Found in 93 of 170 platforms tracked (55% adoption) · 253 provisions
Your DNA and health information could be handed over to police or prosecutors without your knowledge, which could have serious legal or personal consequences.
Your genetic data, even when described as 'de-identified,' is inherently re-identifiable and uniquely personal — and opting in means it may be used commercially by drug companies without further noti…
A new owner of 23andMe would inherit your DNA data and could operate under different privacy standards, and you may have limited ability to prevent this transfer.
Your DNA is uniquely identifying even when anonymized, and sharing it with third parties for research — even in aggregate form — carries risks of re-identification that could affect your privacy and …
Your browsing behaviour, app usage, and profile information may be shared with a wide range of advertising companies and data brokers, contributing to detailed advertising profiles about you across t…
Your data flows across dozens of Amazon-owned companies and external business partners, meaning your information reaches far beyond the Amazon.com website you originally interacted with.
There are millions of third-party sellers on Amazon's marketplace, and your purchase data, contact details, and communications with them may be governed by privacy policies far weaker than Amazon's o…
AWS may share your account information and activity data with law enforcement without prior notice to you in connection with suspected violations, which has significant privacy implications.
A significant category of data sharing with external parties occurs entirely outside your control, meaning your Social Security number, account data, and financial history flow to third parties as a …
This means your app behavior, device fingerprint, and potentially your posts and interactions are used to build an advertising profile about you and shared with companies outside of BeReal.
Your browsing behavior, device information, and interactions on the platform may be shared with advertising companies who build profiles about you across the internet.
Your personal data — including behavioural patterns and profile details — may be shared with external advertising companies, creating privacy risks beyond Bumble's own systems.
This means your personal information may be commercially transferred to advertising partners without a direct payment, which triggers opt-out rights under California law and similar statutes.
Your browsing behavior, demographics, and usage patterns on Character.AI may be shared with third-party ad networks, enabling profiling across multiple websites and platforms.
This means your data collected on Chegg's platform may be used to target you with ads across other websites and apps, and Chegg receives value in return, which qualifies as a 'sale' under California …
Sharing your transaction data with blockchain analytics firms allows those companies to trace your cryptocurrency activity on public blockchains and potentially link your identity to wallet addresses…
Users must hand over sensitive personal and financial information to Coinbase, which is then subject to government subpoenas, regulatory inquiries, and third-party sharing, meaning your identity and …
Your complete financial and identity profile on Coinbase can be handed over to government authorities without your knowledge, which is particularly significant given the volume of sensitive data Coin…
Your data flows across a massive media and entertainment conglomerate — what you watch, browse, and purchase with Xfinity may be known to NBCU and Sky without you realizing it.
Your private communications, browsing history, and account data can be turned over to government or law enforcement without your knowledge under certain legal processes.
Your personal data isn't just collected by Comcast — third-party advertisers and data brokers may also be collecting information about you through Xfinity platforms, expanding the ecosystem of entiti…
Your data is being used to track you across the internet beyond EA's own services, and you may not be aware of how many third parties receive your information for advertising purposes.
Sharing behavioral and device-level data with third-party advertisers is one of the broadest forms of data disclosure in this policy, and under CCPA it may constitute a 'sale' or 'sharing' of persona…
Once your data reaches the organizer, Eventbrite's privacy protections no longer apply, and the organizer may use your information in ways you haven't agreed to with Eventbrite.
Once your health data leaves Fitbit's environment and goes to a third party, Fitbit's privacy protections may no longer apply, and the third party's own policies govern how your data is handled.
Your browsing habits and personal information may be used by companies you've never heard of to target you with ads, which is a significant privacy concern.
Your sensitive financial and personal data may flow to many organizations beyond Gemini itself, each with their own privacy practices and security standards, increasing your exposure to potential mis…
Your private repositories, communications, and account data could be handed over to authorities without your prior knowledge in response to legal demands.
Your data — including your resume, job application history, and potentially sensitive profile information — may be passed to employers without you explicitly initiating contact with that employer.
Job application data is explicitly categorized as sensitive under both GDPR and US state law, meaning it warrants stronger protections — but it is also shared with employers and affiliates.
