Provisions Index

The platform provides AI-based music generation capabilities including custom lyrics, vocal synthesis, full production, beat making, stem separation, MIDI export, audio uploads, persona voices, and vocal removal. Users generate output using AI models operated by Suno....

Why it matters: The platform's core function involves AI-generated content including vocal synthesis and persona voices, which engages emerging regulatory frameworks around synthetic media, AI-generated audio, and potential likeness rights. The acceptable use policy governing these capabilities has direct implications for content moderation obligations and user liability for generated output....

View provision → Watch Suno →

The policy establishes a Cabined Account structure for users identified as children, collecting date of birth, hashed email address, parent/guardian email, and persistent identifiers including IP address, device IDs, platform account IDs, and tracking technology data. These identifiers are used for service provision, analytics, authentication, security, legal compliance, personalization, and user preference maintenance....

Why it matters: This provision authorizes collection of persistent identifiers from users identified as children for purposes including analytics and personalization, which requires evaluation against COPPA's restrictions on data use for child-directed services and equivalent national youth privacy frameworks. The policy states that technical and organizational measures are in place to prevent use of Cabined Account identifiers for other purposes, but the breadth of stated collection purposes may warrant review by compliance teams assessing COPPA and GDPR Article 8 alignment....

View provision → Watch Unreal Engine →

The policy states that images submitted by users to MetaHuman for character creation are collected to generate a 3D mesh for the requested in-game functionality, and asserts that the images are not used to identify the user....

Why it matters: This provision involves collection of photographic images of users, which may constitute biometric information or biometric identifiers under laws such as the Illinois Biometric Information Privacy Act (BIPA) and similar state statutes, even where Epic asserts the purpose is limited to mesh generation rather than identification. The legal classification of facial scan data used for mesh generation under applicable biometric privacy frameworks is not resolved by the policy's assertion of non-identification purpose....

View provision → Watch Unreal Engine →

The agreement requires that any legal claim arising from or related to the YouTube Service be filed within one year of the event giving rise to the claim, after which the claim is permanently barred under the terms of this agreement....

Why it matters: This provision contractually shortens the default statute of limitations applicable to claims against YouTube, which under California law and many other jurisdictions would otherwise range from two to four years for contract claims. The enforceability of shortened contractual limitations periods for consumer claims varies by jurisdiction and applicable consumer protection law....

View provision → Watch YouTube Ads →

The agreement caps YouTube and its Affiliates' total financial liability for all claims arising from the Service at the greater of USD $500 or the total revenue YouTube has paid to the user in the twelve months before the user provided written notice of the claim....

Why it matters: This provision establishes a maximum financial recovery ceiling for all claims against YouTube and its Affiliates regardless of claim type, which for most users who are not in revenue-sharing programs would be limited to USD $500. The cap applies across all claim theories including warranty, contract, and tort, as stated in the preceding warranty disclaimer section....

View provision → Watch YouTube Ads →

US users are required to resolve disputes with Roblox through individual binding arbitration rather than court litigation, and both parties waive the right to participate in class action lawsuits. Small claims court and injunctive relief for IP claims are excepted from this requirement....

Why it matters: This provision requires US users to pursue claims against Roblox individually through AAA arbitration, precluding participation in class or representative actions. The 30-day written opt-out window is the only mechanism to preserve access to court-based dispute resolution under these terms....

View provision → Watch Roblox →

Robux, the platform's virtual currency purchased with real money, are stated to have no monetary value, are non-refundable, and cannot be exchanged for cash. Roblox reserves the right to modify, suspend, or eliminate Robux at any time....

Why it matters: This provision establishes that real-money purchases of Robux confer no redeemable monetary value and are not eligible for refund, while also reserving Roblox's right to eliminate the currency system entirely. This has direct financial implications for users, particularly minors, who have purchased Robux....

View provision → Watch Roblox →

The terms prohibit use by children under 13 without verifiable parental consent and require users to represent at registration that they meet the age threshold or that a parent or guardian is providing consent....

