Provisions Index

Prescription drugs, over-the-counter drugs, pharmacy services, and telehealth services require prior authorization from LinkedIn before ads can run, and are subject to geographic restrictions limiting them to the United States or jurisdictions where they are legal. All such ads are prohibited from targeting members under 18 years of age....

Why it matters: This provision establishes a pre-campaign approval dependency for healthcare and pharmaceutical advertisers that must be satisfied before any ads in these categories can be submitted or run. Geographic restrictions limit prescription drug and telehealth advertising to the United States or Canada, excluding these categories from other markets regardless of local legal permissibility....

View provision → Watch LinkedIn →

The policy prohibits all affiliate advertising on the LinkedIn platform and additionally requires LinkedIn's prior authorization for publishers seeking to include in-stream video ads within sponsored content....

Why it matters: This provision creates a categorical prohibition on affiliate advertising that affects performance marketers, affiliate networks, and publishers whose business model depends on commission-based advertising placements. The separate restriction on in-stream video ads within sponsored content establishes a distinct authorization requirement for publisher monetization arrangements....

View provision → Watch LinkedIn →

The policy requires advertisers to comply with applicable privacy and data protection laws and prohibits the use of persistent or respawning tracking cookies, including ever cookies and zombie cookies, to track users across sites without full disclosure and user consent....

Why it matters: This provision places the compliance burden for privacy and data protection obligations on the advertiser rather than LinkedIn, and specifically prohibits tracking technologies designed to persist despite user deletion attempts. The requirement for full disclosure and consent before cross-site tracking aligns with GDPR and CCPA consent mechanisms but the operational specifics depend on applicable law in each jurisdiction....

View provision → Watch LinkedIn →

The policy prohibits ads that discriminate on the basis of age, gender, gender identity, disability, religion, ethnicity, race, color, national origin, or sexual orientation, and requires compliance with anti-discrimination laws applicable to education, housing, credit, and employment advertising....

Why it matters: This provision extends the non-discrimination obligation to the full scope of ad content and targeting, and specifically references the legally sensitive advertising categories of housing, credit, and employment, where anti-discrimination enforcement by regulatory authorities has been active across multiple jurisdictions....

View provision → Watch LinkedIn →

The policy prohibits fraudulent or deceptive advertising, including unsupported claims, inaccurate competitive comparisons, false affiliation or endorsement implications, and undisclosed partnerships. Any advertised price, discount, or offer must be easily accessible from the ad's destination link....

Why it matters: This provision requires advertisers to maintain substantiation for all ad claims and to disclose material partnerships, aligning with FTC guidance on advertising substantiation and endorsement disclosures. The requirement that advertised prices be easily discoverable from the ad link creates a specific landing page compliance obligation....

View provision → Watch LinkedIn →

The notice states that Uber collects speed, acceleration, and braking data from drivers' devices during trips and uses this telematics data for safety assessments and incentive eligibility determinations....

Why it matters: This provision establishes that automated data collection about driving behavior is used to make determinations that affect drivers' platform standing and earnings eligibility, which may engage automated decision-making provisions under GDPR Article 22 and transparency requirements under CCPA/CPRA for profiling that produces significant effects....

View provision → Watch Uber →

The notice states that precise location data, trip information, and telematics data may be shared with insurance providers for coverage facilitation, claims processing, and telematics insurance products....

Why it matters: This provision authorizes sharing of sensitive location and behavioral data with insurance partners, which may affect insurance rating, claims outcomes, and coverage eligibility, and creates third-party data flows that require assessment under applicable data protection and insurance regulatory frameworks....

View provision → Watch Uber →

The notice states that Uber may disclose driver personal data to law enforcement and government authorities in response to legal process or regulatory requests, and may disclose data to protect rights and safety without specifying minimum legal process thresholds beyond 'legal obligation.'...

Why it matters: This provision authorizes disclosure of driver data including background check results, location history, communications, and financial data to government authorities, which is operationally significant for drivers in jurisdictions with active regulatory scrutiny of gig worker classification and for those operating in countries with broad government access powers....

View provision → Watch Uber →

The notice states that government-issued identification documents including driver's license information and national ID numbers are collected from drivers as a condition of account registration and regulatory compliance....

