Provisions Index

The policy states that advertiser compliance obligations extend beyond the ad creative itself to include the destination landing pages, requiring that those pages meet platform policy standards and applicable legal requirements....

Why it matters: This provision extends advertiser compliance obligations to external landing page content, including privacy disclosures, product claims, and data collection practices on destination URLs. Ad approval may be conditioned on landing page compliance, and post-approval violations on landing pages may trigger ad removal....

View provision → Watch TikTok Ads →

The policy states a global prohibition on political advertising on the TikTok Ads platform, covering candidate promotion, party advertising, and ballot measure advocacy across all markets....

Why it matters: This provision categorically excludes political campaign advertising from TikTok's paid advertising products on a global basis. Political organizations and campaign operatives should note that this prohibition applies to all advertising inventory and is not a restricted category subject to authorization....

View provision → Watch TikTok Ads →

The policy states that advertisers are responsible for indemnifying TikTok against claims arising from policy violations, inaccurate ad content, and intellectual property infringement in submitted materials....

Why it matters: This provision places financial liability for third-party claims arising from non-compliant or infringing ad content on the advertiser rather than the platform. This includes claims related to intellectual property, product misrepresentation, and regulatory violations attributable to advertiser-submitted materials....

View provision → Watch TikTok Ads →

The policy discloses that direct messages on Substack are not end-to-end encrypted and that Substack personnel may access message contents for enforcement, security, support, or service purposes. Automated scanning of direct messages for spam, malicious content, and child abuse material is also disclosed....

Why it matters: This provision establishes that direct message content is accessible to Substack personnel under defined operational circumstances and is subject to automated scanning, which is a material disclosure for users who may treat the direct messaging feature as a confidential communication channel. The terms also state that recipients may retain messages regardless of sender deletion requests, which affects the practical scope of any erasure rights asserted....

View provision → Watch Substack →

The policy discloses that Substack shares account identifiers including email addresses and usernames with industry child safety organizations and consortia for the purpose of detecting and preventing child sexual exploitation and abuse material (CSAM/OCSEA). This provision was added in the most recent policy update (May 14, 2026)....

Why it matters: This provision establishes a data sharing relationship between Substack and third-party child safety organizations for CSAM detection purposes, which represents a newly disclosed category of third-party data transfer. The provision does not identify the specific consortia involved, which limits the ability of users or compliance teams to assess the data governance practices of receiving organizations....

View provision → Watch Substack →

The policy establishes that when Substack processes subscriber Personal Information on behalf of a Creator, that processing falls outside the scope of this Privacy Policy and is instead governed by the Creator's own privacy practices. Subscribers who interact with Creator publications are directed to the Creator's own terms and privacy policies for information about how that data is used....

Why it matters: This provision establishes a data controller boundary that places responsibility for subscriber data governance on individual Creators when Substack acts as a processor on their behalf. The practical implication is that subscriber privacy rights and data handling practices vary across publications, and Substack's policy does not govern those interactions, which may require subscribers to review multiple separate privacy policies....

View provision → Watch Substack →

The policy discloses that Substack shares Personal Information with third-party service providers including generative AI services, analytics providers, and cloud computing services. The policy does not identify specific generative AI providers or describe which categories of Personal Information are shared with AI service providers....

Why it matters: This provision authorizes sharing of Personal Information with generative AI service providers as part of Substack's service provider relationships. The absence of specific provider names and data category limitations for AI services creates uncertainty about the scope of Personal Information that may be processed by third-party AI systems on Substack's behalf....

View provision → Watch Substack →

The policy states that Substack has certified compliance with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF for transatlantic personal data transfers, and that DPF Principles govern where they conflict with this policy. Dispute resolution for DPF-related complaints is available through TRUSTe at no cost, with binding arbitration available for unresolved residual claims....

Why it matters: This provision establishes the legal mechanism Substack relies on for transferring personal data from the EU, UK, and Switzerland to the US. DPF certification is subject to FTC enforcement, and the policy provides a tiered dispute resolution process for DPF-related complaints, including binding arbitration as a final recourse mechanism....