Why it matters: This provision establishes the platform's COPPA compliance framework, requiring parental consent for users under 13 and placing representational obligations on account creators. The effectiveness of this mechanism depends on how Roblox implements age verification and parental consent procedures in practice....

View provision → Watch Roblox →

The agreement requires that covered disputes between users and SoFi be resolved through binding individual arbitration administered by the American Arbitration Association, rather than through court proceedings, with limited exceptions for small claims court....

Why it matters: This provision requires that users pursue claims against SoFi individually through AAA arbitration, which establishes the procedural framework for all covered consumer financial disputes arising from SoFi's banking, lending, and investing products....

View provision → Watch SoFi →

The agreement prohibits users from bringing or joining class action lawsuits or representative proceedings against SoFi, requiring that any claims be pursued solely on an individual basis....

Why it matters: This provision establishes that users cannot aggregate claims with other users in a single proceeding, which applies across SoFi's full suite of consumer financial products including banking, lending, and investing accounts....

View provision → Watch SoFi →

Advertisers promoting products or services in designated restricted categories must obtain written authorization from TikTok before submitting or running campaigns, with the specific categories including financial services, healthcare, alcohol, gambling, and political advertising....

Why it matters: This provision creates a mandatory pre-approval gate for advertisers in regulated industries, meaning campaigns in these categories cannot be submitted without prior authorization from TikTok. This introduces an operational dependency that affects campaign planning timelines and launch schedules....

View provision → Watch TikTok Ads →

The policy authorizes TikTok to suspend or terminate advertiser accounts for policy violations, with immediate suspension available for severe violations and a warning-then-suspension process for less severe infractions....

Why it matters: This provision establishes TikTok's unilateral authority to suspend or terminate advertiser accounts, which directly affects access to the platform as an advertising channel and may interrupt active campaigns without advance notice in severe violation cases....

View provision → Watch TikTok Ads →

The policy prohibits targeting users under 13 and restricts targeting of users under 18 for specific product categories, while also prohibiting ad creative that is primarily designed to appeal to children in harmful ways or promote age-inappropriate products....

Why it matters: This provision establishes age-based targeting restrictions at two thresholds, under-13 and under-18, creating distinct compliance obligations for advertisers based on product category and audience targeting parameters....

View provision → Watch TikTok Ads →

AWS may suspend account access immediately with notice but without requiring advance notice or a cure period across a broad set of circumstances including perceived security risk, adverse platform impact, potential liability to AWS or third parties, fraud, agreement breach, payment default, or insolvency events. The determination of whether these conditions are met rests with AWS....

Why it matters: This provision establishes that AWS retains unilateral authority to interrupt customer access to all AWS services simultaneously, without a prior cure period, based on AWS's own assessment of risk or breach conditions. For customers operating production workloads on AWS infrastructure, an immediate suspension could interrupt business operations, and the agreement does not establish a mandatory restoration timeline or independent review mechanism....

View provision → Watch AWS →

AWS's total financial liability to a customer for any claim arising under the agreement is capped at the total fees the customer paid for the specific service at issue during the twelve months preceding the claim, with a $25 cap for free services. This cap applies regardless of the number or nature of claims....

Why it matters: This provision establishes a financial ceiling on AWS's recoverable liability that may be significantly lower than actual losses experienced by customers in the event of a service failure, data loss, or other breach. For customers paying relatively modest monthly fees but operating high-value production workloads, the cap could result in a material disproportion between recoverable damages and actual financial impact....

View provision → Watch AWS →

The agreement excludes liability for indirect, incidental, special, consequential, or exemplary damages for both parties, explicitly including lost profits, lost revenues, lost customers, lost opportunities, lost goodwill, and data loss, even where the party was aware of the potential for such damages....

Why it matters: This provision, combined with the aggregate liability cap, means that data loss, service downtime-related revenue loss, customer churn attributable to AWS service failures, and reputational harm are categories of loss for which neither party may seek recovery under the agreement. The exclusion applies symmetrically but is operationally more significant for customers, as AWS service failures are more likely to cause consequential losses to customers than vice versa....