Why it matters: Government-issued identification numbers constitute sensitive personal information under CPRA and personal data subject to heightened protection under GDPR, and their collection and retention creates obligations regarding secure storage, access controls, and defined retention periods that should be documented in compliance programs....

View provision → Watch Uber →

The notice states that driver personal data may be transferred internationally including to the United States, and that EU/EEA transfers are covered by Standard Contractual Clauses or other approved mechanisms....

Why it matters: Cross-border data transfers of EU/EEA driver data to the US and other third countries require valid transfer mechanisms under GDPR Chapter V, and the adequacy and supplementary safeguards supporting SCCs must be documented and available for supervisory authority review, particularly given the volume and sensitivity of the data categories involved....

View provision → Watch Uber →

The notice states that drivers in applicable jurisdictions hold rights including access, correction, deletion, portability, objection, and restriction of processing, as well as opt-out rights for data sale or sharing and targeted advertising, with a non-discrimination commitment for exercising these rights....

Why it matters: This provision establishes the framework through which drivers can exercise data rights, and the non-discrimination commitment is a specific CCPA/CPRA requirement; the operational effectiveness of these rights depends on the adequacy of Uber's request handling procedures and response timelines, which are subject to regulatory audit....

View provision → Watch Uber →

The notice states that Uber collects background check reports including criminal and driving records from third-party providers to assess and maintain driver eligibility, with ongoing periodic updates to this data....

Why it matters: The collection and use of background check data for platform eligibility decisions implicates the Fair Credit Reporting Act (FCRA) requirements for adverse action notices and permissible purpose, and the periodic update mechanism means drivers may be subject to ongoing screening throughout their engagement with the platform....

View provision → Watch Uber →

The Parental Insights tool delivers weekly reports to connected parents or guardians disclosing the teen user's total time spent on the platform and the top AI characters the teen has interacted with during that period....

Why it matters: This provision establishes a specific data disclosure mechanism in which teen usage data, including session duration and character interaction records, is transmitted to a third-party email address (the parent or guardian) on a weekly cadence. The data categories disclosed, time spent and top characters interacted with, may constitute personal information subject to applicable privacy and children's data protection frameworks....

View provision → Watch Character.AI →

The Parental Insights feature is activated by the teen user, not the parent, through the Preferences tab; the teen enters the parent or guardian's email and initiates the invitation....

Why it matters: This provision establishes that parental access to teen activity data is gated by the teen user's affirmative action rather than by a parent-initiated or platform-initiated consent mechanism. This design places control over parental oversight with the minor user, which may be relevant to regulatory assessments of whether the platform provides adequate parental oversight mechanisms for minor users....

View provision → Watch Character.AI →

The Safety Center includes a dedicated Teen Safety section, accessible via a linked page, presented as a commitment to protecting teen users on the platform, though the specific measures, restrictions, or technical safeguards applied to teen accounts are not described on this overview page....

Why it matters: The document's reference to a teen safety commitment without disclosing specific protective measures, age-based content restrictions, or account controls on this page means the Safety Center functions as a navigational index for teen safety information rather than a substantive policy disclosure. The operational significance of this commitment depends on the content of the linked teen safety page, which was not included in the submitted document....

View provision → Watch Character.AI →

The policy states that TikTok may reject or remove any ad and suspend any advertiser account at its discretion, including for policy violations, without specifying a guaranteed timeline for review, reinstatement, or appeal....

Why it matters: This provision reserves broad platform enforcement authority over advertiser access, including account suspension, without defining procedural timelines or guaranteed appeal mechanisms. Advertisers whose business operations depend on continuous TikTok Ads access should note that platform enforcement actions may interrupt campaign delivery without advance notice....

View provision → Watch TikTok Ads →

The policy establishes a list of content categories that are categorically prohibited from advertising on the TikTok platform, including weapons, tobacco products, and adult content, with advertisers bearing responsibility for ensuring their creative materials comply....

Why it matters: This provision defines the outer boundary of advertiser eligibility on the TikTok platform. Advertisers whose primary products or services fall within prohibited categories are ineligible to run paid campaigns regardless of targeting, creative approach, or market....