Your behavioral data flows not just to Google but to a vast network of advertising technology companies, data brokers, and publishers who participate in Google's ad ecosystem — this extends the reach…
Third-party SDKs operate largely outside of Grindr's direct control and may collect and transmit your data to their own systems, creating data flows that users cannot easily monitor or stop.
Your personal and financial data may be shared with entities beyond Gusto, including for advertising purposes, which could expand exposure to data misuse.
The use of mental health and wellness behavior data for advertising purposes goes beyond what most users would expect, and may constitute a 'sale' or 'sharing' of sensitive personal information under…
Your data and account history on Hinge may be visible to and used by other dating apps you've never signed up for, and a ban on one platform can affect your ability to use entirely separate Match Gro…
Video streaming services like Hulu collect detailed records of everything you watch, which is protected by the Video Privacy Protection Act — understanding what data is shared and with whom is critic…
Information shared with credit reference agencies can affect your ability to obtain credit, loans, or mortgages from other lenders, making this one of the most consequential data-sharing provisions i…
Your shopping habits and financial activities are being used to build an advertising profile, which is then shared with external ad networks — meaning your data extends beyond the Klarna ecosystem.
Your name, email, behavioral data, and purchase history may be shared with companies you have never interacted with, enabling detailed profiling for advertising purposes.
Your personal data including home address is shared with shipping and payment partners when you buy a Ledger device, and given Ledger's history of a significant customer data breach in 2020, understa…
This breach means your personal contact details may already be in the hands of bad actors, increasing your risk of phishing, fraud, and targeted scams — particularly dangerous for crypto holders.
Employers and recruiters may access data about your professional activity on LinkedIn — including signals you may not have consciously shared — when using LinkedIn's hiring tools.
Your trip history and location data could be accessed by police or government agencies without your knowledge in response to legal demands.
Your precise location, travel patterns, payment details, and personal information may be shared with entities beyond Lyft, raising privacy and data security concerns.
Your trip history and behavior can be used to build a detailed profile for advertising purposes, and this data may be shared with many third parties you have no direct relationship with.
This restriction is one of the strongest data protection provisions in the document, protecting users from having their Facebook and Instagram data monetized or used to track them by apps they give p…
Once your data is shared with third parties, you lose control over how it is used, retained, or further shared, and those parties operate under their own privacy policies which may provide fewer prot…
Data transferred to the US may be subject to US government surveillance laws that do not provide the same protections as EU law, and invalidation of transfer mechanisms — as has occurred previously —…
Sensitive personal data categories carry the highest risk of harm if misused — this clause creates a specific heightened protection for the most personal categories of user information.
Personalised advertising involves sharing your behavioural and interest data with external companies, which extends the reach of your personal information beyond Microsoft to a broad network of adver…
Your health app data being passed to advertisers means your private health behaviors could influence the ads you see across the internet, and you have limited visibility into how these partners use y…
Your personal data — including conversation content — is transferred to and processed in the United States, which has different (and generally lower) privacy protections than the EU or UK.
Your data is not siloed within OpenAI — it is shared with a range of external vendors and partners, expanding the potential exposure of your personal information.
The Video Privacy Protection Act (VPPA) restricts the disclosure of video viewing records, and broad sharing of this data with advertisers may expose Paramount+ to liability — and compromises your vi…
This means your data is being used to build advertising profiles and target you with ads, potentially across multiple platforms and services beyond Paramount+.
Tracking technologies follow your activity beyond the Patreon website itself, building a behavioral profile that is shared with advertising partners and used to target you with ads on other platforms.
When your data is transferred to the US, it may be subject to US surveillance laws and different privacy protections than those in your home country, and the legal mechanisms used to authorize these …
Your activity on Patreon may follow you across the internet through ad targeting, and your data is passed to companies whose privacy practices are outside Patreon's direct control.
Your PayPal purchase history and inferred preferences are being used commercially by third-party businesses you may not have a direct relationship with, and once shared, that data is governed by thos…
Sharing data with CRAs and debt collectors can have long-lasting financial consequences, including negative entries on your credit report that affect loans, mortgages, and other financial products.