View provision → Watch Substack →

The policy establishes that users may submit requests for access, correction, erasure, restriction, portability, and objection to processing, depending on applicable law. The most recent policy update added a one-month response commitment for certain privacy rights requests and the right to object to certain types of processing. Rights are subject to legal limitations including retention obligations....

Why it matters: This provision establishes the procedural framework for user privacy rights requests, with a one-month response commitment added in the May 2026 update. The provision conditions the availability and scope of rights on applicable local law, meaning the rights available to a given user depend on their jurisdiction....

View provision → Watch Substack →

The policy discloses that Substack may collect email addresses and phone numbers of individuals who have not created Substack accounts if a Substack user syncs their address book through the app. Collected contact information is stored as hashed values and is used to facilitate contact syncing between opted-in users....

Why it matters: This provision discloses data collection about non-Substack users through address book syncing, which may occur without the knowledge of the individuals whose contact information is collected. The policy limits collection to email addresses and phone numbers stored as hashes, and limits use to contact syncing purposes....

View provision → Watch Substack →

The policy authorizes transfer of customer Personal Information to prospective buyers or sellers in connection with a business sale, merger, bankruptcy, or change of control, subject to applicable local laws....

Why it matters: This provision reserves the right to transfer subscriber and user Personal Information as part of a business asset transaction, which could result in Personal Information being transferred to a new entity with different privacy practices. The provision notes that such transfers are subject to local laws but does not specify what protections apply to transferred data....

View provision → Watch Substack →

The terms grant Miro a license to host, copy, transmit, display, and use content that users upload or create on the platform for the purposes of operating and providing the service. Users retain ownership of their content under the agreement....

Why it matters: This provision defines the scope of rights Miro holds over user-generated content, including boards, files, and collaborative materials created on the platform. Enterprise customers handling proprietary data should assess whether the license scope is compatible with their data governance and IP policies....

View provision → Watch Miro →

The terms reference a separate AI Features Addendum, accessible at miro.com/legal/ai-features-addendum/, which governs user access to and Miro's provision of AI-powered features within the platform....

Why it matters: The incorporation of a separate AI Features Addendum creates a distinct contractual layer governing AI functionality, meaning users of Miro's AI tools are subject to additional terms beyond the core Terms of Service. The scope of AI data processing, including whether user content is used for model training or improvement, requires review of that addendum....

View provision → Watch Miro →

The terms reference a Customer Data Processing Addendum (CDPA), accessible at miro.com/legal/customer-data-processing-addendum/, which governs Miro's processing of personal data on behalf of customers, particularly relevant for GDPR Article 28 compliance....

Why it matters: The CDPA establishes Miro's obligations as a data processor under GDPR and similar frameworks, defining the legal basis and conditions under which customer personal data is processed. Enterprise customers are required to assess the CDPA to satisfy their own controller-level compliance obligations....

View provision → Watch Miro →

The Terms of Service operate alongside a Master Cloud Agreement, AI Features Addendum, Customer Data Processing Addendum, Developer Terms of Use, Marketplace Terms of Use, and other supplemental instruments, creating a layered contractual structure where different documents may govern different user types and use cases....

Why it matters: This provision establishes that the operative contractual terms for any given user depend on which agreement tier applies to their account type and usage pattern. Enterprise customers may be governed by the Master Cloud Agreement rather than the consumer Terms of Service, and the applicable rights and obligations may differ materially between tiers....

View provision → Watch Miro →

The terms authorize Miro to suspend or terminate user accounts under specified conditions, including violation of acceptable use policies. The precise notice requirements, grounds, and appeal mechanisms are contained in the agreement but were not recoverable from the truncated document provided....

Why it matters: Account suspension or termination provisions determine the conditions under which users may lose access to their Miro workspace, boards, and stored content. For business users, this creates operational dependency risk that should be assessed against the agreement's notice and cure provisions....

View provision → Watch Miro →

The terms reference a publicly available Subprocessors List at miro.com/legal/subprocessors-list/, which discloses third-party entities that may process user or customer data in connection with Miro's services....

Why it matters: The Subprocessors List is a material disclosure for customers assessing their data supply chain obligations under GDPR Article 28 and equivalent frameworks. The terms authorize Miro to update this list, and enterprise customers should monitor it for changes that may affect their data transfer or processing assessments....