View provision → Watch AWS →

The agreement authorizes Google to delete purchased Content from user devices or revoke access to it under specified conditions including loss of licensing rights, service discontinuation, serious security issues, or violations of applicable terms or law. Remedies are limited to a replacement or partial or full refund, with a refund stated to constitute the user's sole compensation....

Why it matters: This provision establishes that the Content license granted upon purchase is subject to unilateral revocation by Google under defined circumstances, and that the sole remedy available to affected users is limited to a refund or replacement at Google's discretion. Under this clause, users who have purchased Content hold a revocable license rather than a durable ownership interest....

View provision → Watch Google Play Store →

The agreement holds family group managers fully responsible for all Content purchases made by family members using the designated family payment method, including pending purchases that may be charged after a family member leaves or the group is dissolved....

Why it matters: This provision establishes a broad financial liability obligation on family group managers covering all member purchases through the family payment method, including charges that may arise post-group dissolution or member departure. Under this clause, a family manager bears financial exposure for transactions they did not personally authorize at the time of charge....

View provision → Watch Google Play Store →

The notice states that Smartsheet acts as a data controller for personal data collected through its website and marketing activities, and as a data processor for content and data submitted by enterprise customers through the platform, with the terms of processor activities governed by separate customer agreements....

Why it matters: This provision determines the allocation of direct regulatory obligations between Smartsheet and its enterprise customers under GDPR and CCPA. Where Smartsheet acts as a processor, enterprise customers bear primary controller obligations for data subject rights fulfilment and breach notification, and must have Data Processing Agreements in place....

View provision → Watch Smartsheet →

The policy discloses that Ford collects vehicle identification, diagnostic data, precise geolocation, speed, direction, route history, and driving behavior data from connected vehicles operated by consumers....

Why it matters: This provision establishes Ford's authority to collect continuous location and behavioral data from connected vehicles, including route history and driving patterns, which may be shared with third parties as described elsewhere in the policy....

View provision → Watch Ford →

The policy authorizes Ford to share personal information with affiliates, dealers, advertising partners, and analytics providers for marketing, research, safety, and operational purposes....

Why it matters: This provision establishes the scope of Ford's third-party data sharing, including with advertising and analytics partners, which may constitute 'sharing' of personal information for cross-context behavioral advertising purposes under CCPA/CPRA and trigger opt-out rights for California residents....

View provision → Watch Ford →

The policy discloses that Ford collects precise geolocation data from connected vehicles and mobile devices and classifies this data as sensitive personal information under applicable law....

Why it matters: This provision discloses collection of precise geolocation as a sensitive personal information category, which under CPRA and similar state laws may require specific consent mechanisms, disclosure obligations, and opt-out or opt-in rights distinct from general personal information....

View provision → Watch Ford →

The policy discloses that Ford may collect audio recordings, visual images, biometric identifiers, and biometric information from consumers, subject to applicable law....

Why it matters: This provision discloses collection of biometric identifiers and biometric information, which are subject to heightened regulatory requirements under statutes such as the Illinois Biometric Information Privacy Act, Texas biometric privacy law, and Washington state biometric law, as well as classification as sensitive personal information under CPRA....

View provision → Watch Ford →

The agreement requires disputes between users and PayPal to be resolved through individual binding arbitration rather than court proceedings, and includes a waiver of participation in class action lawsuits....

Why it matters: This provision requires that users who do not opt out within 30 days of first accepting the agreement resolve all disputes with PayPal through JAMS or AAA arbitration on an individual basis, precluding class action participation. The enforceability of this clause for consumer financial services disputes may be subject to challenge under applicable state consumer protection statutes depending on jurisdiction....

View provision → Watch PayPal →

The agreement authorizes PayPal to hold funds in a limited or terminated account for up to 180 days to cover potential chargebacks, disputes, claims, fees, fines, and penalties....

Why it matters: This provision creates a significant liquidity risk for business users who rely on PayPal balances for operational cash flow, as the agreement reserves the right to withhold funds for up to 180 days following an account limitation or termination triggered by PayPal's assessment of risk or policy violation....