PayPal can disclose your financial and personal data to law enforcement or government bodies, and the standard for 'reasonably necessary' gives PayPal significant discretion beyond court-ordered dema…
Your personal data, including usage patterns and device identifiers, may be shared with advertisers you have no relationship with, enabling tracking across the internet beyond the Peloton platform.
Once your data is shared with third parties, Pinterest's privacy policy no longer governs how those parties use your information, meaning you have less control over your personal data.
Your financial data doesn't stay with Plaid — it flows to the app you're connecting to, and Plaid's agreements with those developers (not your direct agreement) govern how they must handle it.
This authorization is the core of Plaid's entire business model and determines exactly what banking information third-party apps can see about you.
South Korea is not automatically recognized as providing GDPR-adequate data protection for all transfer scenarios, meaning your EU or UK personal data may be sent abroad without the full protections …
Your sensitive investment and personal data is being used to profile you for advertising purposes, which goes beyond the core service you signed up for.
Your behavioral data and inferred personal characteristics are being shared with external companies you have no direct relationship with, enabling those companies to build profiles about you for adve…
Your browsing behavior, property searches, and account data may be used to build an advertising profile and shared with third-party ad networks beyond Redfin's direct control.
Your gaming activity and personal information may be used to build an advertising profile and shared with companies you have no direct relationship with, limiting your control over your own data.
This means sensitive financial data can flow beyond Robinhood itself to a wide network of companies, potentially including advertisers and financial product partners, without your explicit per-transa…
As a financial services platform, Robinhood holds sensitive data including your investment portfolio, banking information, Social Security number, and trading patterns, and the scope of permissible d…
Your usage data and identifiers may be shared with third-party advertising companies, which can build profiles about you and affect what ads you see on and off Roblox.
Your shopping and browsing activity on Shopify-powered sites may be used to build advertising profiles and target you with ads across the internet.
Your personal information is shared broadly with third-party advertising networks, meaning your data profile extends well beyond Snapchat's own platforms.
Your sensitive financial and personal data is disclosed to a range of third parties beyond Stash itself, and you have limited ability to control this sharing once you accept the policy.
Your financial behavior and personal data may be used to target you with ads and shared with companies like Google and Facebook, which many consumers would not expect from a financial services provid…
By default, Flyby can expose your location and identity to strangers who happened to be near you during an exercise, creating personal safety and stalking risks — particularly for solo runners or cyc…
Sharing your data with advertising networks means your behavioral and demographic profile is distributed to companies you have no relationship with, and this data can be combined with other sources t…
Your location data is among the most sensitive personal information you generate — it can reveal your home, workplace, medical appointments, religious practices, and daily routines, and once shared w…
This provision means your shopping data is not just used to improve your Target experience — it is monetized through an advertising network, which is a significant expansion of data use that many con…
Your personal data — including contact information, device identifiers, and browsing behavior — is shared with advertisers, and US users outside California have no explicit opt-in right before this o…
This clause gives TaskRabbit broad, self-determined authority to disclose your personal data to outside parties without your knowledge or consent, going significantly beyond standard legal obligation…
Event Partners receive your data as independent controllers, meaning they can use it under their own privacy policies, which may differ significantly from Ticketmaster's.
Your data is shared with a wide network of third parties for advertising purposes, and those parties operate under their own privacy policies which TikTok does not control.
If third-party advertising and analytics trackers fire before you have given consent, your browsing data — including your visit to TikTok's own safety and privacy pages — may be shared with Google, M…
Your dating behavior, profile attributes, and usage patterns on a sensitive personal app may be used to build advertising profiles about you, potentially revealing intimate details of your life to ad…
Sharing data across a large corporate family means information you provide to Tinder may be accessible to dozens of other entities beyond Tinder, significantly expanding the footprint of your persona…
The Irish DPC fined Uber €290 million in 2023 specifically because its international data transfer safeguards were inadequate. This provision is directly relevant to that ongoing compliance risk.
Drivers may not expect their personal data collected in an employment-like context to be shared with advertisers, and this sharing may constitute a 'sale' or 'sharing' of personal information under C…
Once your data is shared with third parties, you have limited control over how it is subsequently used, stored, or further shared by those external companies.
Sharing your data with Google means it can be combined with other Google data about you, significantly expanding the profile Google holds and the ways your data can be used.