View provision → Watch TikTok Ads →

The policy states that advertiser compliance obligations extend beyond the ad creative itself to include the destination landing pages, requiring that those pages meet platform policy standards and applicable legal requirements....

Why it matters: This provision extends advertiser compliance obligations to external landing page content, including privacy disclosures, product claims, and data collection practices on destination URLs. Ad approval may be conditioned on landing page compliance, and post-approval violations on landing pages may trigger ad removal....

View provision → Watch TikTok Ads →

The policy states a global prohibition on political advertising on the TikTok Ads platform, covering candidate promotion, party advertising, and ballot measure advocacy across all markets....

Why it matters: This provision categorically excludes political campaign advertising from TikTok's paid advertising products on a global basis. Political organizations and campaign operatives should note that this prohibition applies to all advertising inventory and is not a restricted category subject to authorization....

View provision → Watch TikTok Ads →

The policy states that advertisers are responsible for indemnifying TikTok against claims arising from policy violations, inaccurate ad content, and intellectual property infringement in submitted materials....

Why it matters: This provision places financial liability for third-party claims arising from non-compliant or infringing ad content on the advertiser rather than the platform. This includes claims related to intellectual property, product misrepresentation, and regulatory violations attributable to advertiser-submitted materials....

View provision → Watch TikTok Ads →

The policy discloses that direct messages on Substack are not end-to-end encrypted and that Substack personnel may access message contents for enforcement, security, support, or service purposes. Automated scanning of direct messages for spam, malicious content, and child abuse material is also disclosed....

Why it matters: This provision establishes that direct message content is accessible to Substack personnel under defined operational circumstances and is subject to automated scanning, which is a material disclosure for users who may treat the direct messaging feature as a confidential communication channel. The terms also state that recipients may retain messages regardless of sender deletion requests, which affects the practical scope of any erasure rights asserted....

View provision → Watch Substack →

The policy discloses that Substack shares account identifiers including email addresses and usernames with industry child safety organizations and consortia for the purpose of detecting and preventing child sexual exploitation and abuse material (CSAM/OCSEA). This provision was added in the most recent policy update (May 14, 2026)....

Why it matters: This provision establishes a data sharing relationship between Substack and third-party child safety organizations for CSAM detection purposes, which represents a newly disclosed category of third-party data transfer. The provision does not identify the specific consortia involved, which limits the ability of users or compliance teams to assess the data governance practices of receiving organizations....

View provision → Watch Substack →

The policy establishes that when Substack processes subscriber Personal Information on behalf of a Creator, that processing falls outside the scope of this Privacy Policy and is instead governed by the Creator's own privacy practices. Subscribers who interact with Creator publications are directed to the Creator's own terms and privacy policies for information about how that data is used....

Why it matters: This provision establishes a data controller boundary that places responsibility for subscriber data governance on individual Creators when Substack acts as a processor on their behalf. The practical implication is that subscriber privacy rights and data handling practices vary across publications, and Substack's policy does not govern those interactions, which may require subscribers to review multiple separate privacy policies....

View provision → Watch Substack →

The policy discloses that Substack shares Personal Information with third-party service providers including generative AI services, analytics providers, and cloud computing services. The policy does not identify specific generative AI providers or describe which categories of Personal Information are shared with AI service providers....

Why it matters: This provision authorizes sharing of Personal Information with generative AI service providers as part of Substack's service provider relationships. The absence of specific provider names and data category limitations for AI services creates uncertainty about the scope of Personal Information that may be processed by third-party AI systems on Substack's behalf....

View provision → Watch Substack →

The policy states that Substack has certified compliance with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF for transatlantic personal data transfers, and that DPF Principles govern where they conflict with this policy. Dispute resolution for DPF-related complaints is available through TRUSTe at no cost, with binding arbitration available for unresolved residual claims....

Why it matters: This provision establishes the legal mechanism Substack relies on for transferring personal data from the EU, UK, and Switzerland to the US. DPF certification is subject to FTC enforcement, and the policy provides a tiered dispute resolution process for DPF-related complaints, including binding arbitration as a final recourse mechanism....

