Found in 252 of 343 platforms tracked (73% adoption) · 1154 provisions
This clause establishes the conditions under which 23andMe may utilize genetic data for research, product development, and other purposes without individual consent requirements. The authorization to…
This clause operationalizes the user's ability to terminate participation in the service and Research program, while establishing that sample disposal is automated upon deletion. The irreversibility …
This clause establishes the operational framework under which the company may comply with law enforcement requests and legal processes. It specifies both the formal legal mechanisms (court orders, su…
The provision establishes the operational scope of data utilization beyond individual health reporting, creating a revenue model dependent on research data licensing. This authorization distinguishes…
This provision defines the operational scope of 23andMe's research data sharing practices and establishes the procedural framework through which participant data may be aggregated and used for resear…
This provision defines the operational boundary between 23andMe's general data protection practices and mandatory disclosure obligations imposed by legal authority. It establishes that genetic and pe…
This clause establishes the operational framework for data continuity during corporate transactions, ensuring genetic and health data classified as business assets remain accessible to successor enti…
The clause conditions access to the research program on explicit opt-in consent, meaning genetic data sharing with external research partners occurs only upon the user's voluntary enrollment rather t…
Your service usage data, which can include browsing activity, device information, location patterns, and call records depending on the service, may be shared across AT&T's entire corporate family for…
The Data Processing Addendum is a separate document that must be actively executed by customers who process personal data subject to GDPR or similar frameworks; it is not automatically incorporated i…
The clause creates a bifurcated governance structure in which data processing for third-party models falls outside AWS's direct control and contractual scope, requiring users to separately evaluate a…
Sharing personal and financial data with marketing and advertising networks goes beyond what many consumers expect from a financial services app and may constitute a sale or sharing of personal infor…
The clause establishes a data-sharing framework that extends beyond Acorns' direct marketing activities to encompass third-party marketing operations. This authorization affects the scope of entities…
The clause establishes the operational mechanism by which Acorns transfers user transaction and account data to external commercial partners as part of its Earn program functionality. This data shari…
The clause establishes that the privacy policy operates as a unified governance framework across all Activision properties, meaning data handling practices described in the policy apply uniformly to …
Sharing personal data with advertising networks for behavioral targeting is the mechanism through which your gameplay activity, device identifiers, and inferred interests may follow you across the in…
The provision establishes the scope of third-party recipients of user data and specifies that behavioral data collected across Adobe properties may be transferred to advertising and marketing partner…
The provision establishes the operational basis for data disclosure throughout the transaction lifecycle. It defines the scope of permissible sharing by reference to functional requirements—transacti…
For a buy-now-pay-later provider handling financial and purchase data, the scope of third-party sharing determines how broadly your financial behavior and personal details may flow to retail partners…
This clause establishes the operational scope under which Airbnb may transfer personal information to legal and governmental entities without separate user consent. It defines disclosure authority ba…
The clause establishes the operational mechanism by which user data flows to external advertising and analytics vendors, enabling those vendors to conduct independent data collection and analysis of …
The clause establishes the operational framework governing AWS's disclosure obligations to government entities, defining the circumstances and processes under which customer data may be provided to l…
This provision implements requirements under the Children's Online Privacy Protection Act (COPPA) by establishing procedural safeguards for collection of data from minors and creating a mechanism for…
This clause establishes the scope of data recipients beyond Amazon's direct control, including operational service providers and integrated third-party platforms. The authorization applies across mul…
The clause establishes Amazon's operational practice of collecting and using behavioral data to inform ad targeting, while preserving a baseline ad delivery mechanism regardless of user preference se…
The clause establishes a data-sharing framework across Amazon's corporate family, enabling information collected in one business unit to be accessible to other affiliated entities. This operational s…
The clause establishes the scope of entities within the Amazon corporate structure that have access to customer personal information and the protective standards those entities must meet, creating a …
The clause establishes the scope of authorized third-party recipients of customer personal information within American's business operations and regulatory compliance framework. This defines the oper…
The clause establishes the operational basis for data sharing with external advertising platforms, defining which categories of partners receive personal information and the authorized use cases (tar…
This provision authorizes two distinct data flows: sharing with service providers operating under contract and allowing third-party advertising companies to independently collect user activity data. …
Opting into research means your genetic information leaves Ancestry's systems and goes to third parties, even if under contract. Understanding what research purposes are covered and how partners are …
This provision establishes the operational framework under which Ancestry may respond to legal demands and governmental requests for user data without separate user authorization. It defines the circ…
The provision establishes a default data usage framework for model training while preserving carve-outs for safety-critical and user-initiated use cases. This structure allows the entity to conduct o…
This provision structures the operational requirements for kid-directed app distribution on the App Store by establishing data handling restrictions and gatekeeping procedures. Compliance with these …
Requests forwarded to third-party AI providers such as ChatGPT are not subject to PCC's privacy architecture, meaning the stateless computation, no privileged access, and non-targetability guarantees…
The Facebook Pixel transmits data about your product views, cart additions, checkout starts, and purchases to Meta, a major advertising platform, enabling cross-site tracking of your behavior even if…
This authorization permits Atlassian to use customer-submitted content and usage data for AI model training and product improvement purposes, which may be material for organizations with confidential…
The clause establishes that certain data sharing activities are permitted as standard operational practice and do not require customers to take action to prevent disclosure. This reflects the regulat…
This clause establishes the operational mechanism for monetization of the service through third-party advertising partnerships. It clarifies that data sharing with these partners occurs as part of th…
The provision establishes the operational framework for data monetization through third-party partnerships. It specifies the categories of partners (advertising and analytics providers) and the track…
Once your data is shared with advertising partners who operate under their own policies, BeReal's privacy commitments no longer govern how that data is used, creating a potential gap in user protecti…
This clause establishes the operational mechanism by which Best Buy monetizes user data through advertising partnerships, enabling the distribution of behavioral and transactional information to exte…
The provision addresses regulatory classification ambiguity across state privacy regimes regarding the status of advertising service provider relationships. It clarifies Binance.US's operational posi…
The provision defines the organizational scope of the privacy framework by explicitly including affiliated and related entities within the data handling framework. This establishes that data practice…
This provision establishes the operational mechanism by which user demographic and location data flows to external advertising partners. The conditional consent requirement creates a documented autho…
This provision allocates privacy responsibility by clarifying that data shared during scheduling flows directly to the host, establishing the host as an independent data controller separate from Cale…
This provision establishes the operational framework for Calm's behavioral advertising practices and cross-site tracking infrastructure. It acknowledges regulatory classification of these activities …
The clause establishes a data-sharing framework that enables third-party ad networks to access user behavioral data across multiple platforms, permitting these partners to build user profiles for adv…
The clause establishes a broad framework for third-party data disclosure tied to credit, compliance, and fraud operations. This authorization permits data sharing across a wide network of financial, …
The provision establishes the operational scope of data sharing practices across Chase's corporate network and external service providers. The opt-out right creates a bifurcated sharing framework whe…
The provision establishes the operational scope of data sharing across multiple categories of recipients, including both commercial service providers and government/regulatory entities. It creates a …
Sharing data with credit reference agencies can have lasting effects on an individual's credit profile and ability to access financial products, and the individual may not be directly aware this shar…
This provision means your academic activity and behavioral data on Chegg's platform may be used to target you with advertisements, and California residents have the right to stop this sharing.
The clause establishes the scope of permitted data transfers within Chegg's operational ecosystem and establishes that information sharing with external entities functions as part of the standard ser…
The clause establishes a broad authorization for data sharing with advertising partners using de-identified data categories, which permits monetization of user behavior patterns while relying on de-i…
Sharing data with third parties for their own marketing purposes goes beyond typical service-provider sharing and means your data may be used in ways you did not directly anticipate when signing up f…
This clause establishes the operational framework under which Cloudflare may respond to legal requests and governmental demands for user data. It defines both mandatory disclosures (required by law) …
The provision establishes Coinbase's operational authority to conduct identity verification procedures as a condition of account access and to maintain identity records for regulatory compliance and …
The provision establishes the operational scope of data distribution within Coinbase's service delivery model. It documents which categories of third parties receive access to user personal informati…
The provision establishes the operational framework for data sharing across Coinbase's service infrastructure, enabling third parties to receive user identifiers and conversion metrics for purposes i…
The clause establishes Coinbase's procedural authority to comply with government legal process and to make discretionary disclosures based on the company's assessment of fraud prevention or safety co…
The provision establishes data collection pathways through third-party sources rather than direct user collection, enabling cross-platform advertising personalization and audience segmentation based …
This clause establishes the operational framework and authorization scope for information disclosure in response to legal demands. It defines the conditions under which the company may unilaterally d…
This provision establishes the operational scope of data recipients beyond Coinbase's direct control. By categorizing service providers and business partners as authorized recipients, the clause defi…
This provision establishes Coinbase's operational framework for complying with legal and regulatory disclosure obligations. The authorization to disclose without prior notice reflects institutional c…
The provision establishes the operational scope of data distribution across Coinbase's service delivery ecosystem. By identifying specific information categories and recipient types, the clause delin…
The clause establishes the conditions and scope under which the company may share user personal information with external parties without prior user consent, distinguishing between compelled disclosu…
This provision establishes the scope of data sharing permitted under the agreement. It defines which categories of third parties may receive personal information and the functional purposes for which…
The clause establishes a data-sharing practice tied to regulatory compliance and security operations, meaning user transaction and identification information may flow to third-party analytics provide…
This provision establishes that employers or educational institutions sponsoring platform access may receive identifiable learner performance data including assessment results, which creates operatio…
The clause establishes a broad data-sharing framework that extends beyond Databricks' direct operations to include external parties operating under different privacy policies and data handling practi…
The policy authorizes sharing of your behavioral activity data with third-party advertising and analytics partners, and discloses receipt of data about you from those same partners, meaning your prof…
This provision establishes the operational framework for Discord's advertising partnership model, enabling the transfer of user identifiers and demographics to third-party advertisers for cross-platf…
The clause defines the informational scope and types that Disney+ may process under the privacy policy, establishing the framework within which data collection and use practices operate.
The clause establishes a data-sharing framework that enables cross-platform advertising operations. It specifies the categories of recipients (marketing companies, social media platforms, analytics p…
The provision establishes a data-sharing practice that extends user information to external advertising technology providers for targeting and analytics purposes. This practice triggers disclosure ob…
This data sharing with advertising technology vendors, particularly through tools like LiveRamp's identity graph, enables cross-context behavioral advertising and may constitute 'selling' or 'sharing…
The clause establishes the operational framework for programmatic advertising delivery and cross-platform ad targeting. It identifies the categories of data that vendors may collect and the technical…
The combination of first-party data with commercially purchased data profiles, including income level and risk scores from data brokers, creates a comprehensive behavioral and financial profile that …
This provision establishes the operational scope of data sharing for advertising purposes and identifies the categories of third parties who receive access to user information. It defines a core data…
The clause establishes a data-sharing framework that enables EA's advertising partners to conduct interest-based advertising by collecting and receiving user behavioral and device data, which creates…
This provision establishes the operational framework for EA's advertising infrastructure by permitting data flows to external ad networks and analytics vendors. The authorization allows EA to monetiz…
The clause establishes the operational framework for data flows beyond Egnyte's direct control, specifying that user information will be transmitted to external parties for advertising optimization a…
The clause establishes the operational scope of data sharing beyond ElevenLabs' direct operations, specifying categories of recipients and permitted uses. It also establishes that third-party data co…
The clause establishes the scope of third-party recipients who may receive personal information under the agreement. It defines the operational categories of entities with authorized access, includin…
This provision establishes that personal information including financial and credit data may be shared with marketing partners for independent marketing use, not solely for Equifax's own service deli…
Sharing personal data with advertising partners goes beyond what is necessary to operate a smart home security service, and may constitute a 'sale' or 'sharing' of personal information under CCPA, gi…
The provision establishes the operational scope of data disclosure in the event ticketing transaction. It creates a two-party data relationship where organizers receive direct access to attendee info…
This provision clarifies the data governance structure between Eventbrite, organizers, and users by allocating responsibility for data collection decisions to organizers rather than Eventbrite. It es…
Your personal information leaves Eventbrite's control and goes to a third party whose privacy practices you may not have reviewed, potentially exposing your data to uses you did not anticipate.
The provision establishes the operational scope of Eventbrite's advertising data sharing practices and specifies the procedural requirements users must follow to restrict participation in cross-conte…
This provision allocates data controller responsibility from Eventbrite to the event organizer, meaning the organizer assumes direct legal obligations for how user data is processed, stored, and used…
The provision establishes the operational mechanisms through which FanDuel obtains and processes granular location information as a standard practice across its service delivery, and defines the scop…
The provision establishes the operational scope and permissible uses of geolocation data collection across FanDuel's service delivery functions, including verification mechanisms, vendor relationship…
This provision operationalizes Figma's data infrastructure by authorizing the movement of personal information across international borders to centralized U.S.-based systems. The clause establishes c…
Once your health data leaves Fitbit and enters a third-party app's systems, it is governed by that app's privacy policy, which may permit uses you did not anticipate, including sale of your health da…
The clause establishes the operational framework for data flow from Fitbit to third-party wellness program sponsors. It conditions data sharing on both contractual arrangements between Fitbit and the…
The clause establishes the operational mechanism by which Fitbit integrates data from external platforms into its service infrastructure. It defines the scope of permissible third-party data inflow a…
The clause establishes the operational scope of data distribution across Fiverr's service ecosystem. It defines which categories of third parties may receive user data and the permitted uses for such…
The provision establishes the operational framework for how user behavioral and usage data flows to external advertising vendors, which directly affects the scope of data recipients and commercial us…
This provision establishes the scope of Ford's third-party data sharing, including with advertising and analytics partners, which may constitute 'sharing' of personal information for cross-context be…
This provision establishes the operational scope of Ford's data sharing authority and clarifies the separate governance structure for dealer data practices. It creates a distinction between Ford's di…
This clause means your GOAT shopping data may end up with third-party companies for purposes unrelated to your GOAT transactions, potentially affecting the ads and offers you see across other platfor…
Your sensitive financial, identity, and behavioral data may be disclosed to a wide range of external parties including advertisers and law enforcement, often without requiring your prior consent for …
This provision confirms that your personal data may flow to external advertising and marketing networks, which means your driving habits, location, and profile data could be used to target you with a…
This clause establishes the operational framework under which GitHub may comply with legal process and governmental authority requests. It defines the circumstances and entities to which personal dat…
The policy authorizes transfer of personal data to Microsoft's broader corporate family, meaning data collected by GitHub may be processed under Microsoft's separate privacy terms and for Microsoft's…
This clause establishes the operational framework under which GitHub may fulfill legal obligations to disclose user information to government entities and defines the circumstances—including discreti…
Users who believe their activity on Glassdoor is private or anonymous should be aware that personal data including job application details, job interests, and behavioral activity may be shared with e…
This provision establishes the operational mechanism for application transmission, clarifying that multiple corporate entities (Glassdoor and its affiliates) handle application data in the submission…
The provision establishes the operational structure for job application submission, specifying that this service is delivered through a multi-entity arrangement rather than solely by Glassdoor. This …
The provision establishes the corporate structure relevant to data handling and directs users to supplemental privacy documentation that governs how data may be processed across affiliated entities.
This clause establishes the conditions and recipients through which personal information may be transferred outside the organization during service delivery and in response to external legal or gover…
The clause establishes the operational scope of extension functionality by defining what data sources Gemini may access upon user request and how retrieved data is handled within the service architec…
The provision establishes operational transparency regarding data handling practices: it discloses that human review and product improvement processes apply to conversation content, creating an infor…
The provision establishes that conversation data serves multiple institutional purposes—product improvement, service development, and AI model training—and clarifies that the standard privacy control…
This restriction prevents developers from building data pipelines that archive or reuse Maps API outputs, which is a common architectural pattern, and non-compliance is an enforcement trigger.