View provision → Watch PayPal →

The agreement limits PayPal's total liability to users to the greater of transaction fees paid in the prior 12 months or $500, regardless of the type or amount of damages claimed....

Why it matters: This provision caps PayPal's total financial liability per incident at a level that may be substantially lower than actual financial harm experienced by business users with significant transaction volumes, and the cap applies regardless of the nature of the claim or damages alleged....

View provision → Watch PayPal →

The policy states that content submitted by users to Jasper may be used to train and improve Jasper's AI models, in addition to providing and maintaining the service....

Why it matters: This provision establishes that user-submitted content, which may include proprietary business information, creative assets, or sensitive organizational data, is within scope for AI model training and improvement activities. Enterprise customers and compliance teams may need to evaluate whether this use is addressed in their Data Processing Agreements with Jasper....

View provision → Watch Jasper AI →

The agreement contains a binding arbitration provision and a class action waiver, disclosed prominently in the notice section, requiring users to resolve disputes through individual arbitration rather than court proceedings or class actions....

Why it matters: This provision establishes that disputes arising under the agreement must proceed through individual binding arbitration, which precludes class or representative proceedings. The enforceability of class action waivers and arbitration clauses in consumer contracts varies by jurisdiction; California courts and certain other jurisdictions have applied heightened scrutiny to such provisions in consumer-facing agreements....

View provision → Watch Uniswap →

The agreement prohibits access by users who are on OFAC or other governmental sanctions lists, or who are citizens, residents, or entities organized in jurisdictions subject to comprehensive U.S. economic sanctions, and requires users to represent compliance with all applicable laws as a condition of access....

Why it matters: This provision establishes user-level sanctions compliance representations as a contractual condition of access to all products. The provision relies on user self-attestation rather than specifying any technical or identity-based verification mechanism, which is an operationally relevant distinction for compliance assessment of whether the restriction is actively enforced....

View provision → Watch Uniswap →

The agreement states that Uniswap Labs does not control or operate any version of the Uniswap Protocol, does not operate liquidity pools, and does not control trade execution, asserting that users are not buying or selling digital assets from Uniswap Labs when using the Interface....

Why it matters: This provision asserts a structural and legal separation between Uniswap Labs as the Interface operator and the underlying Protocol as autonomous open-source smart contracts. This distinction is Uniswap Labs' stated position and is relevant to ongoing regulatory analysis of whether the Interface operator's role constitutes broker-dealer, exchange, or money transmission activity under applicable law; the regulatory determination of this question is not settled by this agreement language....

View provision → Watch Uniswap →

The agreement states that CCA participation may require locking digital assets in a smart contract for the duration of the auction with no access during that period, that users bear the risk of asset price volatility during the lock period, and that inside information-based participation is prohibited....

Why it matters: This provision establishes that users participating in CCAs may have their assets locked in smart contracts for indeterminate periods with no ability to access them, and assumes all resulting loss risk. The inside information prohibition and manipulation restriction engage market integrity standards that are relevant to regulatory classification of CCA activity....

View provision → Watch Uniswap →

The policy includes provisions restricting the collection and use of data from users who are minors, requiring developers to comply with applicable laws governing data collection from children and adolescents....

Why it matters: This provision establishes a developer obligation to comply with age-based data protection requirements, which interacts with COPPA, GDPR provisions on children's data, and state-level age-appropriate design laws where applicable....

View provision → Watch Meta →

The policy states that when access is sponsored by an employer or educational institution, Coursera may share the user's name, enrollment records, course progress, completion status, and assessment performance with that sponsoring organization....

Why it matters: This provision establishes that employers or educational institutions sponsoring platform access may receive identifiable learner performance data including assessment results, which creates operational implications for employee privacy expectations and institutional data governance obligations. The scope of permissible disclosure to enterprise customers warrants evaluation under applicable employment privacy laws, FERPA, and GDPR depending on the jurisdiction and nature of the sponsoring organization....