Mortgage applications involve broader data sharing than standard investment accounts, including credit bureaus, underwriters, and servicers, which significantly expands the number of entities holding…
Your bank login credentials and full account history are shared with and stored by third-party companies whose privacy practices you must separately agree to, creating additional data exposure beyond…
Your sensitive financial data could be shared with a broad network of companies beyond Webull itself, reducing your control over who accesses your information.
This means data from your private messaging app feeds into the broader Meta advertising machine, potentially influencing what ads you see on other platforms even if you don't use them.
Your WhatsApp data may be used across Meta's family of apps, potentially affecting the ads you see and how your personal profile is built across platforms.
Users should be aware that their data — including private messages, account information, and IP addresses — can be disclosed to government authorities under certain legal conditions without the user'…
Your personal information and behavior on X is shared with companies you may not know about, enabling them to target you with ads across the internet.
Your data may be moved to countries with weaker privacy protections than your own, and by accepting these terms you are consenting to this transfer upfront, which limits your later ability to object.
This bidirectional data flow means Yelp builds richer profiles on users than what they share directly, and distributes that data broadly across the advertising ecosystem.
This practice means your online behavior is being monetized to fund targeted advertising, and the 'we don't sell data' claim may be misleading since CPRA treats this type of sharing the same as a sal…
For EU, UK, and other international users, transferring genetic data outside their jurisdiction may reduce the legal protections available to them under local law.
In the event of a corporate transaction, your personal data could be passed to a new company with potentially different privacy practices, with limited ability for you to prevent this transfer.
If you are outside the US, your personal data may be sent to countries with different and potentially lower privacy protections, which may affect your rights and how your data is protected.
When you connect your social account or interact with Adobe's social media pages, your data flows between Adobe and social platforms, which may be used to build detailed advertising profiles about yo…
If you live in the EU, UK, or another jurisdiction with strong privacy protections, your data may be sent to countries with weaker legal protections, potentially reducing your rights and remedies.
Your conversation data and account information could be disclosed to law enforcement or regulators without your knowledge if Anthropic determines it is legally required or necessary for safety or fra…
Your conversation history, personal identifiers, and any sensitive data you've shared with Claude could be transferred to an entirely different company without your explicit consent if Anthropic is a…
Data sharing across Apple's extensive service ecosystem allows Apple to build detailed user profiles that are more comprehensive than what any single service would reveal, which could affect personal…
International data transfers, particularly from the EU/EEA to the US, have been subject to intense legal scrutiny and regulatory enforcement, and consumers may have limited visibility into which coun…
This commitment, while significant, does not preclude all commercial uses of personal data — Apple may still share data with partners, developers, and advertisers for ad targeting on Apple's own plat…
Your browsing activity on Audible is transmitted to Amazon's centralised analytics infrastructure, meaning your audiobook interests and listening habits are aggregated into Amazon's broader consumer …
Your financial data can reach companies outside of the Bank of America corporate family, meaning organizations you have no direct relationship with may receive your personal financial information.
Without opting out, your financial data including account details and transaction history can be used by Bank of America's family of companies to target you with marketing, often without you realizin…
Your financial data can be disclosed to government and law enforcement entities without your consent or prior notification in circumstances involving legal process or fraud investigations.
Your data may leave the EU and be stored or processed in countries with weaker privacy protections, though Standard Contractual Clauses are the EU's approved mechanism for this.
Your sensitive financial information could be shared with other companies for advertising purposes without you necessarily being aware, impacting your privacy.
Your data is shared with multiple external vendors, each of which becomes a potential point of risk for data breaches or misuse.
Your financial records, identity documents, and transaction history can be shared with government authorities without your knowledge, which is particularly significant given the regulatory scrutiny o…
Your data is not confined to Binance.US but flows to a network of affiliates and vendors, each of which may have different security standards and privacy practices.
When your data is transferred internationally, it may be subject to foreign government access requests or weaker privacy laws, reducing your ability to enforce your rights.
In the event of a corporate transaction, your sensitive wellness data — including mood check-ins, sleep habits, and health information — could be transferred to a new owner whose privacy practices ma…
Your employer could receive confirmation that you have activated a Calm subscription, which may indirectly reveal that you are seeking stress relief, mental health support, or sleep assistance.
