Found in 189 of 325 platforms tracked (58% adoption) · 530 provisions
The provision establishes the scope and permissible uses of de-identified data for internal product development and potential third-party commercialization activities. By specifying that such activit…
This dual-role structure establishes different legal responsibilities and accountability frameworks for ADP's data processing activities. When ADP acts as a processor, the client employer retains pri…
This provision establishes the permissible bases under which ADP may process sensitive personal data categories subject to heightened regulatory protection under data protection frameworks. The claus…
This clause delineates the contractual and legal responsibility structure for personal data processing in B2B service relationships. By designating ADP as processor rather than controller, the provis…
This clause clarifies the data protection framework by delineating AWS's role as a processor rather than controller for customer data stored on AWS infrastructure. It specifies that responsibility fo…
The clause operationally restricts AWS's use of Customer Data to service delivery purposes and establishes a mechanism for customers to obtain a DPA when regulatory compliance requires one. This stru…
The clause creates a framework for data residency control and establishes AWS's data access limitations and non-disclosure obligations as operational requirements. It specifies the conditions under w…
The provision allocates data processing compliance responsibility to the customer rather than AWS, establishing that AWS Bedrock does not automatically create lawful processing authority and that cus…
The clause establishes the operational scope of data sharing by designating specific categories of third parties as authorized recipients of user information. This defines the institutional framework…
The clause establishes the operational framework under which Adyen collects and processes biometric and other sensitive data categories as part of its regulatory compliance procedures. This determine…
The provision establishes the operational infrastructure for data collection and ad targeting by external vendors, enabling Affirm to monetize user behavioral data through advertising partnerships wh…
The clause establishes the operational basis for behavioral targeting while creating a consent requirement for personally identifying data in interest-based ad delivery, thereby delineating the scope…
The clause establishes the operational basis for Amazon's use of collected data across advertising functions, including both first-party advertising delivered to users and third-party advertising ser…
The clause establishes Amazon's operational authority to process user personal information for targeted advertising purposes while maintaining a stated distinction between identifiable and non-identi…
The clause establishes a broad operational authority for Amazon to incorporate user-generated data into model development and training processes as part of service improvement functions, without requ…
The clause establishes a default data use authorization for model development with a user-controlled opt-out mechanism, while preserving the company's authorization to use materials for training purp…
The provision establishes a bifurcated data usage framework where general model training is subject to user opt-out, but safety-related uses and user-initiated reporting create categorical exceptions…
This scope exclusion clarifies the division of data governance responsibility between Anthropic and its commercial customers. When Anthropic processes data as a processor rather than a controller, th…
The clause establishes a dual-authorization framework: a default permission structure with an opt-out mechanism, coupled with carve-outs that preserve the company's training use rights for specific m…
The provision establishes Anthropic's ownership and usage rights over feedback data collected through rating interactions and user submissions. This creates an operational mechanism for the service t…
The provision establishes a dual-consent framework where users may restrict training use through opt-out but retain defined carve-outs that permit training use for safety-related flagging and user-in…
This provision operationalizes Apple's regulatory compliance framework for child-directed content by restricting data monetization mechanisms in the Kids Category and establishing developer obligatio…
The Facebook Pixel integration establishes a data-sharing arrangement whereby Arlo transmits user browsing behavior and interaction data to Meta's advertising platform, enabling Meta to build user pr…
The availability of a separate DPA allows enterprise customers to establish contractual terms specific to data processing obligations, including compliance requirements under regulations like GDPR an…
This provision clarifies the allocation of data responsibility in business deployments, designating the employing or sponsoring organization—rather than Asana—as the entity responsible for determinin…
The controller-processor distinction allocates legal responsibilities under data protection regulations. When Atlassian is the controller, it bears primary accountability for data handling compliance…
The clause establishes the operational framework for Audible's advertising delivery and analytics infrastructure by explicitly authorizing third-party data collection and use. This authorization stru…
This provision is operationally significant because it allocates data processing responsibilities between Auth0 and its customers, establishes compliance obligations under laws such as GDPR and CCPA,…
The clause establishes the legal basis and scope for handling sensitive personal data regulated under GDPR Article 9. By designating processing as consent-based, the terms specify the regulatory fram…
Designating Bumble as the data controller establishes the legal entity responsible for determining the purposes and means of data processing, compliance with data protection obligations, and accounta…
The clause establishes broad operational rights for the platform to exploit user-generated content across all current and future formats and media without compensation or case-by-case consent, reduci…
This allocation establishes the customer's legal responsibility for compliance with data protection regulations governing invitee information. By designating the customer as data controller, the term…
This provision establishes the legal and operational allocation of data governance responsibilities. By designating the Customer as data controller, Calendly defines itself as a data processor, which…
This clause establishes a data sourcing mechanism that supplements Cash App's first-party data collection with third-party derived data. The operational significance is that user profiles maintained …
The provision establishes Character.AI's operational authority to exploit user-generated content across current and future platforms, technologies, and business applications without ongoing compensat…
The provision establishes Character.AI's operational authority to incorporate user-generated content into service operations, product improvement, and commercial activities without ongoing compensati…
The clause establishes the operational basis for the service provider's use of user-generated content and interaction data as training material for model development and service enhancement.