View provision → Watch Substack →

The policy discloses that Substack may collect email addresses and phone numbers of individuals who have not created Substack accounts if a Substack user syncs their address book through the app. Collected contact information is stored as hashed values and is used to facilitate contact syncing between opted-in users....

Why it matters: This provision discloses data collection about non-Substack users through address book syncing, which may occur without the knowledge of the individuals whose contact information is collected. The policy limits collection to email addresses and phone numbers stored as hashes, and limits use to contact syncing purposes....

View provision → Watch Substack →

The terms grant Miro a license to host, copy, transmit, display, and use content that users upload or create on the platform for the purposes of operating and providing the service. Users retain ownership of their content under the agreement....

Why it matters: This provision defines the scope of rights Miro holds over user-generated content, including boards, files, and collaborative materials created on the platform. Enterprise customers handling proprietary data should assess whether the license scope is compatible with their data governance and IP policies....

View provision → Watch Miro →

The terms reference a separate AI Features Addendum, accessible at miro.com/legal/ai-features-addendum/, which governs user access to and Miro's provision of AI-powered features within the platform....

Why it matters: The incorporation of a separate AI Features Addendum creates a distinct contractual layer governing AI functionality, meaning users of Miro's AI tools are subject to additional terms beyond the core Terms of Service. The scope of AI data processing, including whether user content is used for model training or improvement, requires review of that addendum....

View provision → Watch Miro →

The terms reference a Customer Data Processing Addendum (CDPA), accessible at miro.com/legal/customer-data-processing-addendum/, which governs Miro's processing of personal data on behalf of customers, particularly relevant for GDPR Article 28 compliance....

Why it matters: The CDPA establishes Miro's obligations as a data processor under GDPR and similar frameworks, defining the legal basis and conditions under which customer personal data is processed. Enterprise customers are required to assess the CDPA to satisfy their own controller-level compliance obligations....

View provision → Watch Miro →

The Terms of Service operate alongside a Master Cloud Agreement, AI Features Addendum, Customer Data Processing Addendum, Developer Terms of Use, Marketplace Terms of Use, and other supplemental instruments, creating a layered contractual structure where different documents may govern different user types and use cases....

Why it matters: This provision establishes that the operative contractual terms for any given user depend on which agreement tier applies to their account type and usage pattern. Enterprise customers may be governed by the Master Cloud Agreement rather than the consumer Terms of Service, and the applicable rights and obligations may differ materially between tiers....

View provision → Watch Miro →

The terms authorize Miro to suspend or terminate user accounts under specified conditions, including violation of acceptable use policies. The precise notice requirements, grounds, and appeal mechanisms are contained in the agreement but were not recoverable from the truncated document provided....

Why it matters: Account suspension or termination provisions determine the conditions under which users may lose access to their Miro workspace, boards, and stored content. For business users, this creates operational dependency risk that should be assessed against the agreement's notice and cure provisions....

View provision → Watch Miro →

Coinbase embeds a markup in the quoted price of cryptocurrency on top of the market rate for buy and sell transactions, in addition to any stated transaction fee. This spread is not expressed as a separate line item and is incorporated into the price shown to the user at the time of transaction....

Why it matters: This provision establishes that the total cost of a Coinbase transaction consists of two components: a disclosed transaction fee and an undisclosed-in-advance spread embedded in the asset price. The aggregate effective cost to the user therefore exceeds the transaction fee line item displayed, and the spread amount is determinable only by comparing the Coinbase quoted price to a reference market price at the time of transaction....

View provision → Watch Coinbase →

The transaction fee percentage applied to a Coinbase purchase or sale depends on the payment method selected, with bank account and Coinbase USD Wallet transactions subject to lower rates than debit card or PayPal transactions. The document states percentage fees of approximately 1.49% for bank account and USD Wallet transactions and approximately 2.49% for debit card and PayPal transactions on orders above applicable flat-fee thresholds....

Why it matters: This provision establishes that funding source selection has a direct and material effect on the transaction fee incurred, with debit card and PayPal users paying a higher percentage rate than bank account users. The fee differential is operationally significant for frequent traders or high-volume users where the rate difference compounds across multiple transactions....