View provision → Watch Miro →

The terms reference a separate Developer Terms of Use governing access to Miro's developer platform and APIs, applicable to users building integrations or applications on the Miro platform....

Why it matters: The Developer Terms of Use establish a distinct contractual layer for API access and third-party application development, which may include additional restrictions on data use, rate limits, and intellectual property obligations. Developers building on the Miro platform are subject to these terms in addition to the core Terms of Service....

View provision → Watch Miro →

The terms reference a Miro Marketplace Terms of Use governing participation in the Miro Marketplace, which is the platform through which third-party applications and integrations are distributed to Miro users....

Why it matters: The Marketplace Terms of Use establish the contractual basis for third-party application distribution on the Miro platform, affecting both developers who publish apps and users who install them. Marketplace participants are subject to additional terms that may address revenue sharing, content standards, and data handling obligations....

View provision → Watch Miro →

Coinbase embeds a markup in the quoted price of cryptocurrency on top of the market rate for buy and sell transactions, in addition to any stated transaction fee. This spread is not expressed as a separate line item and is incorporated into the price shown to the user at the time of transaction....

Why it matters: This provision establishes that the total cost of a Coinbase transaction consists of two components: a disclosed transaction fee and an undisclosed-in-advance spread embedded in the asset price. The aggregate effective cost to the user therefore exceeds the transaction fee line item displayed, and the spread amount is determinable only by comparing the Coinbase quoted price to a reference market price at the time of transaction....

View provision → Watch Coinbase →

The transaction fee percentage applied to a Coinbase purchase or sale depends on the payment method selected, with bank account and Coinbase USD Wallet transactions subject to lower rates than debit card or PayPal transactions. The document states percentage fees of approximately 1.49% for bank account and USD Wallet transactions and approximately 2.49% for debit card and PayPal transactions on orders above applicable flat-fee thresholds....

Why it matters: This provision establishes that funding source selection has a direct and material effect on the transaction fee incurred, with debit card and PayPal users paying a higher percentage rate than bank account users. The fee differential is operationally significant for frequent traders or high-volume users where the rate difference compounds across multiple transactions....

View provision → Watch Coinbase →

Coinbase applies a flat fee rather than a percentage-based fee for transactions below a specified dollar threshold, with the applicable flat fee amount displayed at the time of transaction. The document indicates flat fees apply to transactions in lower value tiers, with the percentage fee structure applying above those thresholds....

Why it matters: This provision establishes that the fee calculation method switches between flat-rate and percentage-rate depending on transaction size, and the applicable fee is disclosed at checkout rather than in a static published schedule for all transaction sizes. Users making small or infrequent purchases should be aware that the flat fee may represent a higher effective percentage cost on low-value transactions than the stated percentage rates suggest....

View provision → Watch Coinbase →

Coinbase discloses the applicable transaction fee to the user at the point of transaction confirmation, and completion of the transaction constitutes agreement to pay the disclosed fee. The document does not specify a mechanism for advance notice of fee schedule changes outside the transaction flow....

Why it matters: This provision establishes that fee acceptance is incorporated into the transaction confirmation step rather than through a separate consent mechanism, and that the fee schedule as published may be updated without a separately stated advance notice obligation. Users who proceed through transaction confirmation are bound to the fee displayed at that step under these terms....

View provision → Watch Coinbase →

The Coinbase USD Wallet functions as a funding source that qualifies for the lower bank-account-equivalent fee tier, and transfers of USD from a bank account into the Coinbase USD Wallet do not incur an additional fee under these terms. This structure creates a two-step pathway to access lower transaction fee rates....

Why it matters: This provision establishes that the Coinbase USD Wallet is treated equivalently to a bank account for fee tier purposes, providing users with a mechanism to access the lower 1.49% fee rate on purchases while maintaining funds within the Coinbase platform. The document also states that USD transfers into the wallet from a bank account are free, which is operationally relevant for cost planning....

View provision → Watch Coinbase →

Cryptocurrency-to-cryptocurrency conversions on Coinbase are subject to both a transaction fee and an embedded spread in the conversion rate, consistent with the structure applied to fiat-to-cryptocurrency transactions. Both cost components are disclosed at the time of conversion confirmation....