This provision establishes the legal responsibility framework for personal data processing. The allocation of controller and processor roles determines which entity bears regulatory compliance obliga…
The provision allocates regulatory responsibilities based on functional role under data protection law. This operational distinction determines which legal framework governs personal data handling an…
The provision defines the operational framework under which payment card data flows through Checkout.com's systems, establishing compliance obligations with PCI-DSS standards and regulatory requireme…
The clause establishes the operational scope of data sharing across the service infrastructure. It distinguishes between vendors acting as service providers on ClickUp's behalf and third parties rece…
This classification determines Cloudflare's legal obligations and responsibilities under data protection regulations. When Cloudflare functions as a processor, the Customer assumes primary data contr…
This distinction allocates legal and operational responsibility between Cloudflare and its customers under data protection frameworks. By defining Cloudflare as processor rather than controller, the …
Data processing terms are operationally significant because they define the scope of information flows within the service architecture and establish the legal basis for Cohere's handling of customer …
This clause establishes the scope of data recipients beyond Coinbase's direct control, defining which categories of external entities may receive user personal information as part of normal business …
This carve-out creates a distinct legal framework for commercial accounts, removing Privacy Policy protections in favor of negotiated customer agreements. This permits different data handling terms a…
The provision establishes the operational scope of personal data sharing within the service delivery model and identifies the categories of recipients who receive access to user personal information.…
This clause delineates the scope of the Privacy Policy by explicitly excluding customer-submitted data processed under a processor relationship. It establishes that data controller-processor obligati…
This clause clarifies the legal relationship between Datadog and its customers regarding data handling obligations, designating Datadog as a processor rather than controller. The allocation establish…
This provision establishes the operational framework for behavioral profiling and inference generation as core data processing activities. It specifies both internal use (service personalization) and…
The provision establishes a reference mechanism for disclosure of AI and machine learning data practices rather than detailing those practices directly in the privacy policy itself. This structure de…
The provision establishes the foundational operational scope of the entity's data processing activities, defining what categories of data (commercial and personal) and what volume of subjects (600M+ …
This allocation of data controller responsibility clarifies the operational relationship and regulatory obligations between Cisco, the enterprise customer, and end users under data protection framewo…
Cross-device profiling enables analytics providers to maintain unified user profiles independent of which device accesses EA's services. This operational capability allows EA to obtain comprehensive …
The provision clarifies the regulatory framework for personal data handling by incorporating a dedicated DPA, which typically establishes data processor obligations, security standards, and complianc…
This provision creates a multi-document framework for data governance by incorporating privacy obligations by reference rather than specifying them within the main service agreement. It establishes t…
The distinction between controller and processor roles carries different legal obligations under data protection frameworks such as GDPR. As a controller, Fastly bears primary responsibility for lawf…
This provision establishes the operational basis for incorporating user-generated content into Figma's AI model development pipeline, with the requirement that such data undergo de-identification and…
The provision establishes the scope of authorized use of Customer Content by Figma and its service providers, and creates a requirement that users consult separate documentation (Figma AI Terms) to u…
The clause defines the operational data processing relationship and allocates responsibility for compliance with data protection obligations. Fly.io's processor status means the customer bears primar…
This provision establishes Ford's data-sharing practices for advertising and analytics purposes, creating a operational framework where user behavioral information flows to external partners. The cla…
This provision establishes GitHub's operational authority to apply user-generated content to AI model training, which affects how the platform monetizes and develops its technical infrastructure. The…
This provision clarifies the data governance structure within organizational deployments, allocating responsibility and control authority between GitHub and the organization, which affects compliance…
This provision establishes a legal data processing relationship where responsibility for data governance and privacy compliance is assigned to the customer organization rather than to Glean. It clari…
