-
Perplexity AI
· Perplexity Terms of Service
If you have a legal dispute with Perplexity, you must resolve it through one-on-one binding arbitration rather than suing in court or joining a class action lawsuit. The only exception is for intellectual property claims, which can still go to court....
Why it matters: This provision removes the right to a jury trial and the ability to join with other users in a class action, which means individual consumers cannot pool resources to challenge Perplexity's practices collectively....
-
Perplexity AI
· Perplexity Terms of Service
When you type queries or submit any content to Perplexity, you give the company a broad, free license to use that content in many ways, including to train and improve its AI models....
Why it matters: This clause means that queries, uploaded documents, and other content submitted through Perplexity may be used to train AI models, not just to respond to the immediate search request. This has implications for users who submit proprietary, confidential, or sensitive personal information....
-
Runway
· Runway Privacy Policy
When you use certain Runway features to create videos or audio, the service may collect your voice recordings and face scans, which are considered biometric data under some state laws. Runway states it only uses this biometric data to deliver the specific feature you requested....
Why it matters: Biometric identifiers such as face scans and voiceprints are among the most sensitive personal data categories and are subject to specific consent, retention, and destruction requirements under laws such as Illinois BIPA and Texas CUBI. The policy does not disclose a specific biometric data retention schedule, which is a material requirement under several of these statutes....
-
Runway
· Runway Privacy Policy
Runway acknowledges that sharing your personal data with advertising and analytics companies may legally qualify as a 'sale' under California and other state privacy laws, even though no money changes hands. You have the right to opt out of this type of data sharing....
Why it matters: This disclosure is significant because it confirms that Runway shares personal data with third-party advertising and analytics partners in a manner that may trigger opt-out rights under CCPA and similar state laws. Users in approximately fifteen named states can exercise this opt-out right....
-
Runway
· Runway Terms of Service
Any text prompts you type and any AI-generated content you create through Runway can be used by the company to train and improve its AI systems, and this permission cannot be taken back once granted....
Why it matters: The license is stated as irrevocable and perpetual, meaning users cannot withdraw permission for Runway to use their submitted prompts and generated outputs for AI training, even after canceling their account....
-
Monitoring
These provisions have changed before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
-
Runway
· Runway Terms of Service
If you have a dispute with Runway, you must resolve it through private arbitration rather than court, and you cannot join a class action lawsuit against the company, unless you opt out within the specified window....
Why it matters: The arbitration clause requires individual dispute resolution, waiving class action participation and jury trial rights, and the agreement states it applies to disputes that arose prior to the agreement's effective date, potentially reaching back in time....
-
Pika
· Pika Acceptable Use Policy
Pika prohibits using the service to create, share, or promote any sexual content involving real people without their consent, including AI-generated deepfake pornography....
Why it matters: This provision explicitly prohibits nonconsensual AI-generated sexual content, including deepfake pornography, which is a category regulated by a growing number of state and federal laws in the United States and equivalent legislation in the EU and UK....
-
Pika
· Pika Acceptable Use Policy
Pika prohibits any content that exploits or harms children, including CSAM and grooming-related content, and commits to reporting such violations to NCMEC and law enforcement....
Why it matters: This provision prohibits child exploitation content regardless of whether it is prohibited by law in a given jurisdiction, and commits Pika to mandatory reporting to NCMEC, which is consistent with obligations under 18 U.S.C. Section 2258A for electronic service providers....
-
Pika
· Pika Acceptable Use Policy
Before uploading a photo of any real person to Pika, you must have their explicit consent and any required legal permissions; you cannot upload images of anyone under 18 or of celebrities without authorization....
Why it matters: This provision places the obligation to obtain express consent and hold all necessary rights directly on the user, covering privacy, publicity, and intellectual property laws, which creates significant personal legal exposure for users who upload images of others without following these steps....
-
Hugging Face
· Hugging Face Model Card Guidelines
Every model published on Hugging Face must include a license field specifying the legal terms under which users may use, modify, or distribute the model....