This clause allocates data protection compliance responsibilities to the customer rather than Google, establishing the customer as the party responsible for ensuring lawful processing and user transp…
Sharing personal data with advertising technology companies can result in that data being combined with information from other sources to build detailed profiles, which may extend far beyond what use…
The provision establishes the operational scope of data sharing across the Grindr service ecosystem. By authorizing both indirect sharing with service providers and direct collection by third-party p…
The clause establishes the operational framework under which user data flows to external advertising and analytics entities, enabling targeted advertising campaigns across owned and third-party digit…
The clause establishes the operational scope of data disclosure within Gusto's service delivery infrastructure. It defines which categories of external entities may receive personal information as pa…
This provision establishes the operational framework for employer-initiated third-party service integrations and allocates responsibility for legal compliance and data accuracy to the employer rather…
The provision creates a dual privacy framework: HIPAA compliance applies when Care Providers are engaged, while state-specific consumer health data laws apply to other health data collected. This est…
The sharing of personal information with advertising and analytics vendors in the context of a mental health platform is particularly sensitive because usage patterns, session frequency, and feature …
The clause establishes a cross-platform enforcement mechanism that treats Match Group's services as an integrated ecosystem for safety and user moderation purposes. This allows coordinated account ma…
The clause establishes a data-sharing mechanism across Match Group entities to enforce account restrictions and safety policies consistently across the platform ecosystem. This operational structure …
The clause establishes a data-sharing framework that integrates third-party advertising infrastructure into HubSpot's service operations. It specifies the purposes for data disclosure and the technic…
The provision establishes HubSpot's data sharing framework by categorizing recipients into operational service providers and marketing partners. This structure defines the scope of third-party access…
The provision operationalizes Hulu's data handling practices by specifying the scope of information collection and the permissible recipients of subscriber data, which directly affects the service's …
The provision establishes a broad data-sharing framework that permits intra-corporate information distribution across multiple affiliated entities within Disney's corporate structure, as well as exte…
This provision establishes the operational framework for data continuity during corporate restructuring events. It clarifies that personal information held by Inflection AI may be transferred as an a…
The Retail Data program means that your grocery purchase patterns and related behavioral data may be licensed to the brands whose products you buy, enabling those brands to target you with advertisin…
The authorization establishes the operational scope of data recipients beyond Instacart's direct service delivery. This disclosure practice affects the extent of third-party access to user informatio…
Sharing financial and behavioral data with third-party advertising networks goes beyond what most consumers expect when filing taxes or managing their business accounts, and the acknowledgment that p…
The clause establishes the scope of data sharing permitted under the privacy framework, identifying categories of recipients and purposes for which user information may be disclosed to external entit…
The clause establishes the operational mechanism by which Kick monetizes user data through advertising partnerships, enabling third parties to receive identifiers and usage signals necessary to deliv…
The clause establishes the operational scope of data sharing within Klarna's service ecosystem, defining which categories of entities receive access to personal information and the permitted uses of …
The provision establishes Klarna's operational authority to leverage user behavioral information as part of its data monetization and advertising infrastructure, enabling targeted marketing operation…
The clause establishes the operational scope of data recipients beyond Ledger's direct control, affecting how user information flows through the company's business ecosystem and defining which extern…
The provision designates Global-e and Ledger as data controllers responsible for lawful processing of user personal data under specified regulatory frameworks. This allocation of responsibility estab…
Data breach notification provisions create operational requirements for entities to communicate security incidents to affected parties, establishing a procedural framework for incident response and r…
The clause establishes the operational scope of data sharing by specifying categories of recipients (analytics and advertising partners) and the functional purposes for which data transfers occur. Th…
The clause establishes that government data sharing obligations are treated as operational requirements for service delivery rather than optional disclosures. Cities may condition operating permits o…
This sharing is not optional for users who want to use the service; it is a condition of Lime's operating permits, meaning your travel records are disclosed to government entities as a routine and un…
This clause establishes the scope of internal data distribution within the Microsoft corporate group and defines the permissible uses of that shared data across affiliated entities. It creates a unif…
This provision establishes the operational framework under which LinkedIn monetizes user data through advertising partnerships. The authorization to share non-aggregated personal data enables third-p…
The clause establishes a data sharing framework that extends access to user personal data beyond LinkedIn to affiliated entities within the Microsoft corporate structure, creating a consolidated data…
The clause establishes the operational mechanism by which LinkedIn facilitates recruitment matching on its platform—user profiles function as discoverable listings for hiring purposes, and algorithmi…
This clause establishes the operational scope and data sources for LinkedIn's ad targeting system, specifying that inferred data derived from user profiles constitutes a valid input for advertising p…
This definition determines which entities are authorized to access user data and provide integrated services under the LinkedIn User Agreement. By designating Microsoft and its subsidiaries as Affili…
This provision establishes the institutional mechanism for intra-corporate data distribution across LinkedIn's affiliated corporate structure. The authorization to combine data across services expand…
This provision establishes LinkedIn's operational practice of supplementing first-party user data with information from external data sources and partners. This sourcing mechanism enables the Service…
This provision establishes that the account deletion right does not function as a complete data rights mechanism where Input has already been used in model training or aggregated data. The operationa…
The clause establishes a broad authorization for data sharing across the company's corporate network. Because disclosure is permitted for 'any of the purposes described in this Privacy Policy,' the a…
This provision establishes the operational framework for data collection and distribution practices. It specifies that user activity data flows to external analytics and advertising entities as part …
This provision establishes the operational basis for Lyft's use of personal data in marketing activities and creates authorization for data sharing with third-party advertisers and marketing partners…
This provision establishes data flows between two entities (Google and Lyft) during service operation, with location data available to both parties for service improvement and operations purposes. Th…
The clause establishes Lyft's operational authority to respond to legal demands and governmental requests by disclosing user information without separate user notification or consent requirements at …
This clause establishes the operational framework under which Lyft may transfer user personal information to government and law enforcement entities. It defines the circumstances—legal obligations an…
The clause establishes the scope of data recipients beyond McDonald's corporate entity, including independent franchisees and external business partners involved in order fulfillment, marketing, and …
This clause establishes the operational basis for behavioral advertising delivery to non-Member users and defines the technical mechanisms (cookies and tracking technologies) through which advertisin…
The provision establishes the operational framework for data distribution necessary to Mercury's service delivery model, whereby core banking functions depend on controlled data sharing with specifie…
This restriction establishes a boundary on how Platform Data may be commercially monetized or distributed through third-party data channels. The clause limits the downstream commercial distribution p…
This provision establishes operational constraints on Meta's data commercialization and surveillance capabilities, creating defined limits on data monetization pathways and surveillance applications.…
This provision directly restricts how developers can monetize user data obtained through Meta's APIs, which affects consumers whose data is collected by third-party apps using Facebook Login or simil…
This provision establishes a procedural gatekeeping mechanism for data access by conditioning use of Platform Data on documented, affirmative user consent obtained before data access occurs. The requ…
These restrictions govern how developers may use user data obtained through Meta's platform, prohibiting uses that could benefit competing products or that could result in user data being sold or tra…
This provision operates as a gatekeeping mechanism for sensitive data processing, requiring developers to obtain dual authorization (user consent plus Meta approval) before handling protected categor…
This provision implements compliance with children's privacy regulations, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulatory frameworks in othe…
This restriction limits developers' ability to enrich or cross-reference Meta platform data with other datasets, which affects common analytics, personalization, and identity resolution practices use…
This clause establishes Meta's data ownership framework by contractually restricting downstream commercial use of platform-derived data. The provision operationalizes Meta's control over data monetiz…
The provision establishes the operational basis for Meta's cross-platform data integration infrastructure, enabling the company to maintain unified user profiles across its service portfolio and to d…
Data sharing with advertising partners is a core operational mechanism that enables Meta's advertising service delivery model. The provision establishes the contractual basis for third-party access t…
The breadth of third parties with whom Meta may share user data, combined with the range of purposes stated, means your information may flow to organizations and entities you have no direct relations…
The clause establishes the operational framework for Meta's global data infrastructure, permitting cross-border data flows that may subject information to different national legal regimes and regulat…
Cross-border data transfer provisions establish the operational structure for international data flows and define the legal safeguards applied when user data moves between jurisdictions with differen…
The provision establishes compliance mechanisms with children's privacy regulations by implementing age-gating requirements at account creation and establishing data deletion procedures for inadverte…
This provision establishes a bidirectional data flow in which Meta both shares user data with advertising partners and receives supplemental user data from those partners for audience matching, creat…
The clause establishes the operational scope of Meta's data sharing practices across multiple business functions—analytics, advertising measurement, service delivery, and legal compliance. This provi…
The provision operationalizes Microsoft's advertising model by specifying which data categories are excluded from ad targeting and which data sources are permitted for ad personalization. This deline…
The license enables Microsoft to perform core service functions including content storage, sharing at user direction, processing when content is combined with other services, and reformatting for dis…
The clause establishes Microsoft's retained rights to process and utilize user-generated content across service operations. The distinction between restricted and unrestricted use based on publicatio…
This provision operationalizes Microsoft's compliance obligations under the Children's Online Privacy Protection Act (COPPA) and implements age-based access controls as a foundational eligibility req…
This clause establishes the scope of data recipients beyond the primary service provider, including affiliated corporate entities and external partners involved in service delivery, analytics, and ad…
This provision establishes the company's legal reporting obligations and account enforcement mechanisms for violations of prohibitions against CSAM generation. The clause creates operational procedur…
The agreement authorizes Customer Data to be transmitted to third-party services upon customer configuration, while fully disclaiming Mistral AI's liability for any resulting data loss, which shifts …
This provision creates a product-siloed consent architecture where a business that has opted out of training for its primary Mistral AI products may unknowingly contribute training data through Labs …
The license granted for training purposes under the listed exceptions is perpetual and irrevocable, meaning that once data falls within one of these categories, Mistral AI's right to use it for train…
This provision establishes the operational framework through which Mixpanel distributes user data across its service provider and advertising network ecosystems. The authorization depends on contract…
The clause establishes the operational framework for data collection and sharing with external analytics and advertising entities, defining the scope of third-party access to user interaction data an…
Sharing health-related data with advertising and analytics partners extends the reach of your personal information beyond MyFitnessPal and into third-party systems where your control over that data i…
This clause establishes the operational framework for third-party data sharing in support of the service's advertising model. It designates advertising partners as recipients of user information and …
The clause establishes the operational mechanism by which user activity data flows to external advertising and analytics entities, enabling those partners to build behavioral profiles and deliver int…
The clause establishes the scope of permissible third-party disclosures under Netflix's data handling practices, defining the categories of recipients rather than restricting disclosure to a narrow s…
This provision creates an age-based access control and establishes parental consent as a operational requirement for minor users. It allocates responsibility for account oversight and service use aut…
The provision establishes Netflix's authority to aggregate data from multiple sources—including its own service, advertising partners, and third-party websites—to build user profiles for targeted adv…
The policy authorizes a two-directional data flow with Advertising Companies: Netflix both provides user interaction and device data to these companies and receives behavioral profiles derived from u…
The clause establishes the operational basis for Netflix's behavioral advertising system by defining what data sources feed into ad targeting and specifying that third-party interest inferences are i…
Your Nextdoor activity and data may be used by third-party advertising networks to track and target you across the broader internet, not just within Nextdoor.
The clause establishes the operational mechanism by which Nextdoor monetizes its service through advertising partnerships, requiring the disclosure of user information to external advertising and ana…
The provision establishes the operational framework for data sharing with external analytics and advertising partners, enabling cross-site data aggregation and analysis. This data practice constitute…
This provision establishes the operational framework for data monetization through third-party partnerships. It authorizes both the collection of behavioral data through tracking technologies and the…
The clause establishes the operational scope of data sharing beyond Notion's direct control, defining categories of recipients and purposes for which personal information may be disclosed in the cour…
The clause establishes the operational scope of data sharing within Okta's service delivery model. By authorizing disclosure to both operational service providers and advertising partners, the provis…
The clause establishes a broad data sharing framework that permits distribution of user personal data across operational partners, financial institutions, and external service providers. This operati…
This clause establishes the conditions and parties to whom OpenAI may transfer user personal information outside normal service operations. The provision grounds disclosure authority in legal complia…
The provision establishes the operational basis for cross-border data flows and clarifies that OpenAI's data processing infrastructure is not geographically limited to the user's jurisdiction. This i…
This provision authorizes OpenAI to use the content of your interactions, including prompts and responses, as training data for AI model development, subject to an opt-out that users must actively ex…
The clause establishes a data use authorization tied to model development and allows users to restrict this use through an opt-out mechanism, creating a procedural choice point for how personal data …
The license grant establishes OpenAI's operational rights to process and utilize user-submitted content as part of service delivery and product development. This authorization is foundational to the …
The provision operationalizes data transfer compliance under EU data protection frameworks by specifying the contractual mechanism (Standard Contractual Clauses) that governs the lawfulness of moving…
The terms authorize OpenAI to use input content for model training by default, which means conversation data including any personal or sensitive information in prompts may be used for AI development …
The provision operationalizes cross-border data flows necessary for service delivery while establishing a compliance framework requiring legally valid transfer mechanisms. This addresses the jurisdic…
This clause establishes the operational framework through which OpenAI discloses user personal information to external service providers necessary for platform operations and defines the circumstance…
This provision establishes the operational basis for incorporating user-submitted content into model training workflows. The authorization to use content for training purposes is a core operational p…
This clause means that highly sensitive biometric and health data, including heart rate, sleep stages, and reproductive health indicators, can be accessed by third parties such as employers, and Oura…
The provision establishes the operational scope of data sharing across Paramount+'s service delivery infrastructure and advertising operations. It specifies both operational partners (who receive dat…
This provision matters because your streaming behavior is shared with multiple advertising companies simultaneously, not just used internally by Paramount+, which can result in detailed advertising p…
Your viewing habits and device information are transmitted to major advertising platforms, meaning your behavior on Paramount+ can influence ads you see across the broader internet.
This provision establishes the operational framework for Paramount+ to monetize user data through advertising partnerships. The authorization to share personal data with third parties for advertising…
Video viewing data collection enables the service provider to operate analytics, personalization, and advertising systems. Disclosure to third parties extends these data practices to advertising part…
The clause establishes the operational scope of data recipients beyond Patreon's direct operations, defining which external entities gain access to user information for analytics and advertising purp…
The provision establishes the operational framework under which Patreon gathers behavioral and usage data through automated tracking tools. This data collection mechanism supports platform functional…
Cross-border data transfer provisions establish the geographic scope of data processing operations and define which legal frameworks govern data handling, which is operationally significant because d…
The clause establishes the operational scope of data sharing within PayPal's transaction processing ecosystem, defining which parties receive personal information and under what transaction circumsta…
The clause establishes the conditions under which PayPal may share user personal information with authorities without prior notice, based on legal compulsion or operational necessity determinations. …
This provision establishes the scope of entities that may receive personal information through PayPal's operations and clarifies that PayPal's privacy obligations do not extend to how merchants and p…
The clause establishes PayPal's operational authority to derive secondary data attributes from primary transaction and behavioral records. This inferred data becomes available for internal use in ser…
The provision establishes a data-sharing practice for personalization purposes and conditions its applicability on the disclosure date and applicable legal requirements. It operationalizes user contr…
This provision establishes the operational framework under which PayPal may transfer personal information related to account delinquency to external parties in the debt collection and credit reportin…
The clause establishes PayPal's operational authority to develop predictive user profiles beyond explicitly provided information. These inferred attributes become part of the user data PayPal process…
Sharing behavioral and identity data with advertising networks means your Peloton usage patterns can be used to profile you for advertising purposes across the broader internet, not just within the P…
This provision establishes data flows to third-party advertising and analytics partners, which under CCPA/CPRA may constitute a sale or sharing of personal information for cross-context behavioral ad…
This provision establishes that sensitive user query content and conversation history are transmitted to third-party organizations beyond Perplexity, creating a data sharing chain that extends Perple…
This provision establishes the operational framework for data sharing with external advertising entities and defines the tracking mechanisms these partners may deploy. The authorization extends data …
This provision authorizes Perplexity to use API traffic, including developer-submitted prompts and any user data embedded in them, to train and refine its AI models, which has direct implications for…
Your voice recordings and likeness data are biometric-adjacent personal information; their use for AI training and autonomous AI Self creation raises significant privacy concerns and may trigger spec…
The provision establishes the operational framework for Pinterest's advertising model by defining which categories of third parties receive user information and for what purposes. It clarifies the di…
The policy authorizes disclosure of personal data to external advertising and measurement companies, not just to enable ads on Pinterest but also to support ad measurement and reporting off-platform,…
This provision establishes the operational mechanism through which Pinterest receives user data from external sources beyond direct user interaction with the Pinterest platform. The clause specifies …
The clause establishes the operational framework for Pinterest's advertising infrastructure, permitting the collection and distribution of user technical data across multiple advertising partners to …
Plaid acts as an intermediary between your bank and third-party apps, meaning your sensitive financial account data flows through Plaid's systems and may be shared with multiple entities beyond the a…
This authorization is operationally necessary for Plaid to function as a data aggregation service, enabling the platform to retrieve account information from financial institutions and transmit data …
This provision defines the operational scope of Plaid's data disclosure practices to external application developers, establishing the mechanism by which user financial information flows beyond Plaid…
The clause establishes the scope of data recipients beyond the user and Plaid, including both user-directed third parties and Plaid's service provider network. This allocation of data sharing authori…
This clause establishes the operational basis for data transmission between Plaid and third-party application developers, defining the scope of developers' access to user information processed throug…
This provision establishes the operational scope of data sharing within Plaid's ecosystem: financial data flows from users to developers through Plaid's infrastructure, but governance of developer da…
The agreement states that using third-party AI models through Poe subjects you to those providers' own terms and privacy policies, meaning your data practices may be governed by multiple overlapping …
This provision means your conversation content is not solely governed by Poe's privacy policy; it may also be processed by external AI companies whose data practices and retention policies differ and…
This provision extends the use of your personal data beyond Poshmark itself, allowing outside businesses to market directly to you based on information you provided to Poshmark, which may not match u…
This provision establishes the operational framework under which Poshmark shares user information and permits third-party data collection infrastructure on its platform. It clarifies that advertising…
Cross-border data transfers require compliance with data protection frameworks in jurisdictions where data is processed. This provision specifies that user information may be processed outside the us…
The provision establishes the operational scope of third-party data collection and use within Public.com's ecosystem. It clarifies that analytics and advertising partners operate under authorization …
The clause establishes the operational scope of data sharing practices by explicitly permitting disclosure of user information to non-affiliated entities for marketing purposes, which expands the net…
Developers may not realize that their usage data flows to multiple parties, including the API providers they connect to, which creates a multi-company data sharing chain that each party must independ…
This clause establishes the operational framework for Reddit's use of service providers in delivering platform functionality and advertising services. It specifies the categories of data shared with …
The clause establishes the operational scope of Redfin's data sharing practices for advertising purposes, specifying that user information may be distributed to third parties across multiple advertis…
This means your real estate browsing behavior and account data may follow you across the internet in the form of targeted advertising, even on unrelated platforms.
This clause establishes the operational scope of Redfin's data utilization practices, including both internal analytics functions and external data sharing arrangements. The authorization to tailor a…
The scope definition clarifies that privacy obligations and data handling practices apply across multiple Revolut subsidiaries and service categories operating in the U.S. market. This establishes th…
Video footage you choose to share through the Neighbors app becomes accessible to a wider community audience and may be reviewed by law enforcement agencies that participate in Ring's Public Safety S…
This language functions as a preamble expressing Ring's stated privacy philosophy rather than a binding operational provision. It establishes the framing for privacy commitments but does not define e…
This provision establishes Riot Games' operational approach to third-party advertising data sharing by limiting the scope and purpose restrictions placed on advertising partners in regulated states. …
The clause establishes an intra-corporate data sharing framework that permits information transfers among affiliated entities without requiring separate customer consent for each disclosure, streamli…
The provision establishes the operational scope of data sharing across Robinhood's corporate affiliates. By defining affiliation relationships and permissible purposes upfront, the clause clarifies t…
This clause establishes a data-sharing practice that expands the set of entities with access to user personal information beyond Robinhood's direct operations. The operational significance depends on…
The provision defines the operational scope of data practices within the margin account relationship, establishing what customer information the firm may process and with whom it may be disclosed. Th…
The clause establishes the operational basis and scope for data sharing with external advertising partners, defining which data categories may be transferred and the stated purposes for such transfer…
The clause establishes the operational framework under which Roblox may delegate data processing functions to third parties, including handling of persistent identifiers for users under 13, while mai…
The clause establishes the operational framework for data flows to advertising partners and specifies the categories of information subject to sharing. It also defines the procedural mechanisms avail…
This clause establishes the operational scope of data disclosures beyond Roblox's direct control, designating advertising and analytics entities as recipients of user personal information. The explic…
The policy authorizes sharing of identifiers, behavioral data, and device information with third-party advertising partners who may use this data for cross-context behavioral advertising, which const…
This provision means your activity on Rumble does not stay on Rumble; it is shared with major ad networks that build profiles used to target you across the internet.
The provision clarifies Runway's position on data sharing disclosures and establishes an opt-out mechanism to comply with privacy regulations that require such choice for sales of personal informatio…
This disclosure is significant because it confirms that Runway shares personal data with third-party advertising and analytics partners in a manner that may trigger opt-out rights under CCPA and simi…
This clause establishes the operational framework for data sharing practices that may trigger opt-out obligations under state privacy statutes. It clarifies that data transfers to advertising and ana…
The provision establishes the operational scope of Salesforce's data-sharing practices and defines the categories of recipients who may receive Personal Data as part of normal business operations. Th…
The clause establishes Samsung's operational practice of distributing user personal information across a defined category of external entities with independent use rights. This creates a data-sharing…
The clause allocates data governance responsibilities between Shopify and merchants: Shopify's processing obligations are defined in a separate addendum, while merchants bear primary responsibility f…
The clause establishes the operational framework for Shopify's data sharing practices with external service providers. This data sharing arrangement enables both targeted advertising functionality an…
This provision establishes the operational scope of third-party data access within Shopify's service model, defining which external entities may receive user information for marketing and advertising…
The clause establishes the operational framework for data sharing with external vendors to support Shopify's advertising and analytics functions. This practice enables cross-site tracking and allows …
The clause establishes Shopify's operational authority to aggregate behavioral data across multiple merchant storefronts and integrate it with third-party information sources, enabling cross-merchant…
The clause establishes SimpliSafe's authorization to respond to compulsory legal demands by disclosing user personal information without prior user notice or consent. This reflects standard practice …
This provision governs the jurisdictional processing of user data and establishes the operational location where personal information will be handled. It notifies users that their data will be subjec…
This provision establishes the operational framework for third-party data processing, defining the categories of service providers with access to user information and the functional purposes for whic…
This provision establishes the operational framework for Snapchat's targeted advertising system by authorizing data pooling and exchange with multiple advertising partners. The clause defines the sco…
The clause establishes Snap's authority to exploit posted content without compensation across current and future distribution channels and platforms. The sublicensing mechanism allows Snap to delegat…
Sharing device identifiers and contact information with advertising networks enables cross-platform tracking and profile-building that extends well beyond Snapchat itself.