The breadth of data sharing — spanning financial affiliates, credit bureaus, merchants, and advertising partners — means your sensitive financial and behavioral data travels far beyond Cash App itsel…
Your conversations with AI characters are not private and can be accessed, preserved, and disclosed by the company at its discretion for legal or safety reasons.
In a merger or acquisition scenario, your personal data — including chat history, voice recordings, and account information — could transfer to a new owner with potentially different privacy practice…
Your financial and behavioral data can be shared broadly beyond Chase, potentially resulting in targeted solicitations from companies you never chose to engage with.
Your data processed under EU or UK privacy law may be transferred to the US, where it could be subject to broader government surveillance access under US law — a key concern highlighted in the Schrem…
EU and UK users' data is processed outside their home jurisdiction, which carries regulatory risk if transfer mechanisms are challenged or invalidated.
This means your data may be used to target you with ads outside of DocuSign, and California residents have the right to opt out of this.
Your data held by DocuSign, including signed documents, could be disclosed to government authorities without your prior knowledge in response to legal process.
Your files stored on Dropbox can be accessed by government and law enforcement authorities through legal requests, which may include your private documents, communications, and metadata.
Your data does not stay solely with Dropbox — it is shared with multiple external companies, which increases privacy exposure and reduces your control over your personal information.
Your data may be stored and processed in countries with different privacy laws than your own, and the legal protections Dropbox relies on for these transfers have faced regulatory scrutiny.
Your gaming identity and activity data will be shared with multiple platform operators beyond EA, each governed by their own separate privacy policies, potentially expanding the reach of your persona…
Linking accounts triggers automatic data sharing from third-party platforms to Epic that many users may not anticipate, and the combined data profile this creates is significantly richer than what us…
For EU and UK users especially, transferring data internationally can reduce the legal protections that apply to your personal information.
When you buy a ticket, your personal data — including name, email, and payment information — may be shared with event organizers and third-party service providers, and you should review the Privacy P…
These integrations mean multiple companies, not just Eventbrite, may receive and process data about your behavior, each under their own privacy policies.
This means that your professional activity on a design platform is being used to build advertising profiles and target you with ads, which many users of a B2B SaaS tool would not expect, and which tr…
For EU and UK users, this means your personal data is being processed in the United States, a jurisdiction without an EU-equivalent level of data protection, and the lawfulness of that transfer depen…
For EU and UK users in particular, transferring health data to the US may not carry the same legal protections as data kept within the European Economic Area, depending on the safeguards Fitbit uses.
When your data is transferred internationally, it may be subject to weaker privacy laws or government access powers in the destination country.
EU and UK users' data is sent to the US, where privacy protections differ significantly, and the adequacy of SCCs as a transfer mechanism continues to be subject to legal challenge.
Your transaction history, identity information, and account activity could be disclosed to government authorities without your knowledge or consent, which is especially significant given the sensitiv…
Behavioral tracking data is used to build a profile of your activity on Gemini's platform and may be shared with advertising partners, affecting your privacy beyond basic account use.
Data transferred internationally may be subject to different legal protections, and users in the EU and UK have specific rights regarding where their data goes.
Sharing data with Microsoft means your GitHub activity could be connected to your Microsoft account data, potentially creating a broader profile of your digital behavior.
Your data does not stay within Glassdoor alone — it flows to other major platforms in the same corporate family, expanding the scope of who holds and can use your information.
Given Google's vast data holdings — including search history, emails, location history, and private communications — government access to Google's data can reveal extremely sensitive information abou…
Connecting third-party services to Gemini significantly expands the number of entities that can access your conversation data, often without users understanding which third parties are involved or wh…
Transferring data internationally can expose it to different and potentially weaker legal protections than those available in the user's home country.
International transfers of sensitive mental health data to the US mean your information may be subject to US government access or different privacy standards than your home jurisdiction provides.
Your dating behavior, preferences, and sensitive profile information may be used to build an advertising profile of you, which can be shared with third-party ad partners — raising significant privacy…
EEA and UK data protection laws require that your data only be sent to countries with equivalent privacy protections, and transfers to the US must be covered by specific legal safeguards such as Stan…
If you are in the EU or UK, your data may be sent to countries without equivalent legal protections unless adequate safeguards are in place, which the policy does not detail.
