-
Runway
· Runway Terms of Service
Runway states that you do not own your account or API keys; the company retains all rights to them at all times....
Why it matters: The agreement states that users hold no property interest in their accounts, meaning Runway retains the right to suspend, terminate, or reclaim accounts without the user having a property-based claim to the account or its contents....
-
Writer
· Writer Trust Center
The Trust page states that Writer's platform is designed to meet enterprise security, privacy, and compliance requirements, but does not provide specific contractual commitments or legal obligations in the text available....
Why it matters: Marketing claims about security and compliance do not carry the same legal weight as contractual commitments in a privacy policy or data processing agreement. Businesses and consumers should verify these claims against Writer's actual legal documents....
-
Writer
· Writer Trust Center
The Trust page loads Google Tag Manager (GTM-NXVXDK), which enables tracking of visitor behavior on the page. This is a common analytics mechanism used across many commercial websites....
Why it matters: Google Tag Manager can be used to deploy a range of tracking scripts, including advertising and analytics tags. Whether and how visitor data is disclosed in Writer's privacy policy cannot be assessed from this page alone....
-
Writer
· Writer Trust Center
The Trust page includes HubSpot analytics tracking code that records page visits and categorizes this page as a standard page within HubSpot's tracking system....
Why it matters: HubSpot tracking may collect visitor identifiers, page interaction data, and session information. This introduces HubSpot as an additional third-party data recipient whose practices govern what happens with collected data....
-
Writer
· Writer Trust Center
The page references OneTrust (optanon) styling, which is commonly associated with a cookie consent management platform. This suggests Writer uses OneTrust to manage cookie consent on its website....
Why it matters: The presence of OneTrust styling indicates Writer has implemented some form of cookie consent infrastructure, which is relevant for assessing compliance with GDPR and ePrivacy Directive requirements for EU/EEA visitors....
-
Monitoring
These provisions have changed before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
-
Writer
· Writer Trust Center
The page discloses that the legal entity is Writer, Inc., with a contact email of hello@writer.com and a telephone number of +1 (415) 275-1883....
Why it matters: Disclosure of the legal entity name and contact information is relevant for consumers and businesses who need to direct privacy requests, complaints, or legal notices to the correct organization....
-
Pika
· Pika Acceptable Use Policy
Pika can change the rules in this AUP at any time, and if you keep using the service after changes are posted, you are considered to have agreed to the new rules....
Why it matters: This provision authorizes Pika to modify the AUP's terms unilaterally, with continued use of the service treated as acceptance of new terms; users who do not monitor policy updates may unknowingly accept new obligations....
-
Suno
· Suno Acceptable Use Policy
The free tier of Suno limits users to 10 song generations per day, does not include commercial rights, and does not require a credit card to access....
Why it matters: Free-tier users are subject to a daily generation cap and do not receive commercial rights to their outputs; any commercial use of free-tier generated music may fall outside the scope of what the terms authorize....
-
Hugging Face
· Hugging Face Model Card Guidelines
Model card authors may include carbon emissions data from model training in the structured metadata, making the environmental footprint of AI models visible to users on the Hub....
Why it matters: Carbon emissions disclosure in model cards engages emerging ESG reporting frameworks and provides organizations integrating AI models with data relevant to their own sustainability reporting obligations....
-
DeepSeek
· DeepSeek Model License
Anyone who shares or redistributes the DeepSeek-R1 model or any modified version of it must keep all original copyright and attribution notices intact....
Why it matters: This clause establishes a continuing obligation for any entity that distributes or builds upon the model to preserve DeepSeek's intellectual property notices, which is standard in open-weight AI licenses but creates an audit and compliance obligation for organizations that redistribute modified versions....
-
DeepSeek
· DeepSeek Model License
You cannot use DeepSeek's name or logo to suggest that your product or service is endorsed by or affiliated with DeepSeek unless you have their written permission....