Sharing personal information with advertising and analytics partners may constitute 'sharing' for cross-context behavioral advertising under CCPA/CPRA, triggering opt-out rights for California reside…
The provision establishes the operational scope of data handling and establishes consent through terms acceptance as the legal mechanism governing information disclosure to multiple categories of rec…
This provision discloses that enabling the embeddings feature triggers transmission of full repository contents to a third-party provider, which is an operationally significant data sharing event tha…
Customers using a bring-your-own-LLM configuration lose all of Sourcegraph's data protection commitments regarding Zero Retention and training restrictions, and must rely entirely on their own agreem…
The clause establishes the operational basis for cross-context behavioral advertising, defining how user activity data is aggregated and applied for ad targeting purposes. It also specifies the mecha…
The provision creates a contractual eligibility framework that conditions service access on age verification and parental authorization for minor users. This establishes operational and legal safegua…
The provision operationalizes Spotify's data ecosystem by documenting the third-party recipients and sources that support authentication, advertising delivery, service infrastructure, payment process…
The clause establishes the technical scope of Spotify's operational rights over device hardware, defining the physical infrastructure the service may access and how those resources may be allocated a…
This clause establishes the operational mechanism by which third-party data inputs inform Spotify's ad targeting system. It clarifies that advertising partners may provide external signals about user…
The clause establishes Square's operational authority to distribute personal information across multiple categories of external recipients without requiring prior notice or separate consent for each …
Sharing personal data with third-party advertising partners for targeted advertising purposes may qualify as a sale or sharing of personal information under CCPA/CPRA, triggering opt-out rights for C…
The provision establishes the operational scope of Squarespace's data-sharing practices across multiple categories of third parties. It defines the service functions and business activities that trig…
The clause creates a consent-based mechanism for third-party data sharing, requiring affirmative user action before marketing data transfers occur. This establishes the procedural condition under whi…
The provision establishes the operational scope of third-party data sharing by permitting disclosure to specific categories of partners (market research firms and marketing partners) for defined purp…
The provision establishes the operational basis for Steam's data collection practices and defines the scope of information the service captures during normal operation. This authorization extends to …
This means your shopping habits and personal details from StockX are being shared with some of the largest data brokers and advertising networks in the world, which can result in highly targeted adve…
The clause establishes the operational scope of Strava's social and competitive infrastructure, defining which interaction mechanisms and data-sharing features are integrated into the service archite…
This provision delineates the boundary of Strava's data governance responsibility by clarifying that information flows to third-party services operate under separate contractual arrangements. The ope…
The clause establishes the operational framework for data handling by defining the scope of Stripe's authorized data processing activities and establishing privacy governance through referenced polic…
This provision establishes a data processing relationship in which a third-party platform holds data controller authority over the user's data processed by Stripe, which has direct implications for d…
The clause establishes the operational framework under which T-Mobile discloses identifiable subscriber data to external parties as part of its advertising and analytics operations, with an opt-out m…
This provision establishes the operational scope of location data collection and use, delineating between uses that occur without explicit permission (network routing, fraud detection, legal complian…
This provision establishes the operational framework for T-Mobile's data monetization practices through third-party advertising partnerships. The authorization to create and distribute audience segme…
Target's retail media network means your in-store and online shopping data can follow you around the internet in the form of targeted ads, and this data is shared with external advertising technology…
This provision establishes the operational framework for Target's cross-site behavioral advertising program. It specifies that data collection occurs across both Target-owned and third-party digital …
The clause establishes a data sharing framework that extends beyond Target's direct operations to include partner marketing and third-party marketing activities. This operational structure means pers…
This clause establishes the operational framework for cross-context behavioral advertising, specifying that Target transmits user interaction data to third-party advertising partners who then deploy …
This provision triggers opt-out rights under CCPA/CPRA and analogous statutes in Colorado, Connecticut, Virginia, Texas, and other states; the terms require Target to process opt-out requests within …
This provision operationalizes Target's retail media business model by establishing the data flows necessary for first-party audience segmentation and targeted advertising delivery. The clause define…
This clause authorizes broad sharing of personal data for advertising without specifying the identity of recipients, the categories of data shared, or contractual limits on downstream use by those th…
The clause establishes a discretionary disclosure mechanism that operates outside standard notice and consent requirements, contingent on TaskRabbit's determination that certain conditions exist. Thi…
Because Thomson Reuters operates as a data broker, individuals may have personal information collected, profiled, and sold without ever interacting directly with the company, making awareness of opt-…
Cross-company data sharing enables Meta to consolidate user information across its product portfolio, allowing consistent service delivery and coordinated data practices across its subsidiary platfor…
The provision establishes a distinction between data sales (prohibited) and data sharing for operational purposes (authorized), and creates a contractual framework requiring downstream partners to ma…
The clause establishes the operational framework for data flows across the event ecosystem, making Event Partners recipients of user data as part of the standard event delivery process and defining t…
This clause establishes the operational mechanism and scope for third-party data disclosure. It distinguishes between sharing required for contract performance (which proceeds without separate consen…
The provision operationalizes TikTok's technical infrastructure by specifying how consent mechanisms function relative to third-party data collection tools. This establishes the procedural basis for …
The transparency reporting framework creates an operational mechanism for TikTok to communicate enforcement patterns and policy implementation to external stakeholders, regulators, and the public. Th…
The specification of these endpoints documents TikTok's cross-border data transfer architecture and indicates the jurisdictions through which user data flows. This is operationally significant becaus…
This provision establishes the operational framework for third-party data access necessary to deliver the platform's commercial and functional features. It defines the categories of service providers…
The clause operationalizes TikTok's compliance framework by implementing automated checks that validate consent status before third-party tracking pixels execute. This mechanism ensures the platform'…
The clause establishes a data collection mechanism whereby TikTok obtains behavioral and contact data from third-party partners rather than directly from user interactions on its own services, expand…
The provision establishes a data-sharing framework between TikTok and third-party advertising and measurement partners. It specifies the categories of user information that flow from external partner…
The provision implements age-gating controls and creates a bifurcated service structure with differential feature availability based on age verification. This establishes operational procedures for a…
The provision operationalizes TikTok's technical infrastructure for managing advertiser pixel compliance with cookie consent standards. By specifying which pixels are subject to consent verification …
The multi-endpoint architecture enables TikTok to distribute data processing operations globally while maintaining service functionality. This distributed infrastructure approach affects how user inf…
Cross-border data transfer provisions establish where user information is processed and stored, which determines the jurisdictional applicability of data protection laws and creates organizational de…
The clause establishes a data sharing framework between TikTok and a related entity, conditioning the disclosure on compliance with Executive Order 14352 and other applicable legal requirements. The …
This provision establishes the operational framework for TikTok's behavioral advertising system by authorizing the receipt and processing of off-platform user data from external partners. The clause …
Sharing data across TikTok's corporate group, which includes entities in multiple jurisdictions, raises cross-border data transfer questions and has been a subject of regulatory scrutiny given the gr…
This cross-context behavioral advertising practice means your personal data is enriched by third-party sources you may not be aware of, creating a more detailed profile than what TikTok observes from…
This clause establishes the operational basis for TikTok's cross-platform data integration infrastructure, enabling the company to correlate off-platform user behavior with on-platform activity for a…
Once data is shared with advertising partners for their own purposes, users lose practical control over how it is used, retained, or further shared, which is particularly significant given the sensit…
Match Group owns multiple dating and social apps, meaning your Tinder data including profile information, preferences, and behavior can flow to other platforms you may not use or even be aware of.
The provision establishes the operational framework for data distribution to third parties and creates the basis for interest-based advertising delivery. It delegates certain service functions to ext…
This clause establishes a data sharing framework that extends the scope of data recipients beyond Tinder itself to affiliated entities within Match Group's corporate structure. The provision creates …
The clause establishes a data processing mechanism where personal identifiers are transformed into non-personal identifiers for advertising segmentation purposes, enabling both negative targeting (ex…
The clause establishes a data-sharing infrastructure among Match Group entities that enables cross-platform enforcement of user restrictions. This operational mechanism allows safety decisions made o…
Your personal data, including financial history and behavioral inferences, may be used by companies you have never interacted with to make decisions about whether to extend you credit, insurance, or …
The provision establishes the scope of TransUnion's data disclosure authority to external entities and identifies the categories of recipients who may receive personal information. The authorization …
This provision establishes a data-sharing framework that expands the scope of entities with access to user information beyond TurboTax itself. The operational effect is to integrate data handling acr…
The provision establishes the operational scope of data sharing across Twilio's service ecosystem and third-party partners. By characterizing certain sharing as a potential 'sale' or 'sharing' under …
This provision establishes the operational framework for Uber's data monetization through third-party advertising relationships. It authorizes data flows to external advertising and measurement entit…
The provision establishes the operational framework under which Uber transfers driver and delivery personnel data to external parties in the insurance and fleet management ecosystem. This data sharin…
The clause establishes the operational scope of data disclosure across Uber's service ecosystem. By authorizing data sharing with multiple categories of third parties, the provision defines the bound…
The clause establishes a broad authorization for data disclosure that operates across multiple categories: legally compelled disclosures, discretionary safety-based disclosures, and disclosures to pr…
The clause establishes the conditions and scope under which Uber may share user data with government and law enforcement entities without separate user notice or consent, creating an operational path…
The clause establishes the operational framework for cross-platform data sharing and audience analytics. It permits Uber to delegate data processing functions to external vendors who aggregate user b…
The clause establishes a data sharing framework that permits transfer of driver personal information to multiple external platforms for commercial purposes beyond Uber's direct service delivery. This…
This provision establishes the operational mechanism by which Uber transmits user data to advertising technology platforms that facilitate targeted advertising campaigns. The clause specifies both th…
The clause establishes the operational framework under which Uber may fulfill legal obligations and investigatory responsibilities regarding user data. It clarifies the circumstances under which data…
The clause establishes the scope of data recipients across operational, financial, legal, and commercial functions. This authorization spans both service-delivery partners and external commercial ent…
This provision establishes the operational framework for Udemy's behavioral advertising model by permitting the transfer of identifiable user data to external advertising partners. The authorization …
This clause establishes the operational basis for Epic Games to obtain user interaction data from external advertising environments, enabling cross-platform data collection that informs user profilin…
The clause establishes two distinct data-sharing pathways: one for operational service providers under Upwork's direction, and a separate authorization for sharing with unaffiliated third parties who…
Sharing personal data with advertising and analytics partners means your usage patterns and profile information may be used to build advertising profiles about you, which extends the use of your data…
The clause establishes a broad framework for data disclosure across multiple categories of recipients, including both operational partners (service providers, affiliates) and external parties (busine…
The terms authorize sharing of personal and financial data with a broad range of entities including marketing partners, which under GLBA requires that users be given an opt-out right for non-affiliat…
The provision establishes the scope of information sharing permitted under the service agreement and designates PayPal's Privacy Statement as an operative document governing data handling. This creat…
The clause establishes the operational framework for data collection and sharing with external parties, permitting these third parties independent access to user activity data across multiple propert…
This provision establishes the operational scope of data Verizon may access and use internally for service delivery and marketing, as well as the conditions under which that data may be shared with r…
The clause establishes the institutional basis for Verizon to participate in data-sharing arrangements with advertising and verification partners, conditioning these activities on users' enrollment i…
Third-party sharing for the recipient's own advertising purposes goes beyond typical service provider sharing and may constitute a 'sale' or 'sharing' of personal information under applicable state p…
The clause establishes the operational framework under which Verizon discloses customer data to external entities for service delivery and advertising purposes. It specifies that such third parties o…
This provision establishes the operational scope of data distribution across Verizon's business ecosystem. It creates authorization for information flow to multiple categories of recipients—internal …
Your location and behavioral data is being aggregated and shared with outside companies for commercial purposes unless you opt out, which is a form of third-party data sharing with significant privac…
This provision establishes that customer data including browsing activity, location, and device identifiers may be shared with marketing and advertising partners, with the breadth of sharing categori…
This clause establishes the scope of data recipients beyond Visa's direct operations and specifies that third-party sharing is permitted across multiple categories of entities (analytics, advertising…
The clause establishes the operational framework for data flow across Visa's payment network ecosystem. This sharing arrangement enables transaction processing and allows network participants to leve…
The combination of health, pharmacy, and shopping data with third-party advertising tracking creates significant privacy exposure, particularly where health-adjacent browsing behavior may inform targ…
The disclosure that advertising and analytics partners may use shared data for their own purposes, rather than solely on Walmart's behalf, is operationally significant because it means data shared un…
This provision establishes the operational framework for Walmart's retail media business model, which monetizes customer data by enabling third-party advertisers to access purchase and browsing infor…
This provision establishes the operational framework for Walmart's data monetization through its retail media network, defining the scope of permitted data sharing with advertising partners and clari…
The policy authorizes sharing identifiers, browsing activity, and purchase history with third-party advertising partners, which under CPRA and similar state laws constitutes a data sale or share requ…
The notice's acknowledgment that Walmart Connect data flows may constitute a 'sale' or 'sharing' under CCPA/CPRA triggers opt-out rights for California residents and GPC signal recognition obligation…
This authorization establishes the operational scope of Walmart's data distribution practices, determining which business entities receive access to user information for marketing and analytics funct…
The clause establishes a data-sharing framework that permits distribution of user location and usage data beyond Waze's direct control to multiple categories of recipients, each operating under separ…
This provision authorizes the transfer of Waze-specific location, behavioral, and device data to Google's broader data infrastructure, where it may be integrated with data from other Google services …
This provision establishes the operational basis for data transfer between Waze and Google's corporate family, extending the scope of entities with authorized access to user information beyond Waze a…
The clause establishes a data-sharing framework between Waze and Google's broader corporate ecosystem, enabling cross-platform advertising coordination and measurement across multiple Google services…
The provision establishes the operational framework for external account aggregation by specifying which third-party processors handle credential transmission and data access. It allocates data proce…
This clause establishes the operational framework for information flow necessary to execute home lending services across multiple vendors and stages of the loan lifecycle. The provision defines the s…
The clause establishes a data-sharing framework that extends Webull's operational scope across corporate entities while maintaining that affiliate use remains governed by the stated privacy policy. T…
Data sharing with affiliates and third parties for marketing extends your information beyond the core trading service, potentially making your financial profile and trading behavior visible to a broa…
The clause establishes the scope of data recipients beyond Webull's direct operations, defining categories of entities that may access user personal information in connection with service delivery, b…
This provision establishes the operational scope of data sharing practices and designates third-party recipients of user information. The availability of an opt-out mechanism creates a conditional au…
This provision establishes the operational scope of data distribution within Whatnot's service infrastructure and advertising ecosystem. It defines which categories of entities receive access to user…
This provision connects WhatsApp user data to Meta's broader advertising and analytics infrastructure, meaning information about your WhatsApp activity may inform experiences on Facebook or Instagram…
The provision establishes an operational framework where user data flows between WhatsApp and other Meta entities as a condition of service delivery. This creates a unified data environment across mu…
The policy authorizes broad data sharing across the entire Meta family, meaning information you generate on WhatsApp may inform advertising and content personalization on Facebook and Instagram even …
This provision establishes the operational framework for information flow within the Meta corporate family, enabling cross-company data utilization for specified business and safety functions. The au…
This clause establishes a data-sharing framework between WhatsApp and its corporate affiliates, enabling cross-company use of information for service improvement and marketing purposes. The provision…
This clause creates a data sharing infrastructure across the Meta corporate ecosystem, enabling consolidated use of user information across multiple platforms and services. The provision establishes …
The clause establishes operational integration across Meta's service ecosystem by authorizing cross-company data flows and coordinated use of user information. This structure enables consolidated app…
The clause establishes a data-sharing framework that expands the scope of entities with access to WhatsApp user information beyond WhatsApp itself to the broader Meta corporate structure. This affect…
This provision establishes the operational framework for data monetization and advertising infrastructure integration. It creates a contractual authorization for multiple categories of data sharing—p…
The clause establishes the operational scope of data sharing for marketing and analytics functions, defining which external parties receive personal information and the tracking mechanisms they may d…
The clause establishes the operational scope of information sharing beyond Wyze's direct control, defining categories of recipients (service providers, marketing vendors, direct marketing companies) …
This provision authorizes disclosure of personal data to advertising and analytics partners in connection with ad delivery and service operation, meaning your behavioral data and inferred interests m…
The clause establishes the operational scope of data sharing across X's business ecosystem. It defines the categories of entities with authorized access to user information and specifies advertising-…
This provision establishes X's operational authority to facilitate data exchange between users and advertisers based on ad engagement signals, while creating a user-controlled mechanism to restrict s…
This provision defines the operational framework through which X processes law enforcement requests, establishing institutional requirements for how the platform handles demands for user information …
The clause operationalizes international data transfers as a component of the service's data handling framework, placing the legal basis for cross-border data movement within the scope of service use…
The provision clarifies X's operational procedures for handling law enforcement data requests, establishing the institutional processes that govern data disclosure and defining what information may b…
This provision establishes the scope of third-party data distribution within X's operational framework. The clause designates multiple categories of recipients and specifies functional purposes for d…
The clause operationalizes Xfinity's obligation to comply with compulsory legal process by authorizing information disclosure without obtaining prior user consent or providing advance notification, e…
Sharing data with media and entertainment affiliates for advertising substantially expands the universe of entities that may use your personal data beyond the internet and cable service relationship …
This clause establishes the operational scope of data sharing within the Comcast corporate group. It permits affiliated entities to access personal information for specified business functions, expan…
The provision establishes the operational scope of data sharing and tracking across the advertising ecosystem. It specifies that tracking extends to third-party platforms and permits both Xfinity and…
The identification of related businesses in the privacy policy establishes the corporate entities to which data-sharing practices and privacy obligations may extend. This framing clarifies the scope …
The clause establishes the operational framework by which Yelp may extend usage rights for user-generated public content to external partners, enabling distribution of such content across partner pla…
This clause establishes the legal mechanisms through which Google transfers personal data across international borders, particularly from European jurisdictions to countries outside the EEA. The reli…
The clause creates a framework distinguishing between personal and non-personally identifiable information, with different authorization standards for each category. This distinction determines which…
This provision establishes the operational framework for third-party data collection and sharing in the advertising ecosystem. It creates a mechanism by which advertising partners gain independent ac…
Users submitting a single inquiry may receive outreach from multiple professionals they did not individually select, because Zillow treats the inquiry as authorization to share data more broadly.