View provision → Watch Coinbase →

Cryptocurrency-to-cryptocurrency conversions on Coinbase are subject to both a transaction fee and an embedded spread in the conversion rate, consistent with the structure applied to fiat-to-cryptocurrency transactions. Both cost components are disclosed at the time of conversion confirmation....

Why it matters: This provision establishes that conversions between cryptocurrencies incur the same dual-cost structure as fiat purchases and sales, meaning users converting one crypto asset to another pay both a stated fee and a spread embedded in the quoted conversion rate. The aggregate cost of a conversion is therefore not fully represented by the displayed transaction fee alone....

View provision → Watch Coinbase →

Section XXIII.17 of the agreement limits Block's liability to users, and based on the document's reference to a $500 cap in the context of dispute resolution, the limitation restricts the maximum damages a user may recover from Block in connection with the services....

Why it matters: This provision caps the recoverable damages users may seek from Block, which is operationally significant given that Cash App handles financial transactions including peer-to-peer payments, investing, and lending. The cap on liability limits the financial recourse available to users who experience losses attributable to platform errors or service failures....

View provision → Watch Cash App →

Section XXII establishes specific terms governing the use of generative AI features within Cash App, which are a distinct product category within the platform subject to their own conditions....

Why it matters: The inclusion of a dedicated Generative AI Terms of Use section indicates that Cash App has integrated AI-generated content or AI-assisted features into the platform, and that users are subject to specific conditions when using those features. This provision may have implications for data inputs, AI-generated output accuracy, and liability for reliance on AI-generated information in a financial context....

View provision → Watch Cash App →

The agreement establishes a Sponsored Account category for users under 18 (the document references ages 13-17 in Section III), which allows minors to use certain Cash App features under parental or guardian sponsorship....

Why it matters: The Sponsored Account provision creates a distinct account type for minors aged 13-17, which engages COPPA requirements for the collection of personal information from children under 13 (if applicable) and state minor privacy laws. The fee disclosures in Section I explicitly reference Sponsored Accounts as covered prepaid accounts....

View provision → Watch Cash App →

The agreement discloses a variable instant transfer fee (amount disclosed at the time of transaction) for expedited transfers from Cash App Balance to a linked external account, and a 3% foreign transaction fee on international card transactions, with a conditional waiver for eligible users who meet monthly spending or deposit thresholds....

Why it matters: The instant transfer fee is disclosed as variable with the amount revealed only at the time of the transaction rather than in advance in a fixed schedule, which is relevant to the CFPB's Prepaid Accounts Rule requirements for fee disclosure. The 3% foreign transaction fee applies to international card use and is waivable only under specific qualifying conditions....

View provision → Watch Cash App →

Section V of the agreement governs the ownership and usage rights applicable to data generated or submitted through Cash App, including user content and service-generated data, and incorporates the Privacy Notice by reference....

Why it matters: This section establishes the data ownership framework applicable to user-submitted content and platform data, and its interaction with the Privacy Notice (referenced as a binding policy) determines how personal financial data, transaction records, and user-generated content may be used by Block....

View provision → Watch Cash App →

Section IX governs the terms applicable to Bitcoin and other virtual currency transactions within Cash App, establishing conditions for buying, selling, and transferring virtual currency....

Why it matters: Virtual currency services within a consumer financial platform engage a distinct regulatory framework including FinCEN's BSA/AML requirements, state money transmitter licensing, and potentially SEC jurisdiction depending on the classification of specific virtual currency products. The terms applicable to virtual currency transactions may differ materially from those applicable to fiat currency services....

View provision → Watch Cash App →

The agreement discloses a tiered fee structure for the Remittance Service: bank transfers of $300 or more are free; bank transfers under $300 carry a $1.99 fee; cash pickup transfers of $300 or more carry a $1.99 fee; and cash pickup transfers under $300 carry a $3.98 fee....

Why it matters: The remittance fee structure creates distinct cost tiers based on transfer amount and delivery method, which is relevant to the Consumer Financial Protection Bureau's remittance transfer rules under Regulation E (the Remittance Rule), which requires pre-payment disclosure of fees, exchange rates, and amounts to be received....

View provision → Watch Cash App →

The agreement states that subscription fees committed under an Order Form are non-refundable and non-cancellable for the duration of the subscription term, and that the Customer bears responsibility for applicable taxes....