Why it matters: This provision protects DeepSeek's brand identity and prevents downstream users from implying a commercial relationship or endorsement that does not exist, which has practical implications for how derivative products are marketed....
-
ElevenLabs
· ElevenLabs Privacy Policy
ElevenLabs may change this privacy policy and states it will notify users by email or a website notice before material changes take effect....
Why it matters: The policy states material changes will be communicated by email or website notice, but does not specify a minimum advance notice period, which means users may have limited time to review changes before they apply....
-
Cursor
· Cursor Security Practices
Cursor states it has no servers or infrastructure in China and does not use Chinese companies as data processors, including at the sub-subprocessor level to the best of its knowledge....
Why it matters: This disclosure addresses data sovereignty concerns relevant to users and enterprises subject to regulations or policies restricting data flows to or processing by entities in certain jurisdictions; the qualification 'to our knowledge' at the sub-subprocessor level introduces a bounded uncertainty....
-
Cursor
· Cursor Security Practices
Cursor has obtained a SOC 2 Type II security certification and conducts annual third-party penetration tests; both reports can be requested through Cursor's trust portal....
Why it matters: The SOC 2 Type II attestation provides independent third-party validation of Cursor's security controls, which is a material input for enterprise vendor risk assessments and procurement decisions....
-
Cursor
· Cursor Security Practices
Cursor publishes a list of all third-party vendors that process user data and reviews each one annually; the list is available at trust.cursor.com/subprocessors....
Why it matters: The subprocessor list and annual review commitment are operationally significant for enterprise customers who need to track third-party data flows for GDPR Article 28 compliance or internal vendor risk programs....
-
Cursor
· Cursor Security Practices
Cursor states that users can delete their accounts at any time through the Settings dashboard, with customer support available at hi@cursor.com for assistance....
Why it matters: The document states account deletion is available at any time without restriction; this is relevant to users exercising data deletion rights under GDPR, CCPA, or similar frameworks, though the document does not specify what data is deleted or the timeline for deletion completion....
-
Cursor
· Cursor Security Practices
Cursor states that its internal systems are accessed only on a need-to-know basis, with multi-factor authentication required for staff and ongoing monitoring of system activity....
Why it matters: These access control disclosures are relevant to enterprise vendor risk assessments and are commonly evaluated in SOC 2 audits; they indicate the organizational controls in place to limit unauthorized internal access to user data including source code....
-
Midjourney
· Midjourney Data Retention & Privacy FAQ
Midjourney can update this privacy policy and will try to notify you by email or website notice before material changes take effect....
Why it matters: The policy reserves the right to modify its terms and relies on email or website notice for material changes, meaning users who do not monitor their email or the website may miss updates that affect how their data is handled....
-
Scale AI
· Scale AI Terms of Service
You are permitted to browse the Scale website for your own internal use only, using a standard web browser. You may not copy, reverse engineer, or use the site to build competing products, and you cannot share your access with unauthorized third parties....
Why it matters: The license is revocable and conditioned on ongoing compliance; violations of the terms automatically terminate the license, and the restrictions on reverse engineering and competitive product development are legally operative provisions that may affect developers and researchers....
-
Scale AI
· Scale AI Terms of Service
Scale makes no promises that the website is accurate, secure, or will work without interruption. The site is provided as-is, and Scale disclaims all warranties about its reliability or fitness for any particular use....
Why it matters: The disclaimer explicitly states that Scale does not warrant that the site is accurate, secure, or free of viruses or harmful components, and does not commit to correcting such issues; this is materially relevant for users who rely on the site for compliance documentation or product information....
-
OpenAI
· OpenAI Enterprise Privacy
OpenAI states it undergoes independent audits of its security controls and has achieved SOC 2 Type 2 certification, which is a widely used standard for evaluating a service organization's security, availability, and confidentiality controls....
Why it matters: SOC 2 Type 2 certification provides enterprise customers with third-party verification that OpenAI's security controls have been tested over a defined period, which is commonly required in vendor security assessments and procurement processes....