View provision → Watch Coursera →

Plaid's terms authorize collection of financial account credentials, transaction history, account balances, and identity information from consumers who connect their bank accounts through the Plaid Link interface on behalf of partner applications....

Why it matters: This provision establishes the core data collection mechanism through which Plaid accesses sensitive nonpublic personal financial information, implicating GLBA, CCPA, and GDPR obligations for both Plaid and its developer partners....

View provision → Watch Plaid →

The terms authorize Plaid to use financial data it collects through partner app connections for its own purposes, including product improvement and fraud prevention, independent of the specific partner application through which the data was collected....

Why it matters: This provision establishes a dual-role data use structure in which Plaid acts both as a service provider to developer partners and as an independent data user, creating compliance questions regarding whether downstream independent use is adequately disclosed to consumers at the point of consent....

View provision → Watch Plaid →

The terms require users and Target to resolve disputes through individual binding arbitration rather than court litigation, and both parties waive the right to jury trial or participation in class action or representative proceedings. Limited exceptions apply for small claims court and intellectual property injunctive relief....

Why it matters: This provision requires that disputes proceed through individual arbitration, which determines the procedural mechanism available to consumers for seeking redress against Target. The class action waiver forecloses participation in collective litigation, which may affect the practical availability of redress for lower-value claims....

View provision → Watch Target →

The terms cap Target's total liability for any claim at the greater of amounts paid by the user to Target in the preceding 12 months or $100, and exclude indirect, special, incidental, punitive, exemplary, and consequential damages entirely....

Why it matters: This provision establishes a monetary ceiling on recoverable damages in disputes with Target, limiting aggregate liability to $100 for users who have made no purchases or minimal purchases in the prior year. The exclusion of consequential and indirect damages further constrains the categories of loss users may seek to recover....

View provision → Watch Target →

The policy states that voice recordings submitted by users may be processed to train and improve ElevenLabs' AI models, subject to user account settings and applicable consent mechanisms....

Why it matters: This provision authorizes the use of user-submitted voice audio for AI model training, which creates obligations under GDPR lawful basis requirements and may trigger biometric consent statutes in Illinois, Texas, and Washington if voice recordings are characterized as biometric identifiers under those frameworks....

View provision → Watch ElevenLabs →

The policy states that personal data is processed and stored in the United States and may be transferred to other countries, and asserts that users consent to such transfers by using the platform....

Why it matters: This provision asserts consent-based authorization for cross-border data transfers, including from the EU and UK to the United States; under GDPR, consent alone is generally not a sufficient transfer mechanism and the policy does not specify reliance on Standard Contractual Clauses or other adequacy mechanisms, which may require further evaluation....

View provision → Watch ElevenLabs →

The policy prohibits advertisers from targeting LinkedIn members using sensitive data categories including health data, consumer health data, genetic data, biometric data, racial or ethnic origin, political affiliation, religious beliefs, sexual orientation, criminal record, trade union membership, and income. The prohibition applies to direct targeting on these attributes and extends to any categories defined as sensitive under applicable law....

Why it matters: This provision requires advertisers to audit any audience segments, custom audiences, or third-party data sets used in LinkedIn campaigns to confirm they do not incorporate these prohibited categories. Because the prohibition extends to categories as defined by applicable law, the operational scope may vary across jurisdictions, including GDPR special categories in the EU and state-level sensitive data definitions in the US....

View provision → Watch LinkedIn →

The policy requires that advertisers promoting financial services or products to UK audiences must be authorized by the UK Financial Conduct Authority. This requirement applies to the full scope of financial advertising categories described in the document, including lending, mortgages, credit, investments, insurance, and pensions....

Why it matters: This provision establishes a regulatory authorization prerequisite for any financial services advertiser seeking to reach UK audiences on LinkedIn, creating a pre-campaign eligibility requirement that is externally defined by the FCA rather than LinkedIn's internal review process alone....

View provision → Watch LinkedIn →

The notice states that Uber collects facial images and processes biometric data from drivers in applicable markets for identity verification during onboarding and ongoing real-time checks while using the platform....