Why it matters: This provision establishes that conversions between cryptocurrencies incur the same dual-cost structure as fiat purchases and sales, meaning users converting one crypto asset to another pay both a stated fee and a spread embedded in the quoted conversion rate. The aggregate cost of a conversion is therefore not fully represented by the displayed transaction fee alone....

View provision → Watch Coinbase →

The agreement requires users to resolve disputes with Block through individual binding arbitration rather than through courts, and includes a 30-day opt-out window available by written notice after first accepting the terms....

Why it matters: This provision requires disputes to proceed through individual arbitration administered by AAA or JAMS rather than through civil litigation, and the accompanying class action waiver means users cannot participate in consolidated or class proceedings against Block. The 30-day opt-out window is operationally time-limited and requires affirmative written action by mail....

View provision → Watch Cash App →

The agreement includes a class action waiver requiring users to pursue claims against Block individually rather than as part of a class or consolidated proceeding, as referenced in Sections XXIII.19 and XXIII.20....

Why it matters: This provision requires that any legal claims against Block be brought on an individual basis only; users cannot join or initiate class action or consolidated proceedings under these terms. The waiver applies in conjunction with the mandatory arbitration clause....

View provision → Watch Cash App →

The agreement reserves Block's right to suspend, limit, or terminate user accounts at its discretion, including without prior notice, which may affect access to funds held in the Cash App Balance....

Why it matters: This provision grants Block discretionary authority to restrict or terminate account access, which is operationally significant because the Cash App Balance functions as a prepaid account and primary financial account for some users. Account suspension without prior notice may delay or restrict access to stored funds....

View provision → Watch Cash App →

Section XXIII.17 of the agreement limits Block's liability to users, and based on the document's reference to a $500 cap in the context of dispute resolution, the limitation restricts the maximum damages a user may recover from Block in connection with the services....

Why it matters: This provision caps the recoverable damages users may seek from Block, which is operationally significant given that Cash App handles financial transactions including peer-to-peer payments, investing, and lending. The cap on liability limits the financial recourse available to users who experience losses attributable to platform errors or service failures....

View provision → Watch Cash App →

Section XXII establishes specific terms governing the use of generative AI features within Cash App, which are a distinct product category within the platform subject to their own conditions....

Why it matters: The inclusion of a dedicated Generative AI Terms of Use section indicates that Cash App has integrated AI-generated content or AI-assisted features into the platform, and that users are subject to specific conditions when using those features. This provision may have implications for data inputs, AI-generated output accuracy, and liability for reliance on AI-generated information in a financial context....

View provision → Watch Cash App →

The agreement establishes a Sponsored Account category for users under 18 (the document references ages 13-17 in Section III), which allows minors to use certain Cash App features under parental or guardian sponsorship....

Why it matters: The Sponsored Account provision creates a distinct account type for minors aged 13-17, which engages COPPA requirements for the collection of personal information from children under 13 (if applicable) and state minor privacy laws. The fee disclosures in Section I explicitly reference Sponsored Accounts as covered prepaid accounts....

View provision → Watch Cash App →

The agreement discloses a variable instant transfer fee (amount disclosed at the time of transaction) for expedited transfers from Cash App Balance to a linked external account, and a 3% foreign transaction fee on international card transactions, with a conditional waiver for eligible users who meet monthly spending or deposit thresholds....

Why it matters: The instant transfer fee is disclosed as variable with the amount revealed only at the time of the transaction rather than in advance in a fixed schedule, which is relevant to the CFPB's Prepaid Accounts Rule requirements for fee disclosure. The 3% foreign transaction fee applies to international card use and is waivable only under specific qualifying conditions....

View provision → Watch Cash App →

Section V of the agreement governs the ownership and usage rights applicable to data generated or submitted through Cash App, including user content and service-generated data, and incorporates the Privacy Notice by reference....

Why it matters: This section establishes the data ownership framework applicable to user-submitted content and platform data, and its interaction with the Privacy Notice (referenced as a binding policy) determines how personal financial data, transaction records, and user-generated content may be used by Block....