-
OpenAI
· OpenAI Safety Standards
OpenAI states it has dedicated a team and 20% of its computing resources to researching how to ensure that AI systems far more capable than current models remain aligned with human values and oversight....
Why it matters: This commitment describes how OpenAI allocates internal resources toward long-term safety research for AI systems that do not yet exist; it signals the organization's assessment of risk timelines and its stated prioritization of alignment research....
-
OpenAI
· OpenAI Safety Standards
OpenAI states it has made voluntary agreements with the US government regarding AI safety practices, including sharing safety information with government bodies and other AI companies....
Why it matters: Voluntary government commitments of this type may influence how regulators evaluate OpenAI's practices and could become reference points in future enforcement or regulatory proceedings, though they are not legally binding in the same manner as regulatory requirements....
-
OpenAI
· OpenAI Safety Standards
OpenAI states it considers human ability to monitor, correct, and control AI system behavior to be an important principle in its development approach....
Why it matters: The commitment to human oversight describes a design principle that affects how OpenAI's AI systems are built and what controls are maintained; it is relevant to users and organizations that rely on AI outputs for consequential decisions....
-
OpenAI
· OpenAI Safety Standards
OpenAI states that its core organizational purpose is developing artificial general intelligence in a way that benefits all of humanity....
Why it matters: The mission statement frames OpenAI's stated corporate purpose and the lens through which it describes its safety and development decisions; it is a values assertion rather than a legally binding commitment with specific operational requirements....
-
Pinecone
· Pinecone Data Processing Addendum
If one of Pinecone's subprocessors causes a data protection breach, Pinecone is contractually responsible to the Customer to the same extent as if Pinecone itself had caused the breach....
Why it matters: This clause establishes full pass-through liability for Subprocessor failures, which aligns with GDPR Article 28(4) requirements and provides business customers with a single point of accountability for data protection failures across Pinecone's supply chain....
-
Apple Intelligence
· Apple Private Cloud Compute Security Guide
Apple states that neither Apple nor any third party can use the PCC system to single out, monitor, or correlate requests from specific individuals....
Why it matters: This provision directly addresses the risk of targeted surveillance or profiling of individual users through the AI cloud infrastructure, which is a specific privacy protection relevant to both consumers and regulated enterprises....
-
Apple Intelligence
· Apple Private Cloud Compute Security Guide
Apple states it will publicly publish the software running on PCC servers along with a signed inventory of components and a log of every software version deployed, so that independent researchers can verify what is actually running on the system....
Why it matters: This provision creates a publicly auditable, cryptographically signed record of the software running on PCC nodes, which is the primary mechanism by which the other privacy guarantees in this document can be independently verified rather than accepted on Apple's word alone....
-
Apple Intelligence
· Apple Private Cloud Compute Security Guide
Apple states that each server in the PCC system uses a dedicated security chip to verify that only approved software is running, providing a hardware-level guarantee that the privacy protections are enforced from the moment the server starts....
Why it matters: The hardware root of trust is the foundational technical mechanism that makes the other privacy guarantees enforceable, because it prevents unauthorized or modified software from running on PCC nodes without detection....
-
Apple Intelligence
· Apple Private Cloud Compute Security Guide
Apple states it provides a special testing environment where independent security researchers can run and examine the actual software used in Apple Intelligence cloud servers, and can report discovered security issues through Apple's bug bounty program....
Why it matters: The Virtual Research Environment is the primary mechanism by which the privacy and security claims in this guide can be independently verified, and the existence of a formal research pathway and bug bounty program creates an operational accountability mechanism beyond self-attestation....
-
NVIDIA NIM
· NVIDIA NIM Terms of Use
Disputes about this agreement are governed by Delaware law and must be brought in courts in Santa Clara County, California....
Why it matters: The agreement requires that legal disputes be resolved in Santa Clara County, California, which may be geographically and financially impractical for international or non-California-based licensees....