Your data could be passed to new corporate owners or multiple third-party vendors, and you have limited control over how those parties handle your information.
Sharing your personal data with merchants means more parties than just Klarna hold your information, and each merchant's own privacy practices will then govern how they use your data.
When your data is transferred internationally, it may be subject to weaker privacy protections or accessed by foreign governments, reducing the level of control you have over your personal informatio…
Any crypto transaction you make using a Ledger device is permanently recorded on a public blockchain and linked to your wallet address, which could potentially be traced back to you.
Your data may be sent to countries with weaker privacy laws, which could reduce your practical ability to enforce your data rights.
Drivers' sensitive personal data including criminal history and identity documents is shared with multiple third parties outside of Lyft's direct control.
Once your data is transferred internationally, it may be subject to foreign government access and weaker privacy protections than those available in the US.
When your data is transferred to the US or other countries, it may be subject to government access requests and legal frameworks that provide fewer protections than your home country's law, particula…
Your personal information could end up under the control of a different company with different privacy practices, with no meaningful opportunity to object before the transfer occurs.
Your browsing behavior, usage data, and interactions on Midjourney may be used to profile you and serve targeted advertising, even if you did not explicitly consent to this beyond using the service.
Inferences can reveal sensitive personal traits without your explicit disclosure, and sharing them with third parties can result in profiling that affects the ads and content you see across the inter…
Uploaded images may contain identifiable information about you or others, and their sharing with third parties raises meaningful privacy concerns, particularly if the images include faces or other bi…
Your personal data, including viewing history and device information, is shared with many external companies, increasing the risk of downstream data misuse or exposure.
When your data is transferred internationally, the legal protections that apply to it may change depending on the destination country, potentially reducing your privacy rights.
Your gaming activity, purchases, and device data may be shared with companies you have no direct relationship with, which can affect your privacy and result in targeted advertising across other platf…
Your conversation data and personal information could be disclosed to authorities without your knowledge in response to legal requests, which is important to understand before sharing sensitive topic…
Your conversation data and personal information may be shared with a wide range of third parties — including companies that could be acquired or merged — with limited ability for you to control or kn…
Users in the EU, UK, and other jurisdictions with strong privacy laws may have their data transferred to the US, which has different (and generally weaker) privacy protections.
Your data flows to multiple third parties beyond Paramount+ itself, each with their own privacy practices and data security standards, which increases the overall risk to your personal information.
Creators provide sensitive financial and tax identity information to Patreon, and this data is shared with third-party financial and compliance vendors, creating additional exposure if those vendors …
Transferring your data internationally means it may be subject to different — and potentially weaker — legal protections, and may be accessible to foreign governments or other entities.
If you are located in the EU, UK, or other regions with strong privacy laws, your data may be sent to countries with weaker protections, which carries privacy risks.
Your personal data could end up with a company you have never interacted with and whose privacy practices you have not agreed to, potentially resulting in materially different data use than what Posh…
When your data is transferred from the EU or UK to the US, it moves to a jurisdiction with different privacy protections, and the adequacy of Reddit's transfer mechanisms is subject to ongoing legal …
Your consent covers not just Redfin but also its partners and affiliates, potentially resulting in marketing contacts from companies you didn't directly engage with.
Connecting your social media account to Redfin creates a data bridge between your real estate activity and social media profile, potentially enabling highly targeted advertising on those platforms.
By agreeing to these Terms, you also consent to Revolut's data practices as described in a separate Privacy Policy, which may include sharing data with third parties and regulators.
If you are in the EU or UK, your data may be transferred to the US or other countries under mechanisms like Standard Contractual Clauses, but these transfers carry inherent legal uncertainty followin…
Your trading activity, identity information, and account history can be handed to government agencies without your knowledge, which is standard for regulated financial firms but represents a signific…
The wide scope of data sharing — including with event sponsors, advertising networks, and App Exchange partners — means your data may reach many organizations beyond Salesforce itself.