The clause establishes the operational mechanism by which user data flows to third parties as a function of service delivery. It specifies that data sharing occurs in connection with user-initiated r…
This authorization expands the data inputs available to eBay beyond information directly provided by users, enabling the organization to supplement user profiles with credit history, affiliate transa…
This provision establishes the operational framework for data distribution across the service delivery ecosystem. It creates contractual obligations binding third-party recipients to limited use rest…
International data transfers are operationally significant because genetic and health data is subject to varying regulatory requirements across jurisdictions. The provision defines how 23andMe compli…
This provision sets the operational boundaries for how the platform may be utilized. It establishes the primary use cases under which the service is offered and frames the intended application of gen…
This provision permits disclosure of personal data collected through ADP's website and marketing channels to advertising and analytics third parties, which is operationally relevant for CCPA opt-out …
Your personal data including payroll figures and health information may be shared with a broad range of entities, and in the event of a merger or acquisition, it could transfer to a new owner whose p…
Your browsing behavior on AI21's website is shared with multiple advertising platforms, which may use it to build profiles about you and target you with ads on other websites and apps, often without …
Users and enterprise customers may be submitting confidential, proprietary, or personal information to AI21, and this clause authorizes AI21 to use that content beyond just fulfilling the immediate r…
Enterprise API customers operate under different data terms than regular users, which means the data protections available to a business and its users depend on the specific contractual terms negotia…
This clause authorizes AWS to access and use customer content to the extent necessary to provide services and to disclose it in response to legal demands, which is material for customers storing sens…
The clause establishes the scope of entities with access to user personal information and defines the operational basis for data sharing within the corporate group and to external service providers. …
The clause establishes the operational framework under which user personal data would be treated as a transferable business asset during corporate restructuring events, ensuring notice of potential d…
Sharing with third-party service providers and business partners expands the pool of organizations that hold your personal information, each with their own privacy and security practices, and creates…
This provision means Acorns' profile of you is not limited to what you share with them directly; it may be enriched with externally sourced data, which can expand the scope of behavioral targeting an…
This provision establishes the operational scope of data distribution within Acorns' service delivery model. The authorization covers both internal entities and external vendors necessary for core se…
Linking external financial accounts extends the scope of data Acorns collects beyond its own platform, and involves third-party aggregators who may have their own data retention and sharing practices.
A change of ownership could result in your sensitive financial data, including your Social Security number, bank credentials, and investment history, being controlled by an entity whose data practice…
The license scope includes improving and developing the Services, which is broader than providing the contracted service alone and may encompass use of customer data, including contact data, for prod…
The Microsoft corporate family is one of the world's largest technology ecosystems; data sharing within this family substantially expands the potential uses and integrations of your Activision person…
This provision means your Adobe usage activity may be disclosed to third-party ad networks, social media platforms, and data brokers for their own marketing purposes, potentially enabling detailed be…
Employees who use personal Adobe accounts with a work email address may not be aware that their account data, including usage history and stored content, could be disclosed to their employer without …
This means Adobe's picture of you as a user is not limited to what you tell Adobe directly. Data from brokers and external sources can include professional, demographic, and behavioral information th…
The clause establishes a data flow mechanism between social networking platforms and Adobe systems, contingent on user-initiated authentication and permission grants. This integration allows Adobe to…
This provision establishes the operational framework for information handling during corporate restructuring events. It clarifies that user data transfers as part of asset disposition rather than rem…
The clause establishes the scope of permitted data recipients across payment processing, risk management, regulatory compliance, and internal group operations. This authorization defines the operatio…
Your payment data may be shared with fraud prevention networks that maintain cross-industry databases, and with law enforcement or regulators, potentially without your knowledge or consent, based on …
Your transaction data and personal information may be shared with the merchants where you shop using Affirm and with other third parties, which affects your privacy beyond the Affirm platform itself.
This clause means your lending relationship with Affirm can result in your data being used for advertising and marketing by third parties beyond what is necessary to process your loan.
This provision establishes the operational framework for marketing-related data sharing across Affirm's affiliate network and external marketing partners within regulatory bounds. The provision's sig…
The clause establishes a data-sharing practice between Airbnb and advertising networks and analytics providers, enabling cross-platform targeted advertising based on user activity within the Airbnb e…
This type of data sharing means your activity on Airbnb, including searches, listings viewed, and booking behavior, may be used to profile you for advertising purposes across the broader internet, no…
Personal information shared with hosts or guests is no longer solely under Airbnb's control; hosts and guests have their own privacy practices and may retain or use your information independently.
This clause establishes AWS's enforcement mechanism and operational authority to address policy violations. It specifies that the company may escalate enforcement beyond service suspension to include…
This clause establishes the operational framework under which AWS may release customer data and service usage information to governmental and legal authorities without prior customer notice or consen…
The clause establishes the scope of entities that may access user personal information within the Amazon corporate structure and defines the conditions under which personal information may be transfe…
This participation establishes the legal basis under which Amazon transfers personal data across jurisdictions where data protection regulations would otherwise restrict such transfers. The framework…
Your personal information is shared with thousands of third-party sellers operating on Amazon's marketplace, and Amazon's ability to control how those sellers use your data once received is limited.
This clause establishes the operational mechanism by which Amazon facilitates third-party seller fulfillment by disclosing customer identifying and transactional information. The provision clarifies …
Amazon's corporate family is vast, including Amazon Web Services, Whole Foods, Twitch, Ring, IMDb, and many others, meaning data shared under this provision can flow to entities operating in very dif…
Your travel and loyalty data, including booking details, transaction history, and contact information, flows to a wide range of third-party businesses whose own privacy practices are not governed by …
Violating these restrictions, including transmitting data that breaches third-party privacy rights, can trigger immediate account suspension and indemnification obligations, and the Customer is respo…
Your behavioral data collected through third-party apps powered by Amplitude can be shared back with those app operators, meaning multiple parties may hold records of your in-app activity.
This clause establishes that Amplitude acts as an independent data controller for Operational Data, meaning the protections that apply to your Customer Data do not automatically extend to this catego…
The clause establishes the scope of data recipients beyond Ancestry itself, defining categories of entities (affiliates and service providers) that may access personal information and specifying that…
This provision establishes that genealogical content, family history records, and related personal data submitted to public areas of the platform is accessible and shareable by other platform subscri…
This provision authorizes transfer of the full scope of Ancestry's collected personal information, including genetic data, to a successor entity in a corporate transaction. The receiving entity may o…
A corporate acquisition could result in your genetic and family history data being controlled by a different company with different privacy practices, making the opt-out opportunity described here pa…
Your personal data, potentially including family history and account information, is shared with multiple third-party vendors and business partners. The scope of business partner sharing for marketin…
Clicking thumbs up or down on a response is a common and seemingly minor action, but it triggers storage of the full conversation as feedback that is exempt from the training opt-out and can be used …
Rating any Claude output triggers storage of the entire associated conversation as feedback and grants Anthropic unrestricted use rights over that conversation, including for model training, regardle…
The clause establishes the operational scope of data recipients within Anthropic's corporate structure and vendor ecosystem. It defines the categories of third parties who may access personal data an…
The clause establishes the operational framework under which the company may comply with legal process and regulatory demands, and defines the circumstances under which data disclosure to law enforce…
This provision establishes the operational basis for implementing persistent and behavioral tracking mechanisms across the service. The authorization encompasses both first-party tracking by Anthropi…
This clause establishes the operational framework for data transfer in M&A and restructuring scenarios. It clarifies that personal data constitutes a business asset subject to transfer upon corporate…
The clause establishes the jurisdictional framework for data processing and identifies the legal regime (U.S. law) that governs personal data handling, which has operational significance for users ac…
The clause establishes the conditions under which the entity may share personal data outside its direct control, including both mandatory disclosures pursuant to legal process and discretionary discl…
Sharing with advertising and business partners means your personal information may be used by organizations beyond Anyscale for their own marketing and advertising purposes, potentially outside of An…
This provision establishes a data flow from Anyscale's services to third-party advertising networks that involves direct collection of behavioral data by those third parties, not merely receipt of in…
The provision establishes the operational basis for automated data collection infrastructure and reserves discretion to modify collection mechanisms without advance specification of which tools will …
The clause establishes that data aggregation across Apple's tracking systems and existing user records results in reclassification of the combined dataset as personal data, which triggers the full sc…
When you download apps from the App Store or use Apple Pay with third-party merchants, data about your interactions may flow to those developers and merchants, extending beyond Apple's own data pract…
The clause establishes the operational framework for Apple's data sharing practices, defining categories of permissible recipients and imposing contractual obligations on those recipients regarding d…
This provision establishes the operational framework for data flows beyond Apple's direct control, clarifying that data sharing with ecosystem participants occurs as a standard business practice. The…
This provision operationalizes Apple's global infrastructure by establishing a legal basis for cross-border data flows without requiring jurisdiction-specific consent mechanisms. It enables Apple to …
Google Tag Manager acts as a container that can load any number of tracking scripts, including analytics, advertising, and remarketing tags, meaning the full scope of third-party data collection is c…
The provision establishes the operational framework for personal data transfer across Asana's service ecosystem and external parties. It defines the categories of recipients that may receive user dat…
The clause establishes the scope of third-party data access by defining categories of service providers and their functional purposes, which determines the breadth of entities with authorized access …
This provision establishes the operational framework for data sharing across Atlassian's vendor and partner ecosystem. It creates contractual obligations for downstream recipients to maintain securit…
The policy authorizes data sharing with resellers and channel partners who deliver Atlassian products, which may mean your employer's Atlassian reseller receives information about your account depend…
This provision establishes a broad data-sharing authorization that extends personal data collected by Audible to the full Amazon affiliate network, which includes advertising, retail, and cloud servi…
Cross-domain beacon transmission allows the service provider to construct comprehensive user activity profiles that span multiple digital properties, supporting targeted analytics, personalization, a…
Sharing behavioral data with advertising partners for cross-site tracking extends beyond operational service delivery and creates profiles that follow users across the web, which has significant priv…
The clause establishes the operational framework for data collection and third-party sharing practices on Auth0's websites. It permits the transfer of usage data to external partners whose systems an…
The provision establishes the operational scope of data sharing across the Bank of America corporate family, defining transaction and experience data as shareable for routine business functions. This…
The authorization of information sharing for joint marketing establishes operational parameters for how customer data may be distributed across financial institutions for coordinated marketing initia…
The clause establishes that certain disclosures occur outside the scope of customer privacy elections, grounding the bank's authority in statutory requirements (Gramm-Leach-Bliley Act) and standard b…
The clause establishes the operational framework for information sharing across the Bank's business operations and establishes that data practices are governed by a separate Privacy Notice document r…
The policy authorizes sharing of personal data with third-party analytics providers and use of personal data for marketing purposes; the specific third parties are identified separately in the Detail…
The clause establishes the operational framework by which BeReal may process and store user personal data across international borders while maintaining compliance with EU data protection requirement…
Your sensitive financial data may flow to multiple external organizations beyond Betterment itself, and a corporate transaction such as an acquisition could result in your data being transferred to a…
This provision establishes the operational framework through which Betterment discloses customer personal information to external vendors and service providers as part of normal business operations. …
The clause establishes a data sharing framework that permits Betterment to disclose user information to affiliated financial institutions for marketing purposes, expanding the circle of entities with…
Sharing personal and behavioral data with advertising and analytics partners may constitute 'selling' or 'sharing' under California's CPRA, which would require Binance.US to provide opt-out rights. U…
The clause establishes the operational framework for information sharing across the Binance.US corporate group and with external vendors necessary for service delivery. It specifies that affiliate an…
The clause establishes the scope of permitted data recipients beyond the primary entity, defining which categories of service providers and related entities may access user personal information in th…
The provision establishes the operational framework under which Binance.US may be required to produce user information in response to compulsory legal process and voluntary regulatory requests, defin…
A corporate transaction could result in your personal data being transferred to a new entity with different privacy practices, and the policy does not commit to notifying users before such a transfer…
This clause establishes the framework under which user data may change ownership or control during fundamental changes to Brex's corporate structure or operations. It clarifies that data transfer is …
This clause establishes the operational framework for data distribution across Brex's vendor and partner ecosystem. The provision designates categories of recipients and functional purposes for infor…
Sharing with financial institution partners means your data may flow to third-party banks and payment networks, expanding the number of entities that hold your sensitive financial information beyond …
This provision establishes the operational framework under which Bumble engages third-party processors and service providers as part of its standard business functions. The clause creates the contrac…
International data transfers are operationally necessary for the service to function across different regions, but create jurisdictional implications regarding data protection standards and regulator…
Data sharing with third-party service providers means your personal information, potentially including sensitive categories, reaches organizations beyond Bumble itself, and the adequacy of contractua…
This provision establishes the operational framework for data monetization and service analytics. It defines which categories of third parties receive access to user data and the purposes for which s…
Data shared with advertising networks can be used to build detailed behavioral profiles about you, and this sharing may persist even after you stop using Calendly.
The provision establishes the operational framework under which user information becomes transferable during corporate restructuring events. This defines the scope of authorized data transfers outsid…
In a corporate transaction, your personal data including sensitive wellness and mood data could be transferred to a new entity whose privacy practices you have not agreed to.
This practice means your contact information, which you provided to Calm for account purposes, may be used to track and target you with ads outside of Calm's own services.
The provision establishes the procedural framework for data continuity during corporate transactions, clarifying that user data constitutes a transferable asset subject to assignment alongside busine…
This provision establishes a disclosure mechanism between Calm and subscription payers, enabling third-party account sponsors to receive confirmation of user activation. This creates an operational c…
The clause establishes a data-sharing framework that enables cross-platform advertising measurement and targeting. This practice is operationally significant because it extends data use beyond Canva'…
The agreement authorizes use of de-identified data derived from user content without restriction, which may include data derived from proprietary designs or business content uploaded to the platform;…
This provision establishes the procedural framework governing cross-border data transfers under GDPR and equivalent data protection regimes. The use of standard contractual clauses creates a document…
The GLBA consumer privacy notice establishes the regulatory framework governing Cash App's handling of nonpublic personal financial information and defines the scope of permissible disclosures to aff…
Section V addresses ownership and licensing of data and content generated through use of the service, which is relevant to understanding what rights Block, Inc. asserts over user-submitted informatio…
The clause establishes an internal data sharing framework that permits cross-company information flow without explicit per-instance user consent, based on the stated purposes of service integration a…
While Cerebras disclaims ownership, the reservation of rights to remove content without obligation and the delegation of API prompt ownership to third-party terms means users have limited contractual…
A change in corporate ownership could result in your personal data, including chat histories and voice recordings, being transferred to and processed by a different company with different privacy pra…
This clause establishes the operational scope of data disclosure in corporate restructuring events, clarifying that user information constitutes a transferable asset subject to disclosure during due …
Personal data including behavioral and device information from an AI chat platform, where users may share sensitive or personal content, is being shared with third-party advertising networks for comm…
This clause establishes the operational framework under which the company may access and share user-generated content with law enforcement and other third parties. It creates four distinct categories…
The use of publicly available internet data for commercial AI model training has become a subject of regulatory and legal scrutiny, including questions about intellectual property rights and whether …
This clause establishes the operational basis for Chase's use of customer data in advertising targeting. It permits data sharing across multiple third parties to inform advertisement selection, which…
Your financial and personal data may flow across the entire JPMorgan Chase enterprise and to third-party service providers, which broadens the number of entities that may access your information beyo…
Chase's data profile on you may be enriched by information from credit bureaus, social media companies, and marketing data brokers, which can significantly expand the scope of information Chase holds…
This authorization establishes that personal data used for joint marketing activities is not subject to user-directed restrictions, meaning the data sharing occurs as a standard operational practice …
Your data could be transferred to an entirely different company with different privacy practices, and the transfer may occur during negotiations before any acquisition is complete, giving you no oppo…
Users who enter sensitive business information into ClickUp Brain should be aware that their inputs may be processed by external AI providers, which introduces additional data exposure considerations…
This clause establishes the operational framework for ClickUp's use of external vendors to support service delivery and business functions. The contractual requirement that sub-processors limit data …
This provision establishes the operational framework under which Cloudflare complies with government data disclosure obligations. The authorization for disclosure upon lawful request is a standard in…
This provision establishes the operational scope and governance framework for third-party data access within Cloudflare's service delivery model. The clause implements a principle of data minimizatio…
This provision authorizes disclosure of personal data to a defined category of third-party service providers and in corporate transaction contexts, which means your data may be accessible to multiple…
This provision establishes the operational framework for data transfers to external parties who support Cohere's service delivery and business functions. The authorization encompasses both service pr…
Sharing transaction data with blockchain analytics companies means that your crypto wallet addresses and transaction histories may be analyzed for compliance and risk purposes by specialized firms, c…
The clause establishes the operational framework for Coinbase's global data infrastructure and identifies the geographic locations where user personal information may be processed. By disclosing reli…
This clause establishes the procedural mechanism by which user data may transfer to a successor entity during corporate restructuring events, without requiring separate user consent at the time of tr…
This provision authorizes cross-site behavioral tracking and targeted advertising using your personal data, which may affect users who are not expecting their platform usage to feed into advertising …
This provision establishes the operational framework for data monetization and measurement activities. The authorization permits integration with external advertising and analytics systems, which aff…
This provision establishes a routine data disclosure to third-party Content Providers as a function of course enrollment, without requiring a separate opt-in at the time of enrollment. Compliance tea…
The clause establishes a data sharing mechanism between Coursera and Content Provider institutions as a operational requirement of course enrollment. It expands the set of entities with authorized ac…
This provision authorizes the use of cross-site tracking technologies and sharing of behavioral data with advertising and analytics partners, which may constitute a sale or sharing of personal inform…
The clause establishes the circumstances under which Craigslist is permitted to share user data with third parties, including law enforcement and government entities acting through formal legal proce…
Even without advertising-based data sharing, your personal data can reach third parties through legal processes or a corporate transaction, which are scenarios outside your direct control.
The provision establishes the operational mechanism by which user-generated prompts are transmitted to external inference providers and defines the retention scope for such data. It creates explicit …
This provision establishes the operational framework for Cursor's use of third-party service providers in delivering and maintaining the Service. It defines the scope of permissible data sharing and …
The clause establishes the operational scope for data processing infrastructure across multiple countries and specifies that data protection obligations apply consistently regardless of processing lo…
This provision discloses that three named third-party companies may access and temporarily store model inputs and outputs, which may include code snippets and prompts, when Privacy Mode is disabled.
The policy authorizes disclosure of personal data to a broad range of third-party categories, including model providers and analytics companies; the subprocessor list at trust.cursor.com/subprocessor…
This type of data sharing is what most privacy laws define as a 'sale' or 'sharing' triggering opt-out rights, meaning your online behavior may follow you across platforms unless you actively opt out.
This clause establishes the procedural framework for personal information transfer during business transitions, clarifying that data sharing in these contexts is permitted under the agreement and tha…
The policy authorizes sharing personal data with advertising and analytics partners, which may constitute a sale or sharing of personal information under CCPA and requires a valid lawful basis under …
The clause establishes the operational framework for cross-context behavioral advertising by authorizing both data sharing with external partners and the deployment of tracking mechanisms across mult…
This clause establishes the operational framework for data processing through external vendors. It specifies contractual safeguards that bind service providers to confidentiality obligations and limi…
Your personal data is not just used by Delta internally; it flows to third-party marketing partners, which broadens the number of companies that have access to your travel and contact information.