Why it matters: This provision requires collection and processing of biometric identifiers, which are classified as special category data under GDPR Article 9 and sensitive personal information under CCPA/CPRA, and as biometric identifiers under Illinois BIPA and similar statutes, triggering heightened consent, retention, and security obligations in multiple jurisdictions....

View provision → Watch Uber →

The notice states that Uber collects precise GPS location data from drivers continuously while the app is in the foreground or background, covering the period from trip request through trip completion and a period afterward, and in some markets may collect location data between trips....

Why it matters: Continuous background location collection constitutes processing of precise geolocation data, classified as sensitive personal information under CPRA and subject to heightened protections under GDPR and multiple other frameworks; collection outside active trip periods extends the scope of surveillance beyond what may be operationally necessary for service delivery....

View provision → Watch Uber →

The policy establishes a restricted category tier requiring advertisers to obtain advance written authorization from TikTok before running campaigns for products including alcohol, gambling, financial products, and political content....

Why it matters: This provision creates a pre-authorization workflow that conditions campaign launch eligibility for regulated industries on affirmative platform approval. Advertisers in financial services, healthcare, gambling, or alcohol categories cannot activate campaigns without completing this authorization process, directly affecting campaign planning timelines....

View provision → Watch TikTok Ads →

The policy prohibits advertisers from targeting users under 18 with age-restricted content categories and requires advertisers to implement appropriate audience targeting to prevent delivery of restricted content to minors....

Why it matters: This provision places affirmative compliance responsibility on advertisers to configure audience targeting to exclude minors from campaigns for age-restricted products. Failure to implement appropriate targeting parameters may constitute a policy violation triggering ad removal or account action....

View provision → Watch TikTok Ads →

The agreement requires users to resolve disputes with Block through individual binding arbitration rather than through courts, and includes a 30-day opt-out window available by written notice after first accepting the terms....

Why it matters: This provision requires disputes to proceed through individual arbitration administered by AAA or JAMS rather than through civil litigation, and the accompanying class action waiver means users cannot participate in consolidated or class proceedings against Block. The 30-day opt-out window is operationally time-limited and requires affirmative written action by mail....

View provision → Watch Cash App →

The agreement includes a class action waiver requiring users to pursue claims against Block individually rather than as part of a class or consolidated proceeding, as referenced in Sections XXIII.19 and XXIII.20....

Why it matters: This provision requires that any legal claims against Block be brought on an individual basis only; users cannot join or initiate class action or consolidated proceedings under these terms. The waiver applies in conjunction with the mandatory arbitration clause....

View provision → Watch Cash App →

The agreement reserves Block's right to suspend, limit, or terminate user accounts at its discretion, including without prior notice, which may affect access to funds held in the Cash App Balance....

Why it matters: This provision grants Block discretionary authority to restrict or terminate account access, which is operationally significant because the Cash App Balance functions as a prepaid account and primary financial account for some users. Account suspension without prior notice may delay or restrict access to stored funds....

View provision → Watch Cash App →

The agreement requires the Customer to represent and warrant that all Customer Data provided to HubSpot has been lawfully collected, that the Customer holds all necessary rights and permissions to transfer and process that data, and that doing so does not violate applicable laws or third-party rights including privacy rights....

Why it matters: This provision places the legal compliance burden for Contact Data on the Customer as data controller, creating direct exposure under GDPR, CCPA, and other applicable privacy laws if data is transferred to HubSpot without adequate lawful basis, consent, or required disclosures to data subjects....

View provision → Watch HubSpot →

The policy discloses that Samsung collects biometric identifiers including fingerprints, facial geometry, and voice prints in connection with device authentication and certain product features....

Why it matters: This provision discloses collection of biometric identifiers, which are among the most sensitive personal data categories under CCPA/CPRA and state biometric privacy laws. The scope of collection across the Samsung device ecosystem creates obligations regarding consent, retention schedules, and data sharing restrictions that vary by jurisdiction....

View provision → Watch Samsung →