View provision → Watch Cash App →

Section IX governs the terms applicable to Bitcoin and other virtual currency transactions within Cash App, establishing conditions for buying, selling, and transferring virtual currency....

Why it matters: Virtual currency services within a consumer financial platform engage a distinct regulatory framework including FinCEN's BSA/AML requirements, state money transmitter licensing, and potentially SEC jurisdiction depending on the classification of specific virtual currency products. The terms applicable to virtual currency transactions may differ materially from those applicable to fiat currency services....

View provision → Watch Cash App →

The agreement discloses a tiered fee structure for the Remittance Service: bank transfers of $300 or more are free; bank transfers under $300 carry a $1.99 fee; cash pickup transfers of $300 or more carry a $1.99 fee; and cash pickup transfers under $300 carry a $3.98 fee....

Why it matters: The remittance fee structure creates distinct cost tiers based on transfer amount and delivery method, which is relevant to the Consumer Financial Protection Bureau's remittance transfer rules under Regulation E (the Remittance Rule), which requires pre-payment disclosure of fees, exchange rates, and amounts to be received....

View provision → Watch Cash App →

The agreement states that subscription fees committed under an Order Form are non-refundable and non-cancellable for the duration of the subscription term, and that the Customer bears responsibility for applicable taxes....

Why it matters: This provision requires business customers to fulfill the full financial obligation of a contracted subscription term regardless of whether they continue using the services, creating a committed payment exposure that procurement teams should account for during contract review....

View provision → Watch HubSpot →

The agreement requires the Customer to represent and warrant that all Customer Data provided to HubSpot has been lawfully collected, that the Customer holds all necessary rights and permissions to transfer and process that data, and that doing so does not violate applicable laws or third-party rights including privacy rights....

Why it matters: This provision places the legal compliance burden for Contact Data on the Customer as data controller, creating direct exposure under GDPR, CCPA, and other applicable privacy laws if data is transferred to HubSpot without adequate lawful basis, consent, or required disclosures to data subjects....

View provision → Watch HubSpot →

The agreement caps each party's total aggregate liability at the amount paid or payable by the Customer in the twelve months preceding the incident, and excludes lost profits, indirect, special, incidental, consequential, and punitive damages for both parties....

Why it matters: This provision establishes the maximum financial recovery available to either party in the event of a breach or claim, capping HubSpot's liability at twelve months of fees paid and excluding categories of harm such as lost profits and consequential damages that may substantially exceed direct fees in a data breach or service failure scenario....

View provision → Watch HubSpot →

The agreement authorizes HubSpot to suspend Customer and Authorized User access to subscription services without prior notice in cases of material breach (including non-payment), security incidents, or legal or governmental requirements....

Why it matters: This provision establishes that HubSpot holds the right to suspend service access unilaterally upon triggering conditions including non-payment and security incidents, which creates operational dependency risk for customers whose business processes rely on continuous HubSpot platform access....

View provision → Watch HubSpot →

The agreement requires Customers to defend and indemnify HubSpot against third-party claims, damages, and legal costs arising from the Customer's use of services in violation of the agreement, from Customer Data uploaded to the platform, or from the Customer's violation of third-party rights....

Why it matters: This provision establishes a unidirectional indemnification obligation on the Customer covering claims arising from Customer Data, which includes Contact Data uploaded to HubSpot. This means that if a data subject or regulator brings a claim related to Customer Data processed through HubSpot, the Customer is contractually obligated to defend and hold HubSpot harmless....

View provision → Watch HubSpot →

The agreement states that HubSpot may modify the Terms of Service with at least 30 days advance notice posted to the terms page, and that changes are not retroactive. Continued use of the services after the effective date constitutes acceptance of the modified terms....

Why it matters: This provision establishes that HubSpot holds the right to unilaterally modify the agreement's terms with 30 days notice, and that continued platform use after the notice period constitutes acceptance, which means customers who do not actively monitor terms changes may be bound by updated obligations....

View provision → Watch HubSpot →

The agreement states that Customer Data ownership remains with the Customer, but that the Customer grants HubSpot a worldwide, royalty-free license to collect, use, copy, store, transmit, modify, and create derivative works of Customer Data to the extent necessary to provide the services....