SkyMiles members accumulate a detailed longitudinal record of travel, spending, and partner activity in their accounts; this data is used for broad marketing purposes and shared with the extensive Sk…
This clause establishes the scope of permissible data sharing within Discord's operational framework, defining which categories of external service providers may access user information in the course…
The policy authorizes transfer of your personal data to third parties during corporate transactions, including during negotiation phases before any transaction is finalized, which means your data cou…
The policy authorizes disclosure of personal data to third-party service providers across a broad range of operational categories including marketing, without enumerating the specific providers or th…
The provision establishes the operational framework for Discord's advertising monetization model by defining which data categories flow to advertising partners and the conditions under which users ca…
Data collected when you watch Disney+ may be combined with information from your theme park visit, retail purchase, or call center interaction, building a detailed cross-context profile that can be u…
Sharing data across Disney's full family of companies, which includes ABC, ESPN, Hulu, Marvel, Lucasfilm, and others, means data collected in one context can be used in many others without requiring …
Your Disney account data, including what you watch, your demographics, and inferred interests, may follow you around the internet through targeted advertising on third-party platforms unless you acti…
This clause establishes the operational framework for DocuSign's use of external vendors to deliver platform services. It creates a contractual requirement that third-party processors limit data use …
This provision establishes the conditions under which DocuSign may share user personal information with government and law enforcement entities without user consent. It defines DocuSign's disclosure …
The provision establishes DocuSign's operational basis for international data movement by reference to an EU-approved legal mechanism. SCCs create contractual obligations between data exporter and im…
The provision establishes a distinction between data practices on marketing websites versus core product platforms. It delineates the scope of third-party advertising technology deployment and clarif…
Your personal data, including account details and potentially document metadata, can be transferred to third parties for business operations and in corporate transactions, which may expose your infor…
This provision establishes the operational mechanism by which transaction-essential data flows to third parties involved in order fulfillment. It clarifies that DoorDash's data sharing obligations ex…
The clause establishes a data-sharing practice with external advertising entities and acknowledges regulatory classification of this sharing under state privacy frameworks. This operational practice …
The provision establishes the operational basis for Dropbox's international data transfers by specifying the legal mechanisms that govern how personal data flows from European jurisdictions to other …
Your personal data, and potentially information about your usage patterns and stored content metadata, moves to third parties beyond Dropbox itself, which expands the surface area of who holds and ca…
The clause establishes the operational framework under which Dropbox may unilaterally determine when user information disclosure serves lawful or protective purposes, including responses to governmen…
The prohibition on using D&B data in connection with individual credit, employment, or insurance applications reflects FCRA restrictions on consumer reporting; users who misuse D&B data for these pur…
Your authentication and account data could be transferred to a new company entirely if Cisco or Duo is acquired, and it is routinely shared with resellers and partners who may have their own privacy …
The clause establishes the operational framework for data distribution across Cisco's service ecosystem, including service providers and marketing partners. It creates contractual obligations for thi…
This provision establishes the operational scope of data sharing for advertising purposes and specifies the technical mechanisms through which third-party partners collect behavioral information. The…
The clause establishes the scope of data sharing permitted under the privacy policy by identifying categories of recipients (vendors, service providers, affiliates) and specifying functional purposes…
A corporate transaction could result in your entire EA data history, including gameplay, purchase history, and communications records, being transferred to a new company with different privacy practi…
This provision establishes the operational framework for information continuity during corporate transactions, clarifying that user data may transfer to successor entities or acquirers while conditio…
Enabling Cross-Play shares your gaming identity with platforms beyond the one you are playing on, and those platforms' own privacy practices apply to the data they receive, which may differ from EA's…
Cross-platform identity integration enables EA to maintain unified user profiles and gameplay records across its service ecosystem, facilitating account portability and consistent user experience man…
This cross-platform advertising data sharing means your gaming behavior with EA can follow you across the internet in the form of targeted advertising, and your data enters third-party advertising ne…
The clause establishes the operational framework for personal data handling during corporate transactions, specifying that data transfers are permitted as business assets while imposing a notice requ…
This provision means that user data, including voice recordings and audio content, may be transferred to a third party in a corporate acquisition without requiring individual user consent, subject to…
This provision authorizes the transfer of all collected personal data, including voice recordings and account information, to successor entities in corporate transactions without requiring separate u…
Sharing personal data with advertising and analytics partners may constitute a sale or sharing of personal information under CCPA, triggering opt-out rights for California residents, and requires val…
This clause establishes the procedural framework for personal data continuity during corporate transactions, clarifying that personal information transfers as part of business operations while requir…
A change of ownership could result in your voice data and personal information being controlled by a company with different privacy practices, and users may have limited ability to prevent this trans…
This provision authorizes data flows to advertising and analytics third parties, which may trigger GDPR data processing agreement requirements, CCPA opt-out rights for sale or sharing of personal inf…
Sharing data with partners for their own marketing purposes goes beyond operational service delivery and may constitute a 'sale' or 'sharing' of personal information under CCPA/CPRA, triggering opt-o…
The provision establishes the operational mechanism by which Eventbrite handles cross-border data flows as a global service provider. It delineates that transfers may occur to jurisdictions with vary…
This provision establishes the operational framework for data sharing with external vendors as part of the service's analytics and advertising infrastructure. The authorization encompasses both direc…
The provision establishes the operational framework for continuous data collection across the Eventbrite platform through automated tracking technologies. This collection mechanism applies to all use…
The clause establishes the operational framework under which user personal information may transfer to a successor entity during corporate restructuring events. This provision defines the scope of pe…
The clause establishes a procedural framework for information transfer during corporate structural changes or financial distress events. It clarifies that personal data may be transferred as part of …
The clause establishes multiple pathways for data disclosure to third parties without requiring advance notice in all categories. The provision distinguishes between disclosures requiring consent (bu…
The clause establishes the operational scope of data sharing beyond Figma's direct control, specifying that personal data may be distributed to external entities in the service delivery chain and to …
The provision establishes Figma's operational practice of permitting advertising partners direct access to user activity data for interest-based advertising purposes. This mechanism enables cross-web…
This provision establishes the scope of third-party access to user personal information within Figma's operational framework. The clause identifies both service provider categories (vendors performin…
If Figma is acquired or merges with another company, your personal data and design content could be transferred to the new entity, which may have different privacy practices.
The clause establishes that user information may be disclosed to or assumed by successor entities during corporate restructuring events, creating a mechanism for data transfer outside the ordinary co…
The breadth of third-party sharing, including with advertising partners, means your usage data and potentially other personal information may flow to companies outside Figma's direct control, with im…
The clause establishes the conditions under which the company may share user data with legal and governmental entities, defining a compliance obligation that operates independently of user consent or…
The provision establishes Fitbit's operational framework for cross-border data transfers and explicitly discloses the potential variance in legal protections across jurisdictions. This disclosure add…
Being subject to two overlapping sets of terms means Google's data practices, dispute resolution mechanisms, and policies also govern your Fitbit use, which may expand the scope of data sharing beyon…
Your health and fitness data may be processed by multiple third-party service providers under contract with Fitbit, expanding the number of entities that have technical access to sensitive informatio…
This clause establishes the operational framework for secondary use of health data within Fitbit's research ecosystem. It conditions data sharing on affirmative opt-in to specific research programs r…
This clause defines the operational framework for data sharing beyond Fitbit's direct control. It establishes that data transfers to third parties occur pursuant to user authorization and places resp…
This clause establishes the operational framework for cross-border data handling and specifies the legal mechanisms Fiverr uses to comply with data protection requirements when transferring personal …
A change in ownership could mean your data ends up with a company that has different privacy practices, and you may not have a practical way to prevent this transfer.
The clause establishes the operational framework for data handling across the company's service delivery ecosystem. It defines the category of recipients (third-party vendors performing designated fu…
Your data is not limited to Fly.io's own systems; it flows to multiple third-party vendors, each of which has its own data practices and security posture.
This provision establishes that personal information, including contact details, vehicle data, and purchase history, may be shared with Ford's dealer network for both operational and marketing purpos…
Sharing personal data with dealers and marketing partners means your information may be used for targeted advertising and dealer outreach beyond what you might expect from a direct relationship with …
The provision establishes the technical and operational basis for data collection infrastructure integrated into site operations. This authorization enables both direct analytics collection by Garmin…
Sharing personal data including health and location data with third-party service providers and business partners expands the number of entities who hold your information and introduces additional ri…
The provision establishes the operational framework for data sharing beyond Garmin's direct control, designating third parties as data processors bound by contractual obligations rather than direct p…
Sharing personal data with advertising partners means your activity on Gemini may be used to build advertising profiles, and depending on your jurisdiction, you may have rights to opt out of this.
This clause establishes the operational framework under which personal data becomes transferable as a component of corporate asset sales or restructuring events. The provision permits continuity of d…
Sharing data with hundreds of independent dealers and affiliates multiplies the number of organizations that hold your personal information and may contact you for marketing, with limited ability to …
This authorization establishes the operational framework under which GM discloses user data to external advertising and analytics partners. The provision defines the categories of third parties who m…
This provision establishes the operational framework for GitHub's use of third parties in service delivery and marketing functions, creating contractual obligations on service providers while authori…
The provision expands the scope of data processors beyond GitHub to include the broader Microsoft corporate structure, requiring users to understand data handling practices across multiple affiliated…
This provision establishes the operational framework for GitHub's use of third-party service providers in its technology infrastructure. The contractual restriction mechanism described creates a form…
The clause creates a data-sharing relationship between GitHub and the broader Microsoft corporate group, meaning user data collected by GitHub becomes subject to Microsoft's independent privacy pract…
The provision establishes the operational framework under which GitHub processes personal data across jurisdictions with varying legal protections. The use of Standard Contractual Clauses represents …
The clause establishes a data sharing mechanism within the Microsoft corporate family and clarifies the legal framework governing that sharing. This is operationally significant because it defines th…
Cross-affiliate data sharing between Glassdoor and Indeed means that your job search behavior, profile, and contributions on one platform may be linked to your activity on the other, potentially with…
This provision establishes that Customer Data processed through Google Analytics may be used by Google to improve its own services and in connection with advertising services, which creates a direct …
This establishes Google's operational commitment to integrate privacy considerations throughout the AI development lifecycle rather than as an afterthought, and commits the entity to transparency and…
While Google states that third-party service providers must comply with its privacy policy and security requirements, the breadth of affiliated entities and the use of sub-processors may result in pe…
The clause allocates responsibility for data handling between Google and extension providers by limiting Google's accountability for third-party privacy practices while establishing that users' data …
This provision establishes that conversation data and associated user information collected through Gemini may be shared with Google's affiliated entities and external service providers, with the ful…
The clause operationalizes data processing across multiple linked services by establishing that conversation data may be processed according to multiple applicable terms simultaneously, rather than s…
This clause allocates data governance responsibility by establishing that Google does not control or govern how third-party service providers handle data transmitted through Gemini Apps. It creates a…
The clause creates a differential data retention framework based on user age, establishing default retention periods and limiting modification options for minor users. This affects the scope and dura…
This clause defines the operational scope of third-party data sharing by establishing a general prohibition on marketing-related sharing while creating carve-outs for law enforcement, security, and l…
This provision establishes the data-sharing mechanism that enables third-party transactions to process through Google Pay. The authorization addresses operational necessity: third parties require pay…
Your payment details and personal account information stored in Google Pay are passed to external merchants, and once shared, Google has no further responsibility for how those merchants handle the d…
The clause establishes the operational scope of data sharing within Grammarly's service delivery and marketing functions, specifying that user information flows to external parties who provide analyt…
Your account information and usage data may reach a range of third parties beyond Grammarly itself, including companies involved in analytics, hosting, marketing, and business partnerships, expanding…
In a corporate transaction, your data could move to a new owner whose privacy practices may differ from Grammarly's, and the policy does not guarantee that the new entity will honor the same commitme…
The provision discloses the jurisdictional scope of data transfers and establishes notice that the legal and regulatory framework governing data protection in receiving jurisdictions may not be equiv…
This clause establishes the scope of third-party data recipients within Groq's operational framework. It defines categories of entities with authorized access to user information as part of standard …
This sharing arrangement means your Grubhub activity can influence ads you see on completely unrelated websites and apps, and third-party partners may retain and use your data under their own separat…
Campus users, who may include college students, are subject to a distinct data sharing arrangement with campus-specific food service operators that goes beyond what standard users experience, and the…
Your most sensitive data, including payroll figures and bank account details, flows to multiple third parties, expanding the number of entities that hold and could potentially expose your information.
This license covers highly sensitive data including employee Social Security numbers, bank account details, compensation, and personal information, and the scope of permitted use for service improvem…
The clause establishes the operational framework under which user data may be transferred between entities during corporate restructuring events. This affects the continuity and control of personal i…
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borde…
This provision establishes the operational framework through which Hinge facilitates data sharing with advertising partners for behavioral profiling and audience targeting. The hashing mechanism desc…
The provision establishes the procedural basis for international data movement and identifies the contractual safeguard mechanism (SCCs) that governs these transfers. This clarifies how Hinge operati…
A ban or suspension on any Match Group platform can effectively remove your access to Hinge without any action taken directly on Hinge, and the policy also permits receipt of bad actor information fr…
Sharing personal data with advertising partners for behavioral targeting is one of the broadest and most commercially significant data uses in this policy, directly affecting what ads you see across …
The clause establishes the operational scope of data recipients beyond Hugging Face itself, defining which categories of external parties may access user information in the course of service delivery…
The provision establishes the operational framework for third-party data sharing while imposing a use limitation on external parties. This defines the boundary conditions under which personal data ma…
The policy authorizes sharing user data with third-party service providers but does not enumerate the specific categories of providers, the data types shared with each, or the contractual safeguards …
International data transfer provisions are operationally significant because they define how personal data moves across regulatory boundaries and what protections apply during transit and storage. Th…
This provision authorizes transfer of personal data to successor entities in a corporate transaction, which may result in users' data being held and processed by a new company operating under differe…
The clause establishes the scope of permissible data recipients beyond the Company itself, extending to corporate affiliates and successor entities in M&A events. This directly affects the universe o…
Consent to cross-service payment data sharing means your financial information may be used across a broad portfolio of Disney-owned services, expanding the scope of payment data use beyond your initi…
The clause establishes the operational scope under which personal data may transfer between entities during corporate transactions. This provision clarifies that personal information is treated as a …
Sharing personal data with multiple third-party service providers expands the surface area for data exposure and creates downstream privacy risks that users cannot directly control.
The clause establishes the operational scope of data sharing necessary to deliver platform services and support business functions. It delineates categories of service providers who may access person…
The clause establishes the operational framework for data processing through external vendors and specifies that contractual restrictions govern how those vendors may handle shared personal informati…
Your data may flow to multiple third-party vendors beyond Inflection AI itself, and while the policy asserts use limitations, you have limited direct visibility into or control over those downstream …
This provision establishes the operational framework for data transfers to external vendors. By specifying authorized use categories and imposing use limitations on service providers, the clause defi…
The explicit statement that Jasper will not use your inputs for model training without separate consent is a user-protective provision that distinguishes Jasper's stated practice from some other AI p…
The use of third-party analytics and service providers means user data travels beyond Khan Academy's own systems, and the strength of protection depends on the contractual terms and technical control…
Your financial information is processed by a third party, and understanding how both Kick and Stripe handle that data is important for assessing your financial privacy risk.
Advertising integrations can result in your viewing habits, device identifiers, and behavioral data being used for targeted advertising across the web, not just on Kick.
When your data is transferred from the EU or UK to the US, it must be protected by a legal mechanism such as Standard Contractual Clauses; without this, the transfer may not comply with GDPR.
Data sharing with retail merchants is operationally necessary for Klarna to execute its core payment service function. The provision establishes the institutional basis for transmitting transaction a…
The policy authorizes sharing personal information including identifiers, usage data, and potentially AI trace data with advertising and analytics partners, which may implicate opt-out rights under C…
This provision establishes the operational framework for Ledger's data-sharing practices with external vendors. It defines the scope of permissible third-party access and establishes contractual rest…
Sharing identity and purchase data with multiple third parties increases the number of organizations that hold sensitive information linking you to a cryptocurrency hardware wallet purchase.
The operational significance is that transaction data visibility occurs by design of the blockchain system rather than through Ledger's data collection or sharing practices. This distinguishes betwee…
Broad third-party data sharing means your personal information, usage patterns, and potentially your creative inputs may flow to organizations beyond Leonardo AI, reducing your control over how your …
Your usage data, device identifiers, and potentially location data are shared with advertising networks that can combine this information with data from other sources to build detailed profiles used …
This provision defines the scope of content distribution the platform enables and clarifies that visibility controls operate on an opt-in basis where the service has configured such settings. It esta…
This provision authorizes personal data flows to Microsoft and other affiliated entities, which means data collected on LinkedIn may be accessible to and used by Microsoft's broader corporate infrast…
While the policy limits direct named data sharing with advertisers, it acknowledges that ad providers can identify users through technical mechanisms such as cookies when ads are viewed or clicked, w…
The agreement's affiliate definition explicitly encompasses Microsoft Corporation and its subsidiaries including GitHub, meaning member personal data and professional activity data may be shared with…
The definition of affiliates determines which entities are authorized to access user data under LinkedIn's data sharing policies. Including Microsoft and its subsidiaries as affiliates expands the co…
The clause establishes a broad data-sharing framework that extends user information across LinkedIn's affiliate network and to external business partners, expanding the number of entities with access…
The clause establishes the operational scope of permitted data sharing across the Loom service ecosystem, defining categories of recipients (service providers, resellers, sales partners) who may acce…
Data shared with third-party sub-processors leaves Atlassian's direct control and creates a chain of data handling obligations that may be difficult for individual users to trace or audit.
This clause establishes a broad authorization framework for information sharing with third parties without requiring advance notice or user consent for each disclosure. The operational significance d…
Even if your individual personal data is deleted, Luma retains ownership of the aggregated and usage data derived from your activity and the analytical insights generated from it, which can be used t…
The provision establishes the operational framework under which user data may be transferred between corporate entities during structural business events. This defines the scope of data portability t…
This provision establishes the operational mechanism by which user activity data is transmitted to third-party analytics infrastructure. The authorization extends data collection across multiple digi…
Your personal data could end up under the control of a different company with different privacy practices, potentially without prior notice or the opportunity to opt out.
The provision establishes Lyft's authority to process and utilize background check and identity verification data as a standard operational practice. This authorization enables Lyft to conduct safety…
This provision permits your Lyft usage data, which includes trip history and location, to be combined with data from other sources by advertising partners to build profiles used to target you with ad…
Cross-border data transfer provisions establish the operational scope of data flows and define which legal frameworks govern data protection once information leaves the user's home jurisdiction. This…
The clause establishes a data-sharing arrangement between Lyft and a third-party labor organization as a condition or mechanism for delivering driver benefits. This creates an operational linkage bet…
Because McDonald's franchisees are independent business operators rather than direct McDonald's employees, data shared with them may be subject to different privacy practices and accountability struc…
Sharing personal data with third-party advertising networks means your behavior on McDonald's platforms may contribute to a broader cross-site advertising profile maintained by those third parties.
Your reading habits, account details, and behavioral data may be processed by companies you have not directly interacted with and whose own privacy practices you may not have reviewed.
A corporate transaction could result in your personal data being controlled by a different company with different privacy practices, and this policy gives you no opt-out right in that scenario.