If you interact with a company that uses Salesforce's software, Salesforce's own privacy protections and your rights under this statement may not apply to that data — leaving a potential gap in your …
International transfers mean your personal data may be subject to different legal protections depending on where it ends up, which is particularly significant for EU and UK residents with stronger ho…
Your data may be stored and processed in countries with different privacy laws than your own, which can affect how well it is protected.
Your data passes through multiple third-party companies beyond Shopify itself, expanding the number of entities that hold and process your information.
Your personal information is passed to third-party Teachers who are individual creators, not just to Skillshare itself, expanding who has access to your data without a separate opt-in.
Users may not expect that individual teachers, who are independent creators rather than Skillshare employees, receive their personal contact and behavioral data.
When your data is transferred to countries with less stringent privacy protections, your rights over that data may be harder to enforce and the data may be subject to different government access regi…
Your data could be transferred to a completely different company if Skillshare is acquired, and the protections offered depend on a contractual promise rather than regulatory enforcement.
Individual users of Slack at work should be aware that their employer — not Slack — controls their workspace data and may access their communications without notice.
Your personal data flows to a range of third-party companies beyond Slack itself, and while Slack states these providers are contractually bound to protect the data, users have no direct relationship…
Cross-border data transfers of EU/UK personal data to the US must be legally justified under GDPR, and the adequacy of SCCs remains subject to regulatory and judicial scrutiny, creating ongoing compl…
As a Salesforce subsidiary, Slack may share your data across a large corporate ecosystem, meaning your Slack data could inform Salesforce CRM profiles and other products you may not be aware of.
Your private messages, location history, and account data can be disclosed to authorities in response to legal requests, including subpoenas, court orders, or national security demands.
For users in the EEA, UK, and other regions with strong data protection laws, transferring data internationally can reduce the legal protections that apply to your personal information.
Your data may flow to many companies beyond Spotify itself, increasing the risk of secondary uses, data breaches, and loss of control over your personal information.
Spotify can use your device's computing resources beyond just running the app, and explicitly allows third-party business partners to use your device for advertising delivery, which has privacy and p…
Your financial transaction data flows to multiple third-party financial institutions and payment networks as part of normal processing — this sharing is largely non-optional if you use Square-powered…
When your data is shared with third parties, it becomes subject to their own privacy practices and security measures, increasing the risk of exposure and reducing your control over your information.
International data transfers carry risk because countries outside the EU and UK may not provide equivalent data protection standards, and safeguards such as Standard Contractual Clauses can be comple…
Your personal and financial information will be shared with external parties as part of normal account operation, and the scope of these third parties and their data handling practices may not be ful…
Data shared with third-party service providers and partners can be used beyond Strava's direct control, potentially for purposes you did not anticipate, and the policy does not provide a complete lis…
Connecting Strava to other fitness apps or devices could result in your health and location data being shared with multiple organizations, each with different privacy standards, and Strava accepts no…
This is a significant consumer protection commitment, but it applies only to health data from connected devices — not all data Strava collects — and the policy still permits use of this health data f…
Your financial and identity data flows to a broad network of third parties beyond Stripe itself, each with their own data retention and use policies, significantly expanding the privacy surface of a …
When your data is transferred internationally, it may be subject to surveillance laws or government access requests in the destination country, and the legal protections available to you may differ f…
Your financial transaction records, identity information, and behavioral data can be shared with government agencies or law enforcement without your knowledge or consent in response to legal process.
CPNI contains sensitive information about your calling patterns, location data tied to network usage, and service details. How this data is used and shared affects your privacy and can be used for ta…
The breadth of third-party data sharing — spanning analytics vendors, advertising technology providers, loyalty program administrators, and financial partners — means your data reaches a wide ecosyst…
Your personal data — including sensitive identity, financial, and background check information — could be transferred to an entirely different company in a deal you have no notice of or control over.
The DPF is the current post-Schrems II mechanism for EU-US data transfers, but its legal adequacy has been challenged and could be invalidated, which would affect the lawfulness of TaskRabbit's data …
The distinction between sharing that requires consent and sharing that is deemed 'necessary for the contract' is important, as the latter can occur without your explicit agreement.
Your personal data is sent to an external company for fraud analysis under a legitimate interests basis, meaning you have limited ability to object to this processing.
A change in ownership could mean your data ends up with a different company operating under different privacy standards, and you may have limited ability to prevent this.