Why it matters: The license field is the primary mechanism through which model publishers communicate what users are legally permitted to do with a model, and selecting or misidentifying a license has direct intellectual property implications for commercial users....
-
DeepSeek
· DeepSeek Model License
This clause prohibits using DeepSeek-R1 or any outputs it generates to train, improve, or fine-tune any competing AI language model....
Why it matters: This provision directly limits how AI developers and researchers can use the model's outputs, specifically barring a common practice of using outputs from one model to improve or train another, which has significant implications for organizations operating AI model development programs....
-
DeepSeek
· DeepSeek Model License
Users are required to comply with all applicable laws when using the model and are prohibited from generating harmful or deceptive content with it....
Why it matters: This provision places affirmative compliance obligations on the deploying organization rather than on DeepSeek, meaning that legal responsibility for lawful and non-harmful use of the model's outputs rests with the user or deploying entity....
-
ElevenLabs
· ElevenLabs Privacy Policy
When you upload voice recordings or use voice cloning features, ElevenLabs collects and stores that audio data and the policy states it may be used to improve ElevenLabs' AI systems....
Why it matters: Voice recordings may constitute biometric identifiers under laws in Illinois, Texas, Washington, and potentially under GDPR Article 9, which impose specific consent, retention, and destruction requirements beyond standard personal data rules....
-
ElevenLabs
· ElevenLabs Privacy Policy
California residents can ask ElevenLabs to disclose, delete, or correct their personal data, and can opt out of the sale or sharing of their information, by contacting privacy@elevenlabs.io....
Why it matters: Under CCPA and CPRA, California residents have enforceable rights including an opt-out of sharing personal data with advertising partners; voice recordings may qualify as sensitive personal information under CPRA, triggering additional use limitation rights....
-
ElevenLabs
· ElevenLabs Safety Policy
If you use ElevenLabs to create an AI copy of someone's voice, you must first get that person's clear permission. Doing it without permission can get your account suspended and may be reported to law enforcement....
Why it matters: This provision places the legal and operational responsibility for obtaining third-party consent entirely on the user, not on ElevenLabs, which means individuals and businesses using voice cloning features bear the compliance risk if consent is inadequate or undocumented....
-
ElevenLabs
· ElevenLabs Safety Policy
You cannot use ElevenLabs to make a voice recording that sounds like a real person, such as a celebrity or public official, if the goal is to deceive or mislead people about who is speaking....
Why it matters: This provision directly addresses the most prominent misuse risk of AI voice synthesis: generating convincing audio impersonations of real people for fraud, disinformation, or reputational harm. The policy states that consent is required and that deceptive intent triggers the prohibition....
-
ElevenLabs
· ElevenLabs Safety Policy
It is completely prohibited to use ElevenLabs to create voice content that sexualizes children or could be used to harm or exploit minors in any way....
Why it matters: This provision establishes an absolute prohibition on using ElevenLabs for child sexual exploitation material or grooming, which carries serious criminal law implications in virtually all jurisdictions and triggers mandatory reporting obligations....
-
ElevenLabs
· ElevenLabs Safety Policy
You cannot use ElevenLabs to create sexual voice content featuring a real person unless that person has explicitly agreed to it....
Why it matters: Non-consensual intimate deepfakes are addressed by an expanding set of state and federal statutes, and the policy's explicit prohibition reflects the legal and reputational risks associated with this use case....
-
Stability AI
· Stability AI Model License
The license prohibits users from generating certain categories of content with Stability AI models, including child sexual abuse material, weapons-related content, and content designed to deceive others, regardless of which license tier the user holds....
Why it matters: These prohibitions apply to all licensees and flow downstream to end users of products built on self-hosted models, meaning deployers are responsible for enforcing these restrictions within their own platforms....
-
Cohere
· Cohere Responsible Use Policy
The policy absolutely prohibits using Cohere's AI to create any sexual content involving children, including AI-generated imagery or text....
Why it matters: This provision establishes an unconditional prohibition with no operator-level override permitted, and violation would constitute a breach of the AUP as well as potentially criminal conduct under applicable law in most jurisdictions....