Data sharing with third parties for marketing purposes goes beyond what is strictly necessary to provide banking services, which means your financial data may be used in ways unrelated to your Mercur…
This provision grants Meta access to developer systems, records, and personnel during an audit, which has significant operational and confidentiality implications for developers maintaining proprieta…
This provision establishes that platform data obtained through Facebook APIs may not be monetized through secondary data markets, restricting the downstream commercial use of user identifiers, social…
These requirements establish the operational basis for account verification and user accountability within the platform. The provision links identity authenticity to community safety and enforcement …
This provision establishes a use-limitation principle that confines the permissible scope of platform data use to the application context in which it was obtained, restricting cross-context behaviora…
This provision defines the permitted scope of automated data access, which affects how developers can build data-intensive applications and limits the types of integrations that are permissible witho…
This clause establishes the operational framework under which Meta may access and transfer user data outside normal service operations in response to formal legal process, emergency situations, polic…
Advertisers should understand that a single set of standards governs placements across multiple platforms and third-party surfaces, meaning a policy violation can affect ad delivery across all of the…
Affiliate sharing means your data can move across multiple Consensys products and business lines without your specific consent for each transfer, potentially exposing your financial activity data to …
A corporate transaction could result in your wallet activity data, IP address history, and other personal information being acquired by an entity with entirely different privacy practices, and you ma…
This provision establishes a contractual data processing relationship where Microsoft's privacy obligations are defined by the enterprise customer's agreement rather than Microsoft's public privacy s…
The Standard Contractual Clauses establish contractual safeguards that enable lawful international data transfers while maintaining compliance with EEA data protection requirements, particularly foll…
This provision establishes the operational framework governing where and how Microsoft processes user data globally. It specifies the legal mechanisms Microsoft employs to address jurisdictional data…
The provision establishes the operational framework for data subject rights and specifies the tools and mechanisms through which users exercise those rights. It also delineates the scope of those rig…
The statement identifies multiple categories of third parties with whom personal data may be shared, including affiliates, service vendors, and parties in legal or corporate transaction contexts, whi…
The provision operationalizes a differentiated data sharing model where certain categories of user interaction data are routinely transmitted to third-party advertising partners to enable ad delivery…
The clause establishes multiple pathways for data disclosure beyond the user's direct transaction, including sharing with corporate affiliates, service providers, and law enforcement or legal process…
The clause establishes the geographic scope and legal mechanisms governing where user personal data may be processed. By referencing specific regulatory frameworks (DPF and SCCs), the provision defin…
The provision sets operational expectations for AI development practices within the entity's framework, establishing that privacy protection and security are foundational design requirements rather t…
The clause establishes Microsoft's authority to share user data with government and law enforcement entities based on multiple operational justifications, including legal compliance and internal secu…
AI services like Azure OpenAI and Copilot may carry distinct terms governing data use for model training, output ownership, acceptable use, and liability for AI-generated content that differ from sta…
This clause establishes the operational framework for cross-product data consolidation within the Microsoft ecosystem. It creates a mechanism by which data fragmented across separate services and ext…
The policy authorizes sharing personal information with service providers, business partners, and payment processors, and permits data transfer in the event of a business acquisition; the categories …
The clause establishes that inferred personal attributes—derived rather than directly observed—constitute permissible data categories under the privacy policy. This expands the scope of collectible d…
The clause establishes the operational scope of data disclosure beyond Midjourney's direct control, specifying categories of recipients and their functional purposes. This authorization defines how u…
The provision establishes the operational scope of data sharing to support service functionality and business analytics. It specifies that third parties receive personal information as part of the st…
The classification of uploaded images as sensory data establishes the legal category under which these materials are processed and governed within Midjourney's data handling procedures. This categori…
This provision establishes that personal data constitutes a transferable asset in corporate restructuring events. The authorization applies both during negotiation periods and upon transaction comple…
This provision establishes the operational framework under which Midjourney may share user information with government entities and law enforcement without prior user notification. The clause creates…
The clause establishes the operational framework governing law enforcement data access, specifying both the conditions under which disclosure occurs and the company's procedural obligations to notify…
The clause establishes the operational framework for data distribution across Microsoft's corporate structure and external service providers, expanding data access beyond the primary service provider…
The clause establishes the operational framework for data sharing beyond Miro's direct control, defining which categories of external entities may receive user data and the contractual protections (c…
Subprocessors have access to your data to help deliver Miro's services, and changes to the subprocessors list can affect where and how your data is processed, including in jurisdictions outside the E…
The incorporation of SCC Module 4 by reference upon DPA acceptance provides a recognized GDPR transfer mechanism, but fixes French law as the governing law and French courts as the dispute forum, whi…
Commercial customers must comply with multiple overlapping agreements, and the Data Processing Addendum is particularly significant for GDPR compliance, as it governs Mistral's obligations as a data …
The agreement establishes a structured framework for EU customers to exercise data portability and deletion rights under the EU Data Act, including defined notice periods, transitional support obliga…
The 10-day objection window is short for enterprise procurement cycles, and the remedy for an unresolved objection rests with Mistral AI, which retains the right to terminate the agreement rather tha…
Connecting third-party services, including MCP servers, means your data may flow to systems Mistral AI does not control and for which it accepts no liability. Users should carefully evaluate the priv…
The agreement asserts that usage-derived data is Mistral AI's sole property, meaning customers have no ownership or retrieval rights over this data category, and it is explicitly excluded from defini…
This provision authorizes Mixpanel to derive value from data collected across all customer deployments by removing identifying information and using the resulting aggregate data for its own product d…
This clause establishes the procedural framework for data continuity during corporate transactions. It specifies that notification and disclosure of user options are required conditions when ownershi…
This provision authorizes disclosure of personal data to advertising and analytics third parties, which may result in your behavioral data being used to inform targeted advertising outside of Mixpane…
The clause establishes the operational scope of data sharing within Mixpanel's service delivery architecture and defines the circumstances under which data disclosure occurs outside the direct servic…
The clause establishes the operational framework for Mixpanel's cross-border data transfers and specifies the contractual mechanism used to satisfy data protection requirements under EU, UK, and Swis…
The clause establishes the operational framework through which personal data flows to external service providers across multiple functional categories. This structure defines the scope of authorized …
Sharing personal data with advertising partners means your usage information and identifiers may be used to build advertising profiles, which goes beyond the core purpose of using a work management t…
The policy authorizes sharing of personal data with data brokers and advertising networks, which may result in your information being used or combined with other data sets beyond NVIDIA's direct cont…
The clause establishes the operational scope of Netflix's data-sharing practices across a broad set of business functions and external parties. This authorization structures how Netflix manages perso…
The clause establishes a mechanism for users to identify which Netflix entity controls their personal data, which is operationally significant for data protection compliance in jurisdictions that req…
This clause defines the scope of data collection that occurs through Netflix's technical infrastructure and establishes the baseline personal information the service provider gathers to operate the p…
The provision establishes operational criteria under which Nextdoor may unilaterally disclose user information without prior notice or consent, based on the company's good faith assessment of legal n…
Sharing with business partners for marketing purposes goes beyond operational necessity and means your data may be used by companies outside Nintendo's direct control to market products to you.
The provision establishes the operational scope of data recipient categories and the purposes for which data disclosure occurs. This defines the set of entities that gain access to user information t…
The default opt-in structure means your data is shared with advertising partners unless you actively change your settings; this sharing may qualify as a 'sale' or 'sharing' of personal information un…
This clause establishes the operational framework under which Nintendo engages third-party service providers for data collection and advertising delivery. The provision specifies that data sharing oc…
Sharing health-related data with advertising partners for ad targeting is a sensitive practice that may not align with user expectations when signing up for a health app.
Developers building integrations with Notion are subject to separate terms that may impose restrictions on data access, storage, and use of content retrieved via the API, which affects both the devel…
The provision establishes the legal framework under which Notion processes personal data across jurisdictions with differing data protection standards. Standard Contractual Clauses create contractual…
The provision operationalizes Notion's role as a data processor under GDPR, establishing the infrastructure by which personal data is handled and transmitted across the service infrastructure. This f…
The policy authorizes sharing personal information including usage data and identifiers with advertising and analytics partners, which combined with the tracking technologies observable in the page s…
The authorization establishes a data-sharing framework that enables Notion to transmit identifiable user activity patterns to external advertising platforms, which use this information for audience t…
This provision establishes the scope of third-party access to personal information beyond OneLogin's direct control. It operationally permits OneLogin to distribute user contact information to partne…
Data enrichment from third-party sources, including data brokers, means One Identity may build a more detailed profile of you than what you directly provided, which can affect how you are targeted fo…
Data sharing with business partners for promotions goes beyond what most users expect from an identity management vendor and may result in your contact information being used for third-party marketin…
Payment processing requires transmission of payment data to external service providers who handle transaction settlement and fund transfers. This clause establishes the contractual basis for such dat…
The clause establishes the operational scope of data sharing across OpenAI's corporate structure and service delivery ecosystem. It defines categories of recipients who may access personal data as pa…
GDPR Article 28 requires processors to obtain controller authorization before engaging sub-processors and to impose equivalent data protection obligations on them. The sub-processor notification mech…
The clause establishes the jurisdictional framework and legal mechanism for international data flows, clarifying that personal data collected from non-U.S. users will be subject to U.S. law and proce…
The clause establishes the operational scope of data disclosure by specifying categories of recipients and purposes for which Personal Data may be shared. This defines the third-party ecosystem with …
This provision operates as a general authorization for sub-processor changes, meaning operators are deemed to consent unless they actively object within the specified window. Operators who do not mon…
This clause establishes the operational framework governing Personal Data disposition during fundamental corporate restructuring events. It creates a mechanism by which user data may be transferred t…
This provision addresses data continuity in corporate restructuring scenarios. It establishes the operational framework by which user information follows the business entity or assets during ownershi…
The provision defines the operational framework under which OpenAI handles mandatory disclosure requests and establishes the company's authority to share user information without explicit consent whe…
The incorporation of EU SCCs provides the legal mechanism required under EU data protection law to authorize and structure cross-border data transfers to third countries. This framework establishes c…
The clause establishes OpenAI's authority to share user personal data with external parties in specified circumstances without prior user notification or consent, creating an operational framework fo…
This clause establishes the operational scope of data sharing beyond OpenAI's direct control, defining circumstances under which user data flows to external parties involved in service delivery, corp…
This provision authorizes disclosure of behavioral and device data to third parties for advertising and analytics purposes, which engages GDPR lawful basis requirements for EEA users and CCPA opt-out…
Sharing personal data including wallet addresses and browsing behavior with advertising and analytics partners may constitute 'sharing' under CCPA and could support targeted advertising profiles buil…
The provision establishes the scope of data recipients beyond OpenSea's direct operations and specifies authorized uses of shared personal information. It defines a standard practice whereby user dat…
This provision reserves the right to transfer all collected personal data to a third party in the event of a corporate transaction, which may result in user data being governed by a different privacy…
The clause establishes a peer-to-peer data sharing mechanism within the platform that operates only upon explicit opt-in consent, and provides users with the ability to modify or withdraw sharing per…
Connecting Oura to third-party health platforms extends the reach of your sensitive health data to those platforms' own privacy and data use policies, which may differ materially from Oura's policy.
The provision establishes the procedural framework governing data flows to third-party services, clarifying that data sharing occurs on a consent-and-integration basis rather than by default, and tha…
This provision establishes the operational framework for data flows beyond Paramount+ to support service delivery. The authorization defines which categories of entities may receive user data and cla…
The collection of financial and tax data enables Patreon to process creator payments, satisfy tax reporting obligations under applicable law, and maintain records required for financial audit and reg…
This clause establishes the operational framework under which PayPal may share user information with governmental and regulatory authorities without prior user consent. The provision specifies circum…
The clause creates an operational framework for contact data processing and establishes a contractual certification requirement. The user's certification of third-party permission authorization place…
The clause establishes PayPal's authority to respond to legal demands and regulatory obligations by disclosing user information without prior notice. This reflects standard operational requirements f…
The provision establishes the operational framework for data disclosure across PayPal's ecosystem, identifying data brokers and credit reporting agencies as authorized recipients alongside traditiona…
The clause establishes the operational basis for data sharing between PayPal and partner financial institutions in connection with co-branded or jointly-offered financial products. This sharing occur…
Users who interacted with brands now under Versant may not have anticipated that their data would continue to flow between the two companies after the separation, creating ongoing data sharing that m…
This clause means your data could end up controlled by a company with different privacy practices without requiring your consent, and the transfer may occur even during diligence before a deal is fin…
This clause establishes the operational scope of data sharing within the NBCUniversal corporate group and with designated former affiliates. It creates a mechanism for personal information to flow ac…
This provision establishes the operational framework for cross-border data flows, which is significant because it defines how personal information is handled across Peloton's global infrastructure an…
Your usage data, device identifiers, and interaction history may flow to third-party analytics and advertising platforms, expanding the number of entities that hold information about your behavior.
This provision authorizes sharing of personal data with advertising partners, which constitutes a sale or sharing of personal information under CCPA for California residents and requires a valid lawf…
While the data is described as de-identified and aggregated, enterprise customers should understand that usage patterns from their organization may contribute to Perplexity's AI model training and pr…
Subprocessors are downstream vendors who also access or process personal data. The terms governing how and when customers are notified of new subprocessors affect whether businesses can maintain adeq…
The incorporation of EU SCCs (Implementing Decision 2021/914) and the ICO UK Addendum provides the legal transfer mechanism for cross-border data flows from the EU, UK, and Switzerland to Pinecone's …
This provision authorizes cross-site behavioral tracking by third-party advertisers, meaning information about your browsing habits may be collected and used by companies other than Pinecone to targe…
This clause limits Customer's contractual remedies on subprocessor disputes to termination with prepaid refund, foreclosing other remedies such as damages or injunctive relief. The 15-day objection w…
The clause establishes the geographic scope of data processing operations and creates a jurisdictional framework for where user information may be stored and accessed. For users in regulated regions,…
This clause defines the scope of data sharing practices and establishes distinctions between commercial data sales (which the policy excludes) and data sharing for operational, legal compliance, and …
This clause establishes the conditions under which Pinterest may disclose personal information outside the normal data handling framework, including to government entities and in corporate transactio…
Once your financial data is shared with a developer application, Plaid's privacy policy no longer governs it, meaning the protections you receive depend on the privacy practices of each individual ap…
Your detailed financial transaction data flows to third-party app developers under their own separate privacy policies, which may permit uses of that data that Plaid's policy does not address.
Your usage data, identifiers, and behavioral inferences from the PlanetScale platform may be used to target you with advertising on completely separate third-party platforms, which many users would n…
The clause establishes the operational scope of automatic data collection mechanisms, specifying that collection occurs across multiple data categories and involves third-party service providers and …
This provision authorizes disclosure of personal information to advertising partners for targeted advertising purposes, which under CCPA and CPRA may constitute a 'sale' or 'sharing' of personal data…
This provision establishes the operational framework under which user data becomes transferable property in corporate restructuring events. It clarifies that data obligations and access rights may pa…
This clause establishes the scope of internal data sharing within a corporate group structure. It defines which entities within an affiliated corporate structure may receive user data and sets usage …
The clause establishes Progressive's baseline authority to conduct third-party data sharing under the Gramm-Leach-Bliley Act framework while creating an explicit procedural pathway for customers to l…
Your name, contact details, and potentially insurance-related information could be passed to outside marketing partners unless you affirmatively opt out, which many consumers may not know to do.
The policy asserts that aggregated or de-identified data falls outside normal privacy protections, but the robustness of de-identification is not independently verified in the policy text, and re-ide…
The breadth of permitted sharing, which includes marketing assistance providers and unspecified affiliates, means your sensitive financial data may reach organizations beyond Public's direct control,…
Your API usage data, which may reveal details about your application's architecture, business logic, and user behavior, can be disclosed to third-party API providers, potentially without your explici…
This clause establishes the operational procedure by which personal information may change hands during corporate restructuring events. It creates a notification requirement and acknowledges potentia…
This provision operationalizes Reddit's data infrastructure by authorizing cross-border data transfers and establishing the jurisdictional scope of data handling. The clause addresses the operational…
This clause establishes the scope and authorization for telecommunications marketing under the agreement. It clarifies that consent granted to Redfin extends to its designated partners and affiliates…
The clause establishes the operational framework for cross-platform data integration and enables Redfin to leverage third-party authentication data to personalize user experience while authorizing on…
A business acquisition or asset sale could transfer your personal data to a new company outside of your control, and the policy does not impose explicit confidentiality obligations on prospective buy…
By defining Resultant Data as outside the scope of Customer Data, Replicate asserts the right to use anonymized usage information without restriction, which could include data derived from your input…
The clause establishes the institutional framework under which personal information moves beyond Replit's direct control to external service providers. This allocation of data access is a standard op…
This clause establishes the framework for data disclosure to sub-processors and service providers. It defines the permissible categories of recipients and contractually obligates those recipients to …
The clause establishes the operational framework for international data processing, permitting cross-border transfers while establishing that Replit maintains responsibility for protection standards …
The clause establishes the operational framework for data flows across the Revolut group structure and to external entities necessary for service delivery, regulatory compliance, and fraud management…
By incorporating multiple documents by reference, this clause creates a unified contractual framework where obligations, restrictions, and disclosures are distributed across several documents rather …
The breadth of sharing categories means your financial, identity, and behavioral data may flow to many organizations beyond Revolut itself, some of which you may not have a direct relationship with.