Your private messages, location data, and profile information could be disclosed to government agencies without your knowledge or consent under certain legal circumstances.
Data transferred to the US from the EU or UK may be subject to different legal protections, including potential access by US intelligence agencies under US surveillance law.
This data sharing funds Twilio's marketing activities but means your browsing activity on twilio.com is tracked and shared with multiple advertising and analytics companies, potentially building prof…
If you are in the EU or UK, your personal data is transferred to the US where data protection laws differ significantly from GDPR, and you should be aware of the transfer mechanisms Twilio uses to pr…
This provision means your personal data — including location history and trip records — can be disclosed to government authorities without your knowledge, which has implications for civil liberties, …
A future acquirer of Uniswap Labs may not share the same privacy commitments, and users have no opt-out right over this type of data transfer.
Your data flows to multiple parties beyond Visa itself, including your card issuer and the merchants you transact with, which multiplies privacy exposure and limits your control.
International data transfers can reduce the protections available to your personal information, particularly for users in the EU, UK, or other jurisdictions with strong privacy laws.
Using third-party features within Waze can trigger additional data sharing with external companies whose own privacy policies govern how your data is used.
If you are in the EU or UK, your data may be transferred to jurisdictions with different — potentially lower — levels of legal protection for your personal information.
Activating the shared view feature authorizes ongoing disclosure of your personal financial data to another person, and you should be certain you trust that person before linking accounts.
A corporate transaction could result in your sensitive financial data — including Social Security numbers, bank credentials, and investment history — being transferred to a new entity that may have d…
Your financial credentials and account data from other institutions are shared with Wealthfront and unnamed third-party data providers, and Wealthfront disclaims responsibility for the accuracy of th…
When your data is transferred internationally, the privacy protections that apply to it may be weaker than those in your home country, reducing your control and legal recourse.
Messaging a business on WhatsApp is not governed by the same privacy rules as messaging a friend — businesses can share what you say with other companies.
Many users may not realize their posts are searchable and viewable by the general public, including third parties who may aggregate or republish that content.
Data you generate on Xbox may be linked to your identity across Microsoft's entire ecosystem — including search history, professional profile, and productivity data — creating a far more comprehensiv…
While parental consent is required, the policy does not specify what types of third parties may receive data or what they are permitted to do with it, leaving parents without full visibility into dow…
Government or legal access to children's data can occur without a parent's knowledge or consent, which is a standard but important exception that parents should understand.
Victims of Zelle fraud who report scams through the website may not realize their personal information and fraud details will be disclosed to the financial institution of the person who received the …
International data transfers can expose your personal information to different legal regimes, including potential government access rights that differ from those in your home jurisdiction.
Clicking on third-party links or interacting with social media buttons on Chase's site may result in those third parties collecting your data, outside of Chase's privacy protections.
When you click through to third-party sites or use integrated services, your data may be collected by those third parties under their own terms, and Chegg's privacy protections no longer apply.
A future sale of EA or its assets could result in your personal data being controlled by a company with different privacy practices, with limited ability for you to prevent the transfer.
This provision means your personal data — including design files, account details, and usage history — could be transferred to a new company without your explicit consent if Figma is sold or undergoe…
Your financial data is handled by external processors, meaning you should understand who has access to your payment details and how they are protected.
Your data can be provided to law enforcement or government agencies without your knowledge, which is a standard but important privacy consideration.
If you are outside the US, your data could be transferred to the US or other jurisdictions where your local privacy laws may not apply, potentially reducing your legal protections.
Your data may be processed in countries with weaker privacy protections than your home jurisdiction, which can affect your legal rights and remedies.
Your financial and billing information is shared with third-party payment processors who have their own privacy policies, and Roblox retains some transaction data for legal and platform integrity pur…
Organizations that sell, implement, or build on Salesforce products as partners are bound by these agreements, which define their rights, obligations, and the conditions under which they can represen…
When your data is transferred internationally, the protections that apply to it may change, and it may be subject to foreign government access or different legal standards.
This is a strong consumer protection commitment that goes beyond what many financial services companies offer, reducing the risk of your data being monetized by third parties.
Create a free account and watch the platforms that matter to you. We'll email you the moment something changes.