This license establishes Google's operational rights to process and repurpose user content across its infrastructure and product ecosystem. The authorization to create derivative works and modify con…
The data controller/processor distinction determines regulatory obligations, lawful basis requirements, and liability allocation under data protection frameworks. This allocation affects what privacy…
The incorporation of the DPA creates a separate contractual framework that defines the parties' respective obligations, rights, and responsibilities regarding personal data processing. This structure…
The clause establishes a data retention and usage framework that ties continued service operation to participation in model training activities, creating an operational dependency between account set…
This provision establishes the operational procedure by which Google implements human review of user content as part of its safety and quality assurance processes, and specifies the privacy protectio…
The provision establishes a human review process as an operational mechanism for quality assurance and model improvement, which means certain conversation data flows to human reviewers as part of Goo…
This provision establishes the operational framework for human review of conversation data as a quality and safety control mechanism. It specifies both the scope of data accessible to reviewers and t…
This clause establishes customer responsibility for the legal and procedural requirements of data processing under the Maps Platform. By allocating consent and disclosure obligations to the customer …
The license structure establishes Grindr's rights to use user-generated content across its service operations and product development without time limitations or exclusivity restrictions. The sublice…
The provision creates a framework under which sensitive personal data is collected with user consent and made visible within the service ecosystem. This establishes both the data collection mechanism…
The clause establishes the operational scope of data collection and processing for sensitive personal information. It defines permissible uses of this data across multiple institutional functions inc…
The clause establishes a dual data management structure where both employers and individual members have upload and access capabilities within the platform, creating a shared data repository that sup…
The clause establishes the scope of health data that Gusto processes in its operational capacity as a benefits administrator, defining what categories of sensitive health information the platform han…
The clause establishes the operational framework for Home Depot's use of personal data in advertising partnerships and creates a disclosure requirement under California privacy law. It specifies the …
This incorporation mechanism establishes a two-part data governance structure: the primary Terms of Service apply to the customer relationship generally, while the DPA applies specifically to persona…
The clause allocates data governance responsibilities between HubSpot and its customers by defining HubSpot's role as a service provider rather than an independent controller, which determines applic…
The incorporation by reference establishes a separate contractual framework governing data processing obligations, liability allocation, and compliance responsibilities under European data protection…
The provision allocates data ownership to the customer while establishing the customer's sole responsibility for data accuracy, quality, and legality. This framework clarifies that HubSpot does not c…
The provision clarifies the operational framework for data handling compliance by designating a separate DPA as the governing instrument for regulated data processing and allocating the compliance ob…
The dual controller/processor framework allocates regulatory compliance responsibilities between the parties. HubSpot's role as processor means Customers retain primary accountability for regulatory …
The provision defines the operational scope of Hugging Face's access rights to user-controlled content, establishing which internal functions and purposes permit platform personnel to view or process…
This provision establishes the operational basis for cross-context behavioral advertising practices. It describes the technical infrastructure and data flows that enable Hulu and partner companies to…
The clause creates a structural requirement that Instacart maintain transparency about third-party data sharing practices by consolidating disclosure information in a designated policy section, enabl…
The clause establishes a data use pathway that enables Intuit to leverage user financial information for advertising purposes, requiring coordination with external advertising platforms and data shar…
Personal data processing for sales transactions is operationally necessary for order fulfillment, payment processing, and regulatory compliance. This provision establishes the legal basis and scope f…
The clause establishes a data usage pathway for AI model development that operates across LinkedIn's services and extends to affiliated entities. This authorization applies to all content users creat…
The clause establishes a data use practice for model development and establishes an opt-out mechanism through user-controlled settings rather than requiring affirmative consent prior to training use.