Your personal data flows to multiple third-party organisations including credit reference agencies, which can affect your credit profile at other institutions, and to counterparties in your transacti…
As an Amazon subsidiary, Ring operates within Amazon's data ecosystem, meaning your video footage, usage data, and personal information may be accessible to or processed by Amazon, with implications …
The provision establishes the operational scope of data sharing for advertising purposes, specifying both the categories of recipients (advertising networks, social media platforms, advertising techn…
Your in-game behavior and device profile are being used to build an advertising profile shared with external partners, which extends data use beyond what many players would expect from a gaming accou…
Data shared in connection with a business transaction such as a merger or acquisition may reach new parties under different privacy frameworks, and users typically have limited ability to prevent thi…
Sharing of personal information with advertising networks for cross-context behavioral advertising constitutes a form of data sharing that triggers CPRA opt-out rights for California residents and ma…
The clause establishes a data-sharing framework across multiple affiliated operating entities within the Robinhood corporate structure, enabling coordinated service delivery and operational functions…
The clause establishes the operational scope of data sharing permitted under the agreement, specifying that disclosures may extend beyond Robinhood's direct operations to external financial entities …
Data collection and sharing practices establish the operational framework for how Robinhood processes user information to support margin account administration, compliance monitoring, and business op…
The provision establishes the operational framework for third-party data sharing in service of advertising functionality. It conditions the sharing practice on user notification and the availability …
This provision establishes the conditions under which Robinhood may unilaterally disclose user data to government entities and third parties without prior user consent or notice. The authorization is…
Sharing with financial partners and business partners who jointly offer products or services may involve disclosure of financial account data, transaction history, and identity information to entitie…
This provision authorizes sharing of personal information with a broad set of third parties beyond direct service delivery, including for marketing and analytics purposes, which affects how user data…
The clause clarifies the operational framework under which Roblox processes and responds to lawful government demands for user data, establishing the institutional procedures that govern such disclos…
The clause operationalizes Roblox's legal disclosure obligations and establishes the procedural basis under which user data may be released to governmental entities without independent user notice or…
The clause establishes the operational framework under which Roblox may disclose persistent identifiers of child users to third-party service providers, while specifying that such disclosure requires…
The provision clarifies the operational framework under which Roblox processes legal demands and discloses user data to government entities, establishing the company's compliance procedures and the s…
This clause establishes the operational framework under which user data held by Roblox may be accessed by government and law enforcement entities. The provision defines the conditions and mechanisms …
This provision establishes the categories of third parties that receive your personal data and the conditions under which sharing occurs, including advertising partners and corporate transaction scen…
This clause establishes the operational conditions under which Rumble may release user data to government entities. It clarifies that legal compliance obligations override standard data retention pra…
The clause establishes a mechanism for user data to transfer to new corporate entities or third parties upon specified business events, without requiring separate user consent at the time of transfer…
The provision establishes the operational framework for data sharing with third-party advertising and analytics partners as a standard business practice within the service. This authorization affects…
This provision permits disclosure of user personal data, including biometric data and user content, to unaffiliated third parties in connection with corporate transactions, including to prospective c…
The provision clarifies Runway's data sharing practices with advertising and analytics partners while establishing procedural pathways for users to restrict such disclosures under state privacy law f…
The provision establishes an institutional practice of cross-sector data disclosure. From an operational standpoint, this creates a disclosure pathway outside the primary service relationship, with d…
This provision establishes the operational framework for cross-border data flows, defining how Salesforce manages compliance obligations under GDPR Article 46 and similar international data protectio…
The clause establishes a broad framework for data distribution across Salesforce's operational ecosystem and business relationships. This authorization spans internal corporate entities, external ser…
This clause delineates the scope of Salesforce's privacy obligations by excluding processor relationships from the Privacy Statement's coverage. When Salesforce operates as a processor rather than a …
The breadth of sharing categories means your personal data may reach a wide range of organizations beyond Salesforce itself. Understanding which categories are most likely to apply to your interactio…
This provision authorizes cross-context behavioral advertising data sharing, which triggers CCPA/CPRA opt-out rights for California residents and analogous rights under other state privacy laws. The …
Sharing your behavioral and device data with external advertising partners means your information leaves Samsung's control and may be used by those third parties for their own advertising and profili…
The clause establishes Shopify's discretionary authority to share user personal information with government and law enforcement entities based on the company's assessment of legal obligations or safe…
The provision describes the contractual safeguard framework Shopify uses to comply with EU data transfer requirements when moving personal information to non-adequate countries. This mechanism establ…
The policy authorizes disclosure of personal data including behavioral, device, and contact information to advertising and analytics vendors, which may involve cross-platform tracking and audience pr…
The clause establishes the operational framework for data distribution across Shopify's service infrastructure. Identifying these categories of recipients clarifies the scope of permitted data transf…
The clause establishes the conditions under which the service provider may disclose user personal information outside normal operational parameters, including both compelled disclosure through legal …
The clause establishes the operational framework under which Shopify discloses user data to external vendors necessary for service delivery. This authorization defines the categories of third parties…
The clause establishes the contractual framework Shopify employs to comply with EU and UK data protection requirements when moving personal data to jurisdictions outside the designated adequacy perim…
This clause establishes the operational framework for data flows required to deliver core service functions, particularly emergency response capabilities that depend on transmission of alarm signals …
Your home security data, including alarm events and potentially video footage, may be accessible to companies other than SimpliSafe, which expands the number of entities handling your sensitive resid…
The clause establishes the operational mechanism by which user data flows to third-party content providers within the Skillshare ecosystem. This creates a data sharing relationship between the platfo…
This provision authorizes disclosure of user personal data to acquiring parties in a broad range of corporate transactions, including due diligence stages prior to a completed deal, which means data …
This provision authorizes Skillshare to share student personal data with individual Teachers, who are third parties operating on the platform, as a condition of enrollment, which has implications for…
The clause establishes the operational scope of data disclosure by identifying categories of service providers who may access user personal information as part of service delivery and support functio…
This provision establishes a data-sharing relationship with third-party advertising partners that may constitute 'selling' or 'sharing' of personal data under CCPA and CPRA, triggering opt-out rights…
The clause establishes the operational procedure for handling personal information during corporate transactions, requiring contractual commitment from the acquiring entity to maintain equivalent pri…
This data sharing arrangement establishes a direct information flow between the platform and content creators, creating a mechanism by which Teachers receive behavioral and demographic data about the…
The provision documents Slack's legal framework for cross-border data transfers, addressing EU data protection requirements that restrict international transfers without adequate safeguards. By imple…
Personal data shared with Salesforce is subject to Salesforce's separate privacy framework, meaning the data leaves Slack's stated privacy commitments and enters a broader corporate ecosystem with it…
The provision establishes the data flow mechanism between Slack and third-party services, clarifying that data sharing occurs upon Integration enablement and that Slack disclaims operational control …
The clause establishes the operational framework under which Slack may transfer user information to external parties. It creates a category of authorized recipients beyond Slack's direct control, wit…
This provision defines the data governance model for enterprise deployments, establishing the employer as the data controller within the workspace infrastructure. The administrative authority granted…
This provision establishes the scope of entities within the corporate structure that may access user data under the privacy policy. It expands the class of entities permitted to receive information b…
Cross-site tracking by advertising partners is one of the more privacy-sensitive data sharing practices, and users who do not adjust cookie settings may have their behavior tracked across the web wit…
This provision establishes the operational framework for data distribution across Snapchat's business partner ecosystem. It authorizes cross-organizational data flows that enable integrated services,…
The provision establishes the operational framework for international data flows necessary to deliver the service's core functionality of connecting users globally. It creates an authorization struct…
The clause establishes the operational scope of data flows within the Snap corporate family and to external service providers, defining which entities receive access to user information and the contr…
The agreement establishes the legal basis for Snowflake's handling of Customer Data; the license is scoped to what is 'reasonably necessary to provide the Services,' which limits use to service deliv…
This clause establishes the contractual framework under which third-party content operates within the PlayStation ecosystem, clarifying that SIE's standard terms extend to third-party services access…
This provision establishes the operational framework under which user data may be disclosed to government entities and law enforcement without independent judicial authorization beyond the company's …
When using third-party services through PlayStation, you may be subject to both PlayStation's terms and the third party's own terms simultaneously, potentially creating layered obligations and data s…
The combination of first-party account data with third-party sourced data, including fraud scores and social media data, can significantly expand the scope and sensitivity of the profile PlayStation …
This provision confirms that code prompts and related content submitted to Sourcegraph's AI coding features are shared with third-party subprocessors, which is material for users submitting proprieta…
The clause establishes the technical permissions necessary for service delivery by allocating device resources to Spotify's operations. It further authorizes the use of those same device resources fo…
The clause establishes the operational framework for third-party data flows into Spotify's systems and specifies that permission requirements apply selectively rather than uniformly across all third-…
The policy authorizes data flows to and from multiple categories of third parties, including advertising partners who may share audience data with Spotify to enable targeted advertising; the scope of…
This clause establishes the operational framework through which Spotify integrates third-party data sources into its advertising delivery and measurement infrastructure. The provision creates an inst…
The provision operationalizes age-based advertising differentiation, requiring notification when advertising status changes and providing a designated interface for preference modification. This esta…
The operational significance is that Spotify establishes authority to process usage data into categorical inferences about user characteristics and preferences. These derived inferences may be used f…
Data sharing with financial partners is structurally necessary for payment processing operations, as these entities require transaction and account information to perform underwriting, fraud preventi…
Data sharing with affiliates and a broad range of service providers means your personal information moves beyond Square to a potentially large ecosystem of companies, each with their own data handlin…
This clause establishes the operational framework under which user data constitutes a transferable asset during corporate restructuring events. It clarifies that personal information held by Squaresp…
The clause establishes the scope of permissible data transfers beyond Stability AI's direct control, defining which categories of external parties may access user information in the course of service…
The provision establishes that data processing occurs across multiple jurisdictions, which affects the applicable regulatory framework governing that data. Users' personal data may be subject to the …
The terms authorize transfer of personal data to successor entities in business transactions without requiring individual user consent at the time of transfer, which means your data could move to a n…
The terms authorize disclosure of personal data to a range of third-party categories, including advertising partners and potential acquirers, which affects how your data may be used beyond Stability …
This provision establishes the scope of data recipients beyond Starbucks' direct control and defines permissible uses by those recipients. The authorization extends to multiple categories of entities…
This means your purchase history, browsing behavior, and profile data may be used by third-party advertisers outside the Starbucks ecosystem to target you with ads, which many consumers do not antici…
The clause establishes the data collection and sharing mechanism necessary for subscription account administration, specifying both the categories of information required and the parties who may acce…
Your personal and financial identifying information is being shared with unspecified third parties, and the Terms do not enumerate who these third parties are, what data retention practices they foll…
Sharing personal financial and behavioral data with marketing and analytics third parties goes beyond what is strictly necessary to provide investment and banking services, and consumers may not anti…
The standard applied to de-identification is described only as 'reasonable efforts,' which may not meet the specific technical thresholds required under some state privacy laws; data shared with unaf…
The opt-out right is meaningful but narrower than it may appear: transaction and experience data continues to flow internally regardless of your preference, and the opt-out does not protect your data…
Sharing with marketing partners means your personal information is disclosed to companies outside the State Farm family, which may include detailed insurance and financial profile data, and the polic…
The provision establishes a data sharing framework that extends beyond State Farm's direct operations to include service providers and joint marketing partners. This operational structure determines …
The clause establishes the default information-sharing practice within the State Farm corporate group and operationalizes a limited opt-out right. The stated exclusions preserve State Farm's ability …
The provision establishes a data processing framework that allows collection and distribution of anonymized analytics to external parties. The absence of specified retention limits means anonymous da…
The policy asserts a broad right to share anonymized behavioral data with any third party, and the standard of what qualifies as sufficiently anonymized is not defined in the document, which may crea…
Your personal data, including your Steam ID and potentially game statistics, may flow to third-party developers and publishers who operate under their own privacy policies, creating privacy exposure …
The provision distinguishes between anonymous/aggregated data sharing, which the terms permit broadly, and personal data collection, which occurs through explicit user submission or active participat…
Your personal data, including purchase history, identity information, and behavioral data, could end up in the hands of a different company with its own privacy practices if StockX changes ownership.
This provision establishes the operational framework for data distribution across Strava's service ecosystem, defining which external entities receive access to user information and under what functi…
The provision establishes the operational basis for Strava's use of automated tracking mechanisms to collect user behavioral data. This framing indicates that cookie-based data collection is a standa…
The commercial use of de-identified fitness and location data is disclosed and acknowledged as continuing even after account deletion, which means data derived from your activities may remain in comm…
This provision delineates the boundary of Strava's data governance responsibility by establishing that information shared with third-party integrations operates under separate contractual regimes. Th…
This clause restricts the permissible uses of a specific category of health data collected through third-party integrations, creating a narrower data practice framework for health information than ma…
Fitness and location data shared with third-party integrations falls outside Strava's privacy protections, and you may not realize how broadly your data is flowing when you connect devices or apps.
The provision establishes the legal mechanisms by which Stripe operationalizes cross-border data flows, ensuring transfers comply with EU and UK data protection requirements through Commission-approv…
Data sharing with financial partners is a core operational requirement for payment processing. The provision establishes the institutional framework under which transaction data flows to entities req…
The policy authorizes sharing of payment and identity data with a broad category of Financial Partners, which includes entities consumers may not have a direct relationship with or awareness of.
This provision establishes the operational scope of data distribution within Stripe's corporate structure and vendor ecosystem. It defines which categories of processors and entities have authorized …
The clause establishes the operational structure through which Stripe delivers financial services, clarifying that service provision occurs through a network of partner financial institutions rather …
Data sharing with financial partners is operationally necessary for Stripe to deliver payment processing services and maintain regulatory compliance. Third-party sharing enables fraud detection, risk…
The terms authorize disclosure of business information and transaction data to third-party card networks and financial partners, and Users' acceptance of the agreement constitutes authorization for t…
This provision establishes Stripe's operational framework for handling government disclosure requests and defines the circumstances under which customer data becomes subject to compulsory legal proce…
The operational significance is that liability and compliance obligations are allocated to different Stripe entities depending on jurisdiction, creating jurisdiction-specific contractual relationship…
This allocation of data controller responsibilities clarifies the contractual relationship and legal obligations regarding personal data. It establishes that the Business User assumes primary respons…
This provision establishes a data sharing relationship between Substack and third-party child safety organizations for CSAM detection purposes, which represents a newly disclosed category of third-pa…
The provision establishes a mechanism for data sharing that operates outside the named partner disclosures in the privacy policy, conditioned on the anonymization standard described. The operational …
The clause establishes a data controller relationship where Creators assume independent responsibility for personal information provided through publication interactions. This operationally means Sub…
Your personal data does not stay within Substack's control once you engage with a creator's publication; the creator receives it and handles it under their own terms, which users may not have separat…
This provision authorizes sharing of Personal Information with generative AI service providers as part of Substack's service provider relationships. The absence of specific provider names and data ca…
Even though Supabase does not claim ownership of your raw customer data, it retains rights to insights and analytics derived from that data, which is a common but material practice in cloud service a…
The combination of externally sourced data with internally collected data can create detailed user profiles that go beyond what users would expect from signing up for a developer platform, and the br…
The clause establishes the operational framework for data processing through external vendors and defines the contractual obligation to impose data protection requirements on those vendors. This dete…
CPNI sharing practices define the scope of customer data available to T-Mobile's business operations and marketing functions. The operational significance lies in how this provision structures data f…
This clause establishes the operational framework under which T-Mobile may fulfill legal obligations to provide customer information to government entities and law enforcement, and defines the circum…
The policy authorizes data sharing with a range of third-party service providers, and the sub-processor list is available only upon request rather than being published directly, which limits user vis…
This provision establishes the operational framework for data sharing across the service delivery ecosystem. It defines the categories of recipients (service providers and analytics vendors) and the …
This provision authorizes a broad set of third-party data disclosures to advertising and analytics vendors whose tracking scripts are loaded on the Tabnine website. For EU users, this sharing may req…
This provision establishes the operational framework for data access by external service providers and defines the scope of permissible use by those parties. The clause creates contractual obligation…
This clause establishes the operational framework for personal data continuity during corporate restructuring events, ensuring data transfer authority exists while requiring notification of such tran…
This provision establishes that Target Plus marketplace transactions involve personal information disclosure to third-party sellers who are not directly subject to Target's privacy policy, creating a…
This provision establishes that Target Circle program participation results in personal information sharing with named third-party loyalty partners whose own data practices are governed by their inde…
This provision establishes the operational scope of data sharing across Target's vendor network. By defining service provider categories and imposing necessity limitations on information disclosure, …
This clause establishes the operational scope of data sharing within Target's service delivery ecosystem. It creates a contractual framework governing how third-party vendors access and use personal …
Data broker sourcing means Target's profile of you may include information you never directly provided to Target, which can expand the scope of behavioral targeting significantly beyond what most con…
RedCard data sharing with financial partners may engage federal financial privacy obligations under the Gramm-Leach-Bliley Act (GLBA) and associated regulations, which impose notice, opt-out, and dat…
The second paragraph of this clause permits disclosure 'in our sole discretion' based on a subjective belief about potential injury or interference, which is broader than a mandatory legal compliance…
This provision creates a hierarchical governance structure for personal data transfers between the EU/UK and US, establishing DPF compliance obligations as the controlling standard. The clause operat…
This clause establishes a data acquisition mechanism that expands TaskRabbit's information collection beyond direct user inputs by enabling automated data transfer from partner systems. The provision…
This clause permits disclosure of personal data to third parties during pre-closing M&A negotiations without a completed transaction, meaning your data could be accessed by an entity that never ultim…
The clause establishes a data transfer mechanism that operates outside standard service operations, permitting disclosure of user personal information to external entities evaluating or executing cor…
This provision establishes a conditional data disclosure mechanism triggered by user-initiated financial disputes, requiring compliance teams to evaluate whether this disclosure is consistent with ap…
Users who translate messages are sharing their message content with major third-party technology companies, even though Telegram states these companies cannot use the data for other purposes.
Initiating a chargeback or refund request triggers a consent to share account-level data with third-party payment processors, which users may not anticipate when exercising what they consider a stand…
Your personal data may be transferred to entities in jurisdictions that do not have EU adequacy decisions, meaning the legal protection depends on the quality and enforcement of the standard contract…
Using Premium transcription or translation features routes your message content through Google's systems, which is a data sharing disclosure that users should consider when deciding whether to use th…
The provision establishes the operational framework for a third-party transcription service, defining the scope of data transmission and imposing contractual restrictions on Google's use of shared au…
This provision discloses that Premium voice transcription and translation features route data through Google LLC infrastructure, which is a material third-party data processing disclosure relevant to…
In a corporate transaction, your personal data could be transferred to a new entity whose privacy practices differ from Thomson Reuters', and the protections available to you may change as a result.
The clause establishes the operational framework for data distribution across the Threads ecosystem, defining categories of recipients (advertisers, measurement entities, service providers) who recei…
This provision establishes that personal data collected on Threads, including behavioral and interaction data, is shared with categories of third parties beyond Meta's own products, including externa…
The policy states that Threads data contributes to Meta's cross-platform advertising and personalization systems, meaning activity on Threads may inform what ads and content you see on Facebook, Inst…
The provision establishes the operational scope of data collection and use across multiple platforms under common corporate ownership. This determines which entities within Meta's corporate structure…
This clause establishes the operational framework for third-party data distribution and defines the contractual obligations imposed on recipients. The provision creates a multi-party data flow struct…
This clause establishes the operational framework under which Threads will comply with lawful government data requests. It clarifies that the company's data disclosure obligations extend to law enfor…
The policy authorizes sharing of Threads personal data with Meta's family of companies for operational, advertising, and safety purposes, as well as with third-party partners, meaning data does not r…
The provision clarifies the operational scope of data sharing within the corporate group while establishing contractual obligations for data handling by recipients. This defines the boundaries betwee…
Your personal data does not stay only with Ticketmaster; it flows to multiple third parties who may use it independently, including for their own marketing, and you may have limited visibility into w…
Your personal data is transmitted to an external fraud screening company that operates under its own privacy terms, meaning your information enters a third-party system with potentially different dat…
The clause establishes a conditional authorization structure: data sharing required for contract performance occurs without separate permission, while discretionary sharing with commercial partners r…
The provision establishes a data sharing arrangement with a specific external service provider as part of Ticketmaster's fraud prevention operational framework. This shared arrangement means personal…
Your Ticketmaster profile may be enriched with demographic and interest data sourced from third-party advertising partners rather than information you provided directly, which broadens the scope of p…
The clause establishes the operational basis for data sharing between TikTok and its commerce-related subsidiaries, conditioning such sharing on compliance with Executive Order 14352 requirements rat…
The operational significance lies in how the provision delineates the permissible scope of third-party data collection infrastructure on the platform and establishes procedural requirements for track…
This provision establishes the contractual scope boundary between TikTok's obligations and those of third-party service providers. By allocating governance to third-party terms and policies, the prov…
Cross-border data infrastructure provisions define the technical and legal mechanisms through which advertising platforms operate globally, affecting data residency, compliance with regional regulati…
This provision establishes the operational framework under which user data may be transferred to acquiring or successor entities during corporate restructuring. It clarifies that data sharing in M&A …
The clause establishes the conditions under which Tinder may transfer personal data to government and law enforcement authorities without separate user consent, creating a disclosure pathway outside …
The clause establishes the operational framework for Tinder's global service infrastructure, requiring implementation of data transfer safeguards when moving user information to jurisdictions with va…
Linking a Facebook or other social account to Tinder expands the scope of data Tinder can access and use beyond what you directly input into the Tinder app, including information from your social med…
Sharing financial data with advertising networks extends your data's reach beyond Intuit's controlled environment, potentially exposing sensitive financial profile information to third parties whose …
Tax data is among the most sensitive personal information people share digitally, and this clause permits it to flow into advertising and product recommendation systems beyond the original tax-filing…
The clause establishes the operational mechanism by which Twilio shares customer data with marketplace partners. This data sharing is structured as integral to enabling integrated services that custo…
The clause establishes the operational scope of data distribution across Twilio's service ecosystem, defining three distinct categories of recipients and their respective functions in service deliver…
The provision establishes the operational framework for cross-border data processing and specifies the contractual mechanisms Twilio uses to address jurisdictional differences in data protection requ…
The clause establishes the conditions and scope under which Uber may share driver and delivery worker personal data with external governmental and law enforcement entities. The provision includes bot…
The clause establishes the operational data flows required to facilitate the ride-matching and navigation functions of the service. Real-time location sharing is a core mechanism enabling drivers to …
The clause establishes the operational framework and legal basis for Uber's global data infrastructure, acknowledging that personal data processing occurs across jurisdictions with potentially differ…
This clause establishes the operational framework for Uber's data sharing practices in advertising contexts, specifying which categories of business partners receive user data and the authorized uses…
This provision establishes the operational framework for data disclosure to third parties integral to the service delivery model. Insurance and financial service partnerships require access to specif…
This provision establishes the operational framework for data continuity during corporate restructuring events. It clarifies that personal data constitutes a transferable asset in such transactions a…
A change in corporate ownership could result in your data being governed by a materially different privacy policy, potentially with broader data-use rights than you originally agreed to.