-
Baseten
· Baseten Privacy Policy
Baseten uses third-party payment processors to handle payment card transactions and states it does not store your payment card information directly; your payment data is governed by the payment processor's own privacy policy....
Why it matters: The policy states that Baseten does not store payment card data directly, which limits Baseten's liability for payment card data breaches, but also means users must review the payment processor's separate privacy policy to understand how their financial data is handled....
-
Baseten
· Baseten Privacy Policy
Baseten's service does not honor Do Not Track browser signals, meaning that even if your browser is set to request no tracking, Baseten will not change its data collection practices in response....
Why it matters: The policy explicitly states that the service does not respond to Do Not Track signals, which is a disclosure required by CalOPPA; this means users relying on browser-level DNT settings will not receive reduced tracking when using Baseten's service....
-
NotebookLM
· Google Generative AI Terms
Using NotebookLM's AI features means you agree to both these additional terms and Google's main Terms of Service; where there is a conflict, these AI-specific terms take priority....
Why it matters: This provision establishes a layered agreement structure where the generative AI terms govern in cases of conflict, meaning users of NotebookLM are subject to both the standard Google Terms of Service and these additional terms, and should review both documents to understand the full scope of their agreement....
-
OpenRouter
· OpenRouter Privacy Policy
OpenRouter states it takes security measures to protect personal data but does not guarantee that data will be protected against unauthorized access or breaches....
Why it matters: The policy disclaims absolute security guarantees for personal data, which is standard industry language, but means users should not rely on this policy as a contractual security commitment in the event of a data breach....
-
NVIDIA NIM
· NVIDIA Privacy Policy
NVIDIA states its services are not intended for children under 13 and that it does not knowingly collect data from children under 13; parents can request deletion of any such data....
Why it matters: The policy establishes an age-based restriction on data collection consistent with COPPA in the US; the restriction applies to services not directed at children, but does not address the full range of minors' privacy protections under GDPR Article 8 or state laws that apply to users under 16 or 18....
-
NVIDIA NIM
· NVIDIA Privacy Policy
NVIDIA keeps your personal data for as long as it determines necessary for business or legal purposes, without specifying fixed retention periods for most data categories....
Why it matters: The policy does not specify defined retention periods for most categories of personal data, instead relying on a purpose-based standard; this approach may require evaluation under GDPR's storage limitation principle and equivalent requirements in other jurisdictions....
-
LangChain
· LangChain Privacy Policy
If you live in California, you have the right to see what data LangChain has collected about you, ask for it to be deleted, and opt out of any sale of your data, with no penalty for exercising these rights....
Why it matters: California residents can exercise rights under CCPA including data access, deletion, and opt-out of sale, and the policy provides a direct contact mechanism at privacy@langchain.dev for submitting these requests....
-
LangChain
· LangChain Privacy Policy
If you are in the EU or UK, you have rights under GDPR to see, correct, delete, or transfer your personal data, and to object to how LangChain uses it, and you can contact privacy@langchain.dev to exercise these rights....
Why it matters: EU and UK users have enforceable rights under GDPR and UK GDPR including data access, erasure, portability, and the right to object to processing, and the policy provides a contact mechanism and acknowledges the right to complain to a supervisory authority....
-
LangChain
· LangChain Privacy Policy
LangChain may change this privacy policy at any time and says it will notify you by email or website notice if the changes are significant, but it encourages you to check the policy regularly....
Why it matters: The policy reserves the right to make changes that will apply to previously collected data and relies on email notification or website posting as the primary mechanism for informing users of material changes, with no guaranteed advance notice period specified....
-
Pinecone
· Pinecone Privacy Policy
Pinecone states it may send you promotional emails and gives you the ability to opt out of those communications....
Why it matters: The policy states marketing communications are sent and that an opt-out mechanism is available, which is relevant to users who do not wish to receive promotional emails from Pinecone....