The provision establishes LinkedIn's operational authority to incorporate user content into AI training datasets without separate compensation or per-use licensing arrangements. This licensing struct…
The provision establishes LinkedIn's operational authority to process user-generated content across multiple uses and business functions without ongoing consent requirements. The transferable and sub…
This authorization establishes LinkedIn's operational rights to exploit user content across its service ecosystem and derivative uses. The transferable and sublicensable nature permits LinkedIn to au…
This provision establishes Meta's operational rights to process and utilize user-generated content across its service ecosystem. The broad scope of authorized uses—including modification, derivative …
This clause defines the operational boundaries of Meta's advertising business by permitting targeted ad delivery based on user attributes while restricting certain data sharing practices. The distinc…
This clause establishes a contractual boundary on permissible downstream uses of Meta-sourced data, restricting the development of surveillance capabilities as a derivative application of the platfor…
The clause operationalizes Meta's advertising model by describing the mechanism through which user data informs ad targeting while restricting direct identifier sharing. This structure defines the sc…
This clause defines Meta's primary business model and establishes the operational basis for data collection and processing practices. It clarifies the consideration structure: user access to services…
This provision establishes the operational basis for Meta's advertising business model by creating explicit authorization to process user data for ad targeting and delivery. The clause defines the sc…
This clause defines the operational boundaries of Meta's data-sharing practices with advertising partners, establishing that direct identifiers remain separate from behavioral targeting mechanisms wh…
The license establishes Meta's operational authority to process, store, and repurpose user-generated content across its product ecosystem and to engage service providers in these functions. The trans…
This clause establishes Meta's operational authority to incorporate user identity elements and activity information into advertising display mechanisms. The provision defines the scope of permitted u…
This clause establishes the operational basis for the service delivery model and clarifies the consideration users provide in exchange for access to Meta Products. It specifies that personalized data…
The legitimate interests basis is a lawful processing ground under data protection frameworks that permits data use when organizational interests are balanced against individual rights. By invoking t…
The provision establishes Meta's authority to construct and maintain derived demographic and preference profiles through algorithmic inference rather than direct user declaration. This inferred data …
This provision establishes mandatory compliance obligations for advertisers using the platform to display age-restricted content categories. The targeting requirement creates an operational gate that…
The clause establishes the operational basis for Meta's personalized advertising model, which depends on cross-product data collection and use. This authorization extends to third-party advertising p…
The provision establishes the operational scope of Meta's data aggregation practices across its product ecosystem and external data sources. This cross-product and cross-device combination of informa…
The provision establishes Meta's operational authority to derive inferred data classifications beyond explicitly provided information, expanding the data categories available for advertising targetin…
The clause establishes a unified data framework that treats information collection across disparate services as a consolidated dataset for operational purposes. This integration enables cross-platfor…
This provision establishes the operational scope of Meta's data processing infrastructure by codifying the receipt of third-party data and permitting algorithmic inference generation as authorized da…
The provision establishes a data processing purpose beyond the primary service delivery function, creating an operational category where customer data serves dual purposes: immediate service provisio…
The provision establishes a broad data usage framework that permits Microsoft to apply user data across multiple business functions and product lines. This authorization structure enables the company…
This provision incorporates the Privacy Statement by reference as the operative document defining Microsoft's data collection, processing, and usage practices. It establishes the informational mechan…
The clause establishes Microsoft's operational rights to incorporate user content into product development, service operations, and derivative applications without payment obligations or exclusivity …
The clause establishes the operational scope of Microsoft's rights to process and utilize user-generated content across its service infrastructure. This authorization enables core service functions i…
The provision establishes a broad operational basis for repurposing customer data beyond the primary service delivery function. This expands the permitted use cases for data processed through Azure s…
This license grant operates as a condition of service use and defines the scope of rights Microsoft acquires over user-submitted content. The provision establishes that Microsoft may utilize user con…
The license authorizes Midjourney and its successors to use user-generated inputs and outputs for any purpose without time limitation, geographic restriction, or obligation to pay compensation. The s…
This provision establishes the operational scope of data sharing necessary for service delivery and performance measurement. The authorization extends beyond internal service delivery to include exte…
This provision creates a contractual framework linking AI feature usage to supplemental terms and establishes the operational scope of content processing through AI systems. It clarifies that AI func…