This provision establishes the operational framework for data continuity during corporate restructuring events. It clarifies that user data constitutes a transferable asset in M&A contexts and permit…
Your personal data is not limited to Uniswap Labs itself but flows to an unspecified number of third-party vendors and affiliates, expanding the surface area of who holds information about your crypt…
This clause establishes the operational framework for data continuity during corporate restructuring events. It permits data transfer without requiring advance notice or individual user authorization…
This provision establishes the data inflow mechanism by which Epic Games obtains user information through cross-platform account linking. The authorization applies regardless of whether the user acti…
The provision establishes the operational framework for data acquisition across multiple collection channels, which directly enables the advertising and analytics functions described in the policy. T…
This clause means that your data exposure when using Unreal Engine and other Epic Services may extend beyond what Epic itself collects, to include collection by embedded third-party software vendors …
Data flows to and from gaming console operators and advertising networks mean that your activity across multiple platforms is connected, and the third parties involved have their own privacy practice…
This provision establishes the scope of entities that may receive user personal information under normal operations and in connection with specific business functions. The authorization extends infor…
The agreement authorizes sharing of user data, including financial transaction history, bank account identifiers, and personal identifiers, across the PayPal corporate family and with third-party ven…
For a developer infrastructure platform, sharing user data with advertising partners may not be expected by users who assumed their data would only be used to operate the service they signed up for.
This provision establishes a data monetization mechanism through which Verizon derives and sells aggregate insights derived from customer network behavior. The deidentification and aggregation standa…
Data shared with affiliates and joint marketing partners expands the pool of companies that may use your personal information for commercial purposes beyond your original relationship with Verizon.
Combining externally sourced data with network and service data creates a significantly richer profile of each customer than either source alone, expanding the scope of data that may be used for comm…
This provision establishes the contractual framework for third-party data sharing with advertising partners, which is directly relevant to CCPA/CPRA sale and sharing definitions and to the adequacy o…
The provision establishes the operational framework governing Visa's cross-border data transfer practices and specifies the contractual mechanisms through which Visa implements protective measures. T…
The clause establishes the operational framework through which transaction data flows across Visa's network ecosystem. This authorization enables the core functionality of payment processing while al…
This provision establishes the scope of permitted data sharing across Visa's business relationships and service delivery functions. The authorization extends to multiple categories of recipients and …
This clause establishes the legal basis under which Visa processes personal data without requiring separate opt-in consent. It permits data processing for operational security, fraud prevention, and …
Sharing personal data with merchants and financial institutions for product improvement purposes goes beyond operational necessity and means your information may inform commercial decisions at third …
The policy states that data shared with financial partners is governed by those partners' separate privacy notices, meaning consumers interacting with Walmart co-branded financial products should rev…
The provision establishes the operational scope of data sharing practices within Walmart's service delivery model. It authorizes disclosure to multiple categories of recipients for service provision,…
This clause establishes the scope of permissible data recipients under the agreement. It specifies categories of third parties with whom personal information may be shared and ties disclosure authori…
This provision establishes the conditions under which Waze may transfer user information outside its direct control to government agencies, law enforcement, and other third parties. It operationalize…
The clause establishes the operational scope for personal data infrastructure by permitting Waze to utilize distributed data storage and processing across multiple geographic jurisdictions as part of…
This provision authorizes the disclosure of user data, including potentially location and behavioral data, to third-party advertising and analytics partners who may independently track users across d…
This provision establishes the operational basis for Waze's advertising model by permitting data sharing with third-party business partners and enabling personalized ad delivery across multiple platf…
The clause establishes a procedural framework for account linking and data sharing, requiring explicit user authorization at two stages: account connection and data transmission, which structures how…
This clause establishes the procedural framework for data transfer in ownership or control changes. It clarifies that personal information is treated as a business asset that may be disclosed to pote…
The clause establishes the operational scope of data sharing within Wealthfront's shared view feature, defining which data categories the service is authorized to disclose to designated co-owners and…
Linking your external bank or investment accounts shares your financial credentials and account data with Wealthfront and unnamed third-party aggregators, and the terms disclaim any responsibility fo…
This clause establishes the operational framework governing how user data may be handled during corporate transactions or changes in service provision, clarifying that Personal Information constitute…
This clause establishes the operational scope of data sharing for joint account access features. It specifies which personal and financial data elements Wealthfront is authorized to disclose to co-ow…
The clause conditions access to third-party account data retrieval on explicit consent and specifies the scope of permitted uses—both for service delivery and, if applicable, for account management p…
This provision establishes the contractual basis on which W&B processes customer-submitted AI development data, including potentially proprietary model weights and training datasets. The scope of the…
Third-party data sharing provisions determine who beyond CoreWeave may receive your personal information, which affects your privacy and the security of your data.
This provision authorizes W&B to derive and use aggregated and anonymized data from customer interactions and submitted data for business purposes including publication, which may be relevant for cus…
This provision outlines the operational basis for CoreWeave's personal data handling activities across its service ecosystem. Understanding these practices is material to users' comprehension of how …
The license includes a right to use Customer Data to improve the services, which may mean W&B can derive insights or enhancements from your organization's ML training data, model outputs, or experime…
This provision means your browsing and purchase data on Whatnot may be used by outside advertising companies to track and target you across the internet, not just on Whatnot.
For users in the EU, UK, and other jurisdictions with strong data protection laws, this transfer must be covered by a lawful mechanism such as Standard Contractual Clauses, and the policy does not sp…
This clause means your personal information could end up with a different company, potentially with different privacy practices, if Whatnot undergoes a business change, and this can occur during nego…
The provision clarifies the operational scope of data flow to integrated third-party services and establishes that Meta does not control or restrict what integrated third-party services receive once …
The provision creates an operational framework for data flow from business accounts to WhatsApp and its service providers, expanding the sources and uses of user interaction data beyond direct WhatsA…
The clause establishes WhatsApp's authority to share information with government and law enforcement without prior user notice, conditioned on the company's good faith determination that disclosure i…
The clause establishes the operational framework governing disclosure of user data outside normal service operations. It defines two categories of disclosure authorization: those mandated by legal pr…
This provision establishes that user model selection does not fully constrain which inference providers receive code-derived data, as background tasks may route data to additional providers. Enterpri…
This provision discloses the full subprocessor chain and the conditions under which each provider may access code-derived data, enabling enterprise compliance teams to conduct third-party risk assess…
The provision authorizes disclosure of all described categories of personal information, including Prompts and Outputs Information and Log and Usage Information, to an open-ended set of current or fu…
The provision authorizes personal data transfer during merger or acquisition negotiations, meaning data may move to a third party before a transaction is finalized, and users are not guaranteed notic…
The agreement permits User Content to flow to third-party platforms upon integration, with Exafunction disclaiming all liability for how those platforms use the data, meaning users' code and content …
This provision identifies a specific subprocessor relationship where code-derived data is transmitted to a third party without the zero-data retention agreement that applies to other inference provid…
The clause establishes the operational framework for cross-border data flows and acknowledges that destination jurisdictions may have less comprehensive data protection regimes than the EEA, Switzerl…
The clause establishes the scope of permitted data disclosures and identifies the categories of recipients who may access user information. This authorization supports the operational infrastructure …
Your financial transaction data, identity information, and account activity may be shared with entities beyond Wise itself, which is relevant both to your privacy and to understanding who may have ac…
Personal data you provide when using Wix, including your usage patterns and contact details, may flow to third-party advertising and analytics networks, expanding the number of entities that hold you…
The clause establishes the framework under which personal information becomes a transferable asset in corporate transactions. It permits information disclosure during business events that may result …
Your data, including potentially sensitive content, may be accessible to multiple third-party vendors and could transfer to new owners in a corporate transaction without requiring your consent.
This clause establishes the operational scope of data recipients beyond Writer itself, defining categories of entities that may access user personal information as part of normal service delivery and…
This provision defines the default visibility model for the platform, establishing that public accessibility of user-generated content and profile data is a foundational operational characteristic ra…
This provision authorizes the transfer of personal data to a new corporate entity in connection with a corporate transaction, meaning control over your data could shift to a different company with it…
The phrase commercially reasonable period is not defined in the agreement, meaning users cannot determine precisely when YouTube's rights over their deleted content expire, and server copies are reta…
The clause defines the operational scope of third-party data sharing and establishes contractual requirements for service providers who handle personal information. It creates gatekeeping conditions …
This clause establishes the operational framework under which Google may fulfill legal obligations to disclose user data to government authorities. The provision conditions disclosure on good-faith b…
This provision defines the operational boundaries for data sharing and establishes that Google uses service providers and affiliated entities to process personal information under contractual obligat…
The clause establishes Google's operational framework for responding to compulsory legal disclosures. It defines the conditions under which personal information may be shared outside Google's control…
This provision establishes the operational framework through which users exercise control over their account data and service settings. The availability of these controls structures how users can man…
This clause establishes the operational framework under which Google will respond to legal demands and governmental requests for user data. It clarifies that compliance with legal obligations may res…
The distinction between sharing 'personal information' and 'non-personally identifiable information' with advertising partners matters because aggregated or pseudonymous data shared at scale can some…
This provision establishes the operational framework for YouTube Kids' third-party data disclosure practices. It identifies parental consent as the required authorization mechanism that governs wheth…
The external processing carve-out means that third-party vendors and affiliates may access your child's data as processors, even without specific parental consent for each such transfer, provided the…
This clause establishes the operational framework under which user data may be shared beyond Google's direct control in response to legal obligations, security threats, or enforcement needs. It defin…
The clause establishes the operational procedure for fraud report distribution within Zelle's network of financial institutions. This disclosure mechanism enables recipient banks to receive fraud inf…
Consumers reporting a fraud or scam may not expect that their personal details and account of the incident will automatically be forwarded to the other party's financial institution, which could affe…
This provision authorizes sharing of personal data with advertising and analytics partners, which engages consent requirements under ePrivacy and GDPR in the EU, and opt-out rights under CCPA/CPRA fo…
The clause establishes Zendesk's operational practices for data collection and distribution to external partners, defining the scope of data sharing that occurs during website usage and informing the…
Data enrichment from third-party brokers means Zillow's profile of you may include information you never directly provided to the company, potentially including demographic, financial, or behavioral …
This provision establishes the legal and operational basis for cross-context behavioral advertising using Zillow user data, and is directly relevant to CCPA/CPRA opt-out obligations and FTC guidance …
Your home search activity, device identifiers, and on-platform behavior are transmitted to third-party ad networks, meaning your real estate interests may be used to profile you across the broader in…
Your data profile at ZipRecruiter may be enriched with information from third-party advertising networks and data brokers, potentially creating a more detailed picture of you than what you directly p…
Using social login can expose more personal data to ZipRecruiter than you may expect, as the agreement permits access to information from your connected social account, and the liability for privacy …
This provision establishes the operational framework for data aggregation from external sources, expanding the datasets ZipRecruiter maintains beyond information directly collected from users. The cl…
This provision authorizes the disclosure of behavioral and identifier data to third-party advertising networks, which may include data brokers or ad exchanges that further share this data. This is se…
The provision describes Zoom's compliance framework for international data transfers under EU data protection regulations. Standard Contractual Clauses and adequacy decisions are the contractual and …
The clause establishes the operational framework for Zoom's use of third-party service providers in advertising and analytics functions. This practice affects which entities receive access to user pe…
The combination of eBay's first-party behavioral data with data acquired from credit agencies and external data providers creates a more detailed profile of users than most people would expect from a…
This clause establishes the operational framework for how personal data is treated during corporate restructuring events. It permits the transfer of user data alongside business assets, establishing …
This provision establishes that Anyscale's personal information profiles may be enriched with data from external sources including social media platforms and public records, combined with first-party…
This provision defines the scope of Apple's authorized data practices by excluding certain commercial data transfers. The operational significance is that Apple restricts third-party access to person…
The Bing Ads tag sends data about your behavior on Arlo's site to Microsoft, adding another advertising platform to the list of third parties receiving your browsing and purchase data.
This provision authorizes the transfer of your personal data to an acquiring entity in a corporate transaction, with post-transaction notification rather than prior consent as the stated mechanism fo…
This clause establishes the operational mechanism by which user data may be transferred to acquiring entities or transaction counterparties. It clarifies that information sharing during corporate res…
In a corporate transaction, your authentication data, device identifiers, and behavioral profiles could transfer to a new owner whose privacy practices may differ materially from Okta's current polic…
While the data use is limited to anonymized and aggregated forms, this provision permits broad secondary use of derived data for business purposes beyond the immediate service relationship, which is …
The provision establishes the operational framework for international data processing and specifies the legal mechanisms Calm uses to comply with cross-border transfer requirements. This addresses th…
The clause allocates responsibility for third-party data practices by clarifying that Chase's privacy obligations do not extend to linked external websites, and that users encounter different governa…
This provision clarifies the scope of Chegg's privacy obligations by delineating services where third-party privacy policies operate in parallel with Chegg's own. It establishes a contractual mechani…
A merger or acquisition could result in your personal data being transferred to a new corporate entity with different privacy practices, and you may not be notified before the transfer occurs.
The breadth of service provider categories means your data may flow to numerous third parties, and the protections applied to your data depend on Databricks' contracts with each of those vendors.
The clause establishes the operational framework for user data handling during corporate restructuring events, clarifying that personal information constitutes a transferable asset in such transactio…
This clause establishes the operational framework under which personal data may be conveyed to a successor entity during corporate restructuring events. It clarifies that data transfers in these scen…
This clause establishes the operational framework under which user data may change custodianship during significant corporate events. It clarifies that data transfer in such scenarios is permitted un…
Third-party integrations and plugins available within Figma operate under their own terms, and Figma does not accept responsibility for how those third parties handle your data or content.
A corporate acquisition could transfer your sensitive health and GPS data to a new entity with different privacy practices, and your ability to prevent this transfer under the current policy is limit…
The collection of payment information is operationally necessary to facilitate billing and subscription management for paid service tiers, and establishes the scope of personal financial data GitHub …
This means your Google Pay setup status is shared with merchant websites as a form of device or account profiling, even before you initiate any transaction, though an opt-out is available.
This clause establishes the conditions under which the company may transfer user data to government entities without independent user consent, defining compliance obligations under applicable law.
Third-party analytics tools can collect detailed session data, device identifiers, and interaction logs that go beyond what users typically expect when visiting a streaming site.
A change of corporate ownership could result in your personal data being held and used by a different company with different privacy practices, without any specific notice or consent requirement stat…
The provision establishes Meta's operational framework for enabling user control over personal data through self-service mechanisms and structured data export processes, which reflects implementation…
This provision establishes the operational framework for information handling during corporate restructuring events. It clarifies that user data may be subject to transfer to successor entities or ac…
The clause establishes the operational framework for international data processing, specifying that data may be maintained across multiple jurisdictions while requiring the Company to implement secur…
The policy authorizes the transfer of user personal data as a business asset in the event of a corporate transaction, meaning your data could be held and processed by a new entity with potentially di…
The Subprocessors List is a material disclosure for customers assessing their data supply chain obligations under GDPR Article 28 and equivalent frameworks. The terms authorize Miro to update this li…
This provision authorizes transfer of personal data to third parties in corporate transaction contexts, potentially including during negotiations before a transaction is finalized, without requiring …
Cross-border data transfer provisions establish the operational framework for how personal information moves through Nintendo's global infrastructure and defines the jurisdictional scope of data proc…
This provision defines the scope of mandatory and optional public data disclosure for business account holders, establishing which profile information PayPal displays by default versus which disclosu…
The provision establishes a contractual relationship with a third-party payment processor and conditions service access on acceptance of that processor's governing terms, creating dual compliance obl…
This provision authorizes the transfer of user personal data to third parties in the context of corporate transactions, which may result in user data being held by a company with different privacy pr…
Sharing within affiliated companies is generally permitted under GLBA without an opt-out requirement, meaning your data can circulate across the entire Progressive enterprise for marketing and busine…
The provision establishes the data collection and processing workflow for monetized transactions on the platform. It clarifies that Roblox collects billing Personal Information directly while third-p…
The provision defines the contractual framework for Salesforce's partner ecosystem, establishing which third parties may operate within or integrate with the platform and under what operational const…
In a business acquisition or merger, your personal data could be transferred to a new company with different privacy practices, and you may not receive advance notice or have an opportunity to opt ou…
In the event of a corporate transaction, your personal data could be transferred to a new company with different privacy practices, and you may have limited ability to prevent that transfer.
This clause establishes the operational framework under which Snapchat may respond to legal demands and disclose user data without separate user authorization. It defines the institutional conditions…
A business transfer could result in your insurance and financial data being held by a new company with different privacy practices, and the policy does not specify whether you would receive advance n…
Your personal data could be transferred to a different company with potentially different privacy practices if Substack undergoes a change of ownership, and the policy does not guarantee notice to us…
This provision reserves the right to transfer subscriber and user Personal Information as part of a business asset transaction, which could result in Personal Information being transferred to a new e…
While customer data ownership is confirmed, the operational license granted to Supabase is broad in scope and includes worldwide rights to reproduce and distribute customer data, which is the standar…
This provision establishes the operational framework under which user data may be transferred to successor entities or acquirers during corporate restructuring events. It clarifies that information c…
Data sharing with service providers is operationally necessary for Uber to execute ride and delivery transactions. The provision specifies which data categories are transmitted to which parties, esta…
A corporate transaction could result in your data being controlled by a company with materially different privacy practices, and the policy does not commit to notifying users before such a transfer o…
Activating the shared view feature for a joint account automatically authorizes disclosure of your personal financial data to another person, so it is important to understand what information is shar…
This provision establishes a contractual limitation on data monetization and secondary use practices. By restricting the sale or rental of personal information, the clause defines the operational sco…
GIFCT membership involves sharing data or signals about harmful content across platforms, which has implications for how content and potentially account information may be shared with third-party tec…
While Zelle asserts it does not sell data, the notice separately confirms that browsing data and identifiers are shared with advertising networks for behavioral advertising, which is regulated as 'sh…
A corporate transaction could result in your personal data being transferred to a new entity with potentially different privacy practices, and this clause permits that transfer even during the negoti…
Create a free account and watch the platforms that matter to you. We'll email you the moment something changes.
A data sharing clause is a provision in a platform's terms of service or privacy policy governing data sharing-related rights, obligations, or restrictions.
ConductAtlas tracks 252 platforms with data sharing clauses - roughly 73% of platforms in the archive. 427 are classified as high severity.
Severity reflects the magnitude of rights waived, availability of opt-out, breadth of users affected, financial or legal exposure created, and the degree of discretion retained by the platform.