The policy states that code inputs submitted to the AI assistant by free-tier users may be used to improve Tabnine's AI models by default, while paid-plan users have access to telemetry controls that can prevent this use....

Why it matters: This provision establishes a default data use practice for free-tier users that includes their submitted code in AI training pipelines, with opt-out access tied to subscription tier. Enterprise compliance teams should evaluate whether this default treatment is compatible with confidentiality obligations over employee-submitted code....

View provision → Watch Tabnine →

The policy states that sellers are required to submit government-issued identification documents and financial account information (bank account details) to Whatnot for identity verification and payout processing....

Why it matters: This provision requires sellers to submit sensitive personal and financial data categories that are subject to heightened protection under state financial privacy laws, data breach notification statutes, and potentially federal requirements depending on the nature of payout processing relationships....

View provision → Watch Whatnot →

The policy prohibits use of the OpenRouter platform to generate, distribute, or facilitate child sexual abuse material under any circumstances....

Why it matters: This provision establishes an absolute content prohibition that applies across all models accessible through the platform, and violation would constitute both a policy breach and potential criminal liability under applicable federal and state law....

View provision → Watch OpenRouter →

The policy establishes that operators who build applications on the OpenRouter platform are responsible for ensuring their end users comply with OpenRouter's Acceptable Use Policy....

Why it matters: This provision creates a contractual liability pass-through whereby operators bear compliance responsibility for violations committed by their end users, which requires operators to implement their own downstream enforcement mechanisms....

View provision → Watch OpenRouter →

The policy prohibits using the platform to generate content or assistance that facilitates the development of weapons of mass destruction, including biological, chemical, nuclear, or radiological weapons....

Why it matters: This provision establishes a categorical prohibition on a class of uses that would create significant legal liability and aligns the platform with export control and national security regulatory frameworks applicable to dual-use technologies....

View provision → Watch OpenRouter →

The policy states that third-party bot developers receive public account data including screen name, username, and profile picture when users interact with bots, and may also receive messages, IP addresses (via links), group membership status, and interface language. Third-party bot developers are described as independent from Telegram, and their data practices are governed by their own terms rather than Telegram's privacy policy....

Why it matters: This provision establishes that user data transmitted to third-party bots is outside Telegram's data protection framework, and that Telegram does not govern how independent bot developers collect, store, or use that data. Users interacting with third-party bots should review those bots' separate privacy policies....

View provision → Watch Telegram →

The policy prohibits advertisers from using targeting parameters based on sensitive personal characteristics including race, religion, health conditions, and sexual orientation when serving paid advertising on X....

Why it matters: This provision restricts the use of sensitive data categories for ad targeting, which intersects with GDPR Article 9 special category data protections in the EU and similar frameworks in other jurisdictions; advertisers using audience segmentation tools must verify that their targeting configurations do not rely on prohibited sensitive attributes....

View provision → Watch X →

The policy restricts or prohibits political advertising on X, with availability varying by country; advertisers seeking to run political ads must verify eligibility in their specific jurisdiction and may require prior written approval from X....

Why it matters: Political advertising restrictions on X vary by country and require advertisers to independently verify eligibility before submitting campaigns; given the time-sensitive nature of political campaigns, the absence of defined approval timelines in this document creates significant operational planning considerations for political advertisers....

View provision → Watch X →

The Custom Experience program collects data on websites visited and apps used on Verizon's mobile network, and the Custom Experience Plus program additionally incorporates location data, to personalize services and deliver targeted advertising to customers. Customers are enrolled by default and may opt out through account settings....

Why it matters: This provision authorizes Verizon to use network-level behavioral data, including browsing and app usage activity, as a telecommunications carrier to deliver targeted advertising. As a common carrier, Verizon's use of CPNI-adjacent network data for advertising purposes engages FCC regulatory authority in addition to general consumer privacy frameworks....

View provision → Watch Verizon →

Verizon states that it uses CPNI, which includes call records, location, and technical network usage information, to provide telecommunications services and to inform customers about other Verizon service offerings. Federal law governs CPNI use, and Verizon discloses this framework as part of its privacy policy....

Why it matters: This provision identifies the federal CPNI regulatory framework applicable to Verizon as a telecommunications carrier and establishes the stated basis for using network data in service delivery and marketing contexts. The intersection of CPNI obligations with the Custom Experience advertising programs described elsewhere in the policy is a material compliance consideration....

View provision → Watch Verizon →

Verizon collects precise location data from GPS, Wi-Fi, Bluetooth, and cell tower sources, as well as less precise location derived from IP address, when customers use Verizon services and in some cases when using third-party services, websites, or apps....

Why it matters: This provision establishes that Verizon collects precise location data from multiple technical sources across both Verizon services and, in some circumstances, third-party contexts. Precise location data is classified as sensitive personal information under CPRA and intersects with FCC CPNI location data protections....

View provision → Watch Verizon →