-
Cohere
· Cohere Responsible Use Policy
The policy prohibits using Cohere's AI to provide meaningful assistance to anyone attempting to develop biological, chemical, nuclear, or radiological weapons capable of causing mass casualties....
Why it matters: The policy targets content that provides 'serious uplift,' meaning substantive technical assistance, rather than broadly prohibiting any discussion, which introduces an interpretive threshold that operators and compliance teams may need to operationalize in their content filtering approaches....
-
Cohere
· Cohere Responsible Use Policy
The policy prohibits using Cohere's AI to write malware, cyberweapons, or attack tools, and to plan or execute attacks against critical infrastructure such as power grids, water systems, or financial networks....
Why it matters: This provision covers both the creation of offensive tools and their potential deployment against critical infrastructure, meaning operators in cybersecurity contexts must assess whether legitimate security research or penetration testing use cases could be construed as prohibited....
-
Cohere
· Cohere Responsible Use Policy
The policy prohibits using Cohere's AI to create fake intimate images of real people without their permission, or to produce other synthetic media depicting real individuals without consent....
Why it matters: This provision addresses a category of AI-generated harm increasingly regulated at the state and national level, and operators building image or video generation applications on Cohere's API must implement controls to prevent this use regardless of user requests....
-
Cohere
· Cohere Responsible Use Policy
Businesses that build products using Cohere's API are contractually responsible for making sure their applications and their users follow Cohere's rules, not just Cohere itself....
Why it matters: This provision allocates responsibility for AUP compliance to operators rather than Cohere, meaning that if an operator's application enables a prohibited use, the operator bears the compliance exposure even if an end user initiates the violating conduct....
-
Cohere
· Cohere Responsible Use Policy
The policy prohibits using Cohere's AI to make final, automated decisions with major consequences for people (such as in legal, financial, or employment contexts) without a human reviewing the outcome....
Why it matters: This provision directly engages with regulatory requirements for human oversight in automated decision-making, including those established under the GDPR Article 22 and the EU AI Act for high-risk AI systems, and reflects a substantive operational constraint for enterprises deploying AI in consequential domains....
-
Midjourney
· Midjourney Data Retention & Privacy FAQ
When you type prompts or upload images, Midjourney may use that content to train its AI, and by using the service you are granting Midjourney a license to do so....
Why it matters: The policy states that prompts, uploaded images, and generated images may be used for AI model training, and the terms assert a license to use this content for that purpose, which may affect users who submit personal, sensitive, or proprietary material through the platform....
-
OpenAI
· OpenAI Enterprise Privacy
OpenAI offers a formal GDPR data processing agreement that includes the EU's Standard Contractual Clauses for customers who need it, which is required for legally transferring personal data from the EU to the US....
Why it matters: A DPA incorporating SCCs is a legal requirement under GDPR for transferring personal data from the EU/EEA to a third country such as the United States. The document states this is available but requires the customer to request it, meaning it is not automatically in place....
-
OpenAI
· OpenAI Enterprise Privacy
OpenAI states it will sign a HIPAA Business Associate Agreement with qualifying healthcare customers, making it possible to process certain protected health information through eligible OpenAI services....
Why it matters: A BAA is a legal requirement under HIPAA before a covered entity or business associate can share protected health information with a service provider. The document states this is available for qualifying customers but does not specify which services are HIPAA-eligible, requiring separate confirmation....
-
NVIDIA NIM
· NVIDIA AI Foundation Models AUP
Users are prohibited from using NVIDIA NIM to generate instructions or content related to weapons capable of mass casualties, including biological, chemical, nuclear, or radiological weapons....
Why it matters: This provision establishes an absolute prohibition on using the AI service for weapons-related content generation, which creates clear grounds for account termination if violated and may overlap with legal obligations under export control and anti-terrorism frameworks....
-
NVIDIA NIM
· NVIDIA AI Foundation Models AUP
Users are not allowed to take the outputs generated by NVIDIA's AI services and use them to build or improve a competing AI model unless NVIDIA has given written permission....