Why it matters: This provision requires business customers to fulfill the full financial obligation of a contracted subscription term regardless of whether they continue using the services, creating a committed payment exposure that procurement teams should account for during contract review....

View provision → Watch HubSpot →

The agreement caps each party's total aggregate liability at the amount paid or payable by the Customer in the twelve months preceding the incident, and excludes lost profits, indirect, special, incidental, consequential, and punitive damages for both parties....

Why it matters: This provision establishes the maximum financial recovery available to either party in the event of a breach or claim, capping HubSpot's liability at twelve months of fees paid and excluding categories of harm such as lost profits and consequential damages that may substantially exceed direct fees in a data breach or service failure scenario....

View provision → Watch HubSpot →

The agreement authorizes HubSpot to suspend Customer and Authorized User access to subscription services without prior notice in cases of material breach (including non-payment), security incidents, or legal or governmental requirements....

Why it matters: This provision establishes that HubSpot holds the right to suspend service access unilaterally upon triggering conditions including non-payment and security incidents, which creates operational dependency risk for customers whose business processes rely on continuous HubSpot platform access....

View provision → Watch HubSpot →

The agreement requires Customers to defend and indemnify HubSpot against third-party claims, damages, and legal costs arising from the Customer's use of services in violation of the agreement, from Customer Data uploaded to the platform, or from the Customer's violation of third-party rights....

Why it matters: This provision establishes a unidirectional indemnification obligation on the Customer covering claims arising from Customer Data, which includes Contact Data uploaded to HubSpot. This means that if a data subject or regulator brings a claim related to Customer Data processed through HubSpot, the Customer is contractually obligated to defend and hold HubSpot harmless....

View provision → Watch HubSpot →

The agreement states that HubSpot may modify the Terms of Service with at least 30 days advance notice posted to the terms page, and that changes are not retroactive. Continued use of the services after the effective date constitutes acceptance of the modified terms....

Why it matters: This provision establishes that HubSpot holds the right to unilaterally modify the agreement's terms with 30 days notice, and that continued platform use after the notice period constitutes acceptance, which means customers who do not actively monitor terms changes may be bound by updated obligations....

View provision → Watch HubSpot →

The agreement states that Customer Data ownership remains with the Customer, but that the Customer grants HubSpot a worldwide, royalty-free license to collect, use, copy, store, transmit, modify, and create derivative works of Customer Data to the extent necessary to provide the services....

Why it matters: This provision establishes the scope of HubSpot's license to use Customer Data, including the right to create derivative works, which encompasses the use of Customer Data in product improvement and aggregated analytics activities described elsewhere in the agreement. The license is scoped to service provision, but the inclusion of derivative works creation warrants review against the Customer's data governance obligations....

View provision → Watch HubSpot →

The agreement incorporates HubSpot's Acceptable Use Policy by reference and states that HubSpot may update that policy at any time, with updates effective upon posting, and that continued use of the services constitutes acceptance of any policy updates....

Why it matters: This provision establishes that the AUP is a binding component of the agreement and that HubSpot may modify it with no minimum notice period, unlike the 30-day notice required for core terms modifications. Violations of the AUP are cited elsewhere as a trigger for service suspension....

View provision → Watch HubSpot →

The policy authorizes sharing of device identifiers, browsing activity, purchase history, and preference inferences with advertising partners, analytics providers, and social media companies for targeted advertising and campaign measurement....

Why it matters: This provision authorizes cross-context behavioral advertising data sharing, which triggers CCPA/CPRA opt-out rights for California residents and analogous rights under other state privacy laws. The breadth of data categories shared, including purchase history and inferences, creates ongoing consent and opt-out mechanism compliance obligations....

View provision → Watch Samsung →

The policy states that Samsung's services are not directed to children under 13 and that Samsung does not knowingly collect personal information from users under 13 without verified parental consent, committing to deletion of inadvertently collected data....

Why it matters: This provision establishes Samsung's COPPA compliance posture. The policy's statement that services are not directed to children under 13 does not address whether specific Samsung products, such as Galaxy devices marketed to younger users or family-oriented SmartThings features, require enhanced age-screening mechanisms in practice....

View provision → Watch Samsung →