Why it matters: This provision establishes the scope of HubSpot's license to use Customer Data, including the right to create derivative works, which encompasses the use of Customer Data in product improvement and aggregated analytics activities described elsewhere in the agreement. The license is scoped to service provision, but the inclusion of derivative works creation warrants review against the Customer's data governance obligations....

View provision → Watch HubSpot →

The agreement incorporates HubSpot's Acceptable Use Policy by reference and states that HubSpot may update that policy at any time, with updates effective upon posting, and that continued use of the services constitutes acceptance of any policy updates....

Why it matters: This provision establishes that the AUP is a binding component of the agreement and that HubSpot may modify it with no minimum notice period, unlike the 30-day notice required for core terms modifications. Violations of the AUP are cited elsewhere as a trigger for service suspension....

View provision → Watch HubSpot →

The agreement specifies that Massachusetts law governs for US, Canadian, and most other customers, while Irish law governs for EU, EEA, UK, and Swiss customers. Both parties consent to the exclusive jurisdiction of courts in the applicable governing jurisdiction....

Why it matters: This provision establishes the forum and applicable law for dispute resolution, requiring EU/EEA/UK/Swiss customers to litigate in Ireland and US/Canadian customers in Massachusetts, which may create procedural and cost barriers for customers located in other jurisdictions....

View provision → Watch HubSpot →

The policy discloses that Samsung collects biometric identifiers including fingerprints, facial geometry, and voice prints in connection with device authentication and certain product features....

Why it matters: This provision discloses collection of biometric identifiers, which are among the most sensitive personal data categories under CCPA/CPRA and state biometric privacy laws. The scope of collection across the Samsung device ecosystem creates obligations regarding consent, retention schedules, and data sharing restrictions that vary by jurisdiction....

View provision → Watch Samsung →

The policy discloses that Samsung Health and connected devices collect detailed health and fitness metrics including heart rate, sleep patterns, menstrual cycle data, stress levels, and blood oxygen levels....

Why it matters: This provision identifies collection of health metrics that, while not covered by HIPAA in a consumer app context, are classified as sensitive personal information under CCPA/CPRA and subject to FTC guidance on health data. Menstrual cycle and reproductive health data have received specific regulatory and legislative attention since 2022....

View provision → Watch Samsung →

The policy authorizes sharing of device identifiers, browsing activity, purchase history, and preference inferences with advertising partners, analytics providers, and social media companies for targeted advertising and campaign measurement....

Why it matters: This provision authorizes cross-context behavioral advertising data sharing, which triggers CCPA/CPRA opt-out rights for California residents and analogous rights under other state privacy laws. The breadth of data categories shared, including purchase history and inferences, creates ongoing consent and opt-out mechanism compliance obligations....

View provision → Watch Samsung →

The policy discloses that Samsung collects voice commands and audio recordings when users interact with voice-enabled features including Bixby and other voice assistants....

Why it matters: Voice recordings may constitute biometric voice prints under applicable state biometric privacy laws and are classified as sensitive personal information under CCPA/CPRA. The policy's disclosure that voice data is collected through the Bixby voice assistant creates specific obligations regarding consent, retention, and third-party processing....

View provision → Watch Samsung →

The policy states that Samsung's services are not directed to children under 13 and that Samsung does not knowingly collect personal information from users under 13 without verified parental consent, committing to deletion of inadvertently collected data....

Why it matters: This provision establishes Samsung's COPPA compliance posture. The policy's statement that services are not directed to children under 13 does not address whether specific Samsung products, such as Galaxy devices marketed to younger users or family-oriented SmartThings features, require enhanced age-screening mechanisms in practice....

View provision → Watch Samsung →

The policy discloses that users in states with applicable privacy laws have rights to know, delete, correct, and opt out of the sale or sharing of personal information, as well as the right to limit use of sensitive personal information and the right to non-discrimination....

Why it matters: This provision describes the consumer rights framework applicable under CCPA/CPRA and analogous state laws. The non-discrimination right and the sensitive personal information limitation right are specific CPRA additions that create distinct operational obligations beyond prior CCPA requirements....

View provision → Watch Samsung →