Why it matters: This restriction is commercially significant for technology companies and AI developers who may wish to use NIM-generated outputs as training data for their own models, as doing so without written consent from NVIDIA would constitute a violation subject to account termination....
-
NVIDIA NIM
· NVIDIA AI Foundation Models AUP
Users cannot use NVIDIA's AI services to create fake content that misleadingly presents itself as being from or depicting a real person, including deepfakes or synthetic media of real individuals who have not consented....
Why it matters: This provision directly addresses synthetic media and deepfake generation, which is an area of active legislative and regulatory development in the U.S. and EU, and establishes that such use constitutes a prohibited activity under the agreement....
-
Pinecone
· Pinecone Data Processing Addendum
Business customers using Pinecone must confirm they have legal permission to share personal data with Pinecone before doing so, and must never submit highly sensitive categories of data such as health, biometric, or criminal records....
Why it matters: This clause places the entire legal burden of ensuring lawful processing, including obtaining data subject consent where required, on the Customer rather than Pinecone. Submitting special category data in violation of this clause may constitute a breach of both the DPA and applicable Data Protection Laws....
-
Sourcegraph Cody
· Sourcegraph Cody Usage and Privacy
Your code queries are sent to third-party AI providers. If your administrator enables the embeddings feature, a full copy of your code repository is also sent to a third-party AI provider....
Why it matters: This provision discloses that enabling the embeddings feature triggers transmission of full repository contents to a third-party provider, which is an operationally significant data sharing event that may not be apparent to individual users and is controlled at the administrator level....
-
Sourcegraph Cody
· Sourcegraph Cody Usage and Privacy
If you connect Cody to your own AI provider instead of Sourcegraph's partners, Sourcegraph's promises about data retention, training restrictions, and data handling no longer apply....
Why it matters: Customers using a bring-your-own-LLM configuration lose all of Sourcegraph's data protection commitments regarding Zero Retention and training restrictions, and must rely entirely on their own agreements with their LLM provider....
-
Sourcegraph Cody
· Sourcegraph Cody Usage and Privacy
If your existing Sourcegraph contract had unlimited liability for data security or confidentiality breaches, this Cody addendum caps that at five times your annual license fees. If your contract already had a liability limit, that limit continues to apply....
Why it matters: This provision introduces a specific financial ceiling for data security and confidentiality breach claims arising from Cody use, which is operationally significant for organizations that negotiated uncapped liability in their base Agreement as a risk management measure....
-
Apple Intelligence
· Apple Private Cloud Compute Security Guide
When you choose to use ChatGPT or other third-party AI through Apple Intelligence, your data is sent to that third party's servers under their own privacy policies, not Apple's PCC protections....
Why it matters: Requests forwarded to third-party AI providers such as ChatGPT are not subject to PCC's privacy architecture, meaning the stateless computation, no privileged access, and non-targetability guarantees described elsewhere in this guide do not apply to those interactions....
-
NVIDIA NIM
· NVIDIA NIM Terms of Use
NVIDIA's software collects and sends data about how you use it and how it performs back to NVIDIA, and NVIDIA can use that data to improve its products....
Why it matters: The agreement authorizes collection of usage, diagnostic, and telemetry data from deployed software instances without specifying granular data categories, retention periods, or whether NVIDIA acts as a data processor or independent data controller with respect to this data....
-
NVIDIA NIM
· NVIDIA NIM Terms of Use
You are responsible for ensuring that your use and distribution of the software complies with U.S. and applicable export control laws, and NVIDIA places this compliance responsibility on the licensee rather than itself....
Why it matters: The agreement places affirmative export compliance obligations on the licensee, meaning organizations deploying or distributing NIM internationally bear legal responsibility for verifying that their use does not violate U.S. Export Administration Regulations or OFAC sanctions....
-
OpenRouter
· OpenRouter Privacy Policy
OpenRouter states it is not responsible for what happens to the text or data you send to AI models through the platform, including whether those models use your inputs for training. Users need to check each AI provider's own terms separately....
Why it matters: The policy discloses that user Inputs submitted through the OpenRouter service are transmitted to third-party LLM providers whose data practices, including model training use, are outside OpenRouter's control and governed by separate terms not incorporated into this policy....
-
OpenRouter
· OpenRouter Terms of Service
Any disagreement you have with OpenRouter must be resolved through private arbitration rather than a lawsuit, and you cannot join a class action with other users....
Why it matters: The agreement requires individual arbitration for all disputes, which means users cannot pool claims with other affected users and cannot access jury trials or most court proceedings....
-
OpenRouter
· OpenRouter Terms of Service
When using OpenRouter through an employer's or organization's account, your prompts, chats, and data may be logged or used for model training if your organization's administrator has enabled those settings, potentially without you receiving separate notice....
Why it matters: The terms establish that Admin Users can enable prompt logging, chat logging, and model training for all Authorized Users in their organization; individual Authorized Users may not have independent visibility into or control over these configurations....
-
NVIDIA NIM
· NVIDIA Privacy Policy
When you use NVIDIA AI tools such as NIM, content you submit may be used to train or improve NVIDIA's AI models, though the policy states opt-out options may be available....
Why it matters: The policy authorizes use of user-submitted content for AI model training, which means inputs to NVIDIA AI services could contribute to model development; the scope of data retained after opt-out is not fully specified in the policy....
-
LangChain
· LangChain Privacy Policy
When you use LangSmith, LangChain collects the AI trace data you submit, including the prompts you send to AI models and the responses those models return, along with pipeline metadata....
Why it matters: AI trace data submitted to LangSmith may contain sensitive business information, proprietary logic, or personal data embedded in prompts and completions, and the policy states this data is collected and stored by LangChain as part of the service....
-
LangChain
· LangChain Privacy Policy
LangChain may move your personal data to the United States or other countries that may have different, potentially less protective, data privacy laws than your home country....
Why it matters: Personal data of EU, UK, and other non-US users may be transferred to and stored in the United States, which requires an adequate legal transfer mechanism under GDPR and UK GDPR to ensure the data receives equivalent protection....
-
Poe
· Poe Privacy Policy
When you chat with a bot on Poe, the text of your messages may be sent to the company that built the underlying AI model powering that bot, and that company has its own separate privacy rules....
Why it matters: This provision means your conversation content is not solely governed by Poe's privacy policy; it may also be processed by external AI companies whose data practices and retention policies differ and are not fully disclosed within Poe's own policy....
-
Poe
· Poe Privacy Policy
Poe stores and processes data in the United States, and by using the service you are treated as consenting to your data being transferred to the US even if your local laws offer stronger protections....
Why it matters: The policy asserts user consent to international data transfers through continued use of the service; however, under GDPR, consent obtained in this manner (through terms of service acceptance rather than explicit, informed consent) may not constitute a valid transfer mechanism, and the specific lawful transfer mechanism for EU/UK users is not identified....
-
Poe
· Poe Terms of Service
When you send messages or upload content to Poe, you give Poe a broad license to use that content in many ways, including sharing it with other companies and potentially using it to train or improve AI models....
Why it matters: The agreement states that submitted content may be provided to other companies and organizations, which may include the third-party AI model providers integrated into the Poe platform; users should be aware that conversations are not necessarily private to Poe alone....
-
Poe
· Poe Terms of Service
If you have a legal dispute with Poe or Quora, you generally cannot sue in court; instead, disputes must be resolved through binding arbitration, which is a private process that typically limits your ability to appeal or join a class action....
Why it matters: The agreement requires binding arbitration for virtually all disputes between users and Quora, which means users generally cannot pursue claims in public courts or participate in class action lawsuits against the company....
-
Poe
· Poe Terms of Service
You and Quora agree to only bring legal claims against each other individually, meaning you cannot join or start a class action lawsuit or other group legal proceeding against Poe....
Why it matters: The class action waiver prevents users from pooling resources and claims in group litigation, which is often the practical mechanism through which consumers pursue low-value claims that would be uneconomical to litigate individually....