This provision defines the operational scope of data handling for AI features, establishing the basis for processing personal information through machine learning systems. It clarifies institutional …
The provision operationalizes differentiated governance structures between consumer and commercial users. Commercial customers are subject to supplementary contractual instruments beyond the base Ter…
This provision establishes the legal responsibility framework for personal data processing activities. The distinction between controller and processor roles determines which entity bears primary acc…
This clause defines Mixpanel's legal role and compliance obligations in the data processing relationship, establishing that Mixpanel acts under the direction of its direct customers rather than as an…
This designation determines regulatory responsibilities and liability allocation under data protection laws like GDPR and CCPA. It establishes that the customer bears responsibility for lawful data c…
The provision creates a structured allocation of data protection obligations between Neon and its customers. By incorporating the DPA by reference, the clause establishes that data processing terms a…
This provision establishes the operational mechanism by which Netflix integrates third-party interest inferences into its ad targeting system. The clause permits cross-platform data aggregation—combi…
This provision establishes the data collection and processing practices that support Netflix's advertising operations. The clause operationalizes the use of behavioral targeting, which requires colle…
This provision establishes Netflix's operational practice of monetizing user data through advertising partnerships. It defines the scope and categories of information that may be transferred to third…
The clause specifies the categories of advertising-related data Netflix collects and the sources from which it obtains this information, including third-party advertising companies. This establishes …
The provision establishes Netflix's operational framework for targeted advertising by integrating first-party viewing data with third-party demographic and behavioral data from advertising companies.…
This clause establishes the operational scope and recipient categories for Netflix's sale and sharing of personal information under state privacy law definitions. It specifies which data categories a…
This provision establishes the operational scope of Netflix's data sharing practices for advertising and marketing functions. It defines the categories of third-party recipients who receive personal …
This provision establishes the operational scope of Netflix's advertising data collection and targeting practices by authorizing the integration of first-party advertising signals with third-party in…
This provision establishes the operational scope of location data collection and defines authorized uses across both service functionality and advertising operations. The terms distinguish between ma…
This bifurcation clause clarifies Okta's dual operational roles and delineates responsibility for privacy compliance. It establishes that privacy obligations and disclosures differ depending on wheth…
The provision clarifies that the privacy policy's data processing disclosures extend beyond direct platform users to include individuals who appear in user-generated content but may not have independ…
The clause establishes the operational infrastructure for cross-platform behavioral tracking and advertising measurement. It documents the company's use of intermediary service providers to gather us…
The clause establishes the operational scope of data use for model development purposes and creates an opt-out mechanism that allows users to restrict a specific category of data processing while oth…
This clause establishes the operational scope of data usage for model development purposes and creates a mechanism by which users can control participation in training activities. The provision disti…
This authorization allows OpenAI to incorporate user submissions into its model development workflow, which is operationally central to the service's improvement and feature development. The provisio…
The provision defines operational boundaries around heightened data protection obligations for sensitive categories, establishing which processing activities are authorized and under what conditions …
The clause establishes OpenAI's rights to incorporate user content into model development processes while providing users with a mechanism to opt out of this particular data use through settings cont…
The provision establishes a default authorization for content reuse unless the user takes affirmative action to opt out, which affects how user-submitted materials are incorporated into service devel…
The clause establishes OpenAI's operational authority to incorporate user content and feedback into service development and improvement activities. This authorization permits the company to leverage …
The provision establishes distinct data usage policies based on account type, creating different baseline training data practices for API and consumer users. This operational distinction means the sc…
The clause establishes a data processing practice where conversation content is accessed for model training purposes, subject to specified privacy protections. This defines the scope of internal acce…
The provision establishes the operational scope of data utilization within the service delivery model. It defines what uses of submitted content fall within the authorized scope of the agreement and …
This provision establishes a data utilization practice that directly supports the entity's core business function of model training and refinement. The operational significance lies in how user-gener…
This statement establishes the operational purpose of the service and recognizes reproductive health as a category of data that the platform processes. It contextualizes the type of personal informat…
The clause allocates data governance responsibility from Oura to the Data Recipient upon data transfer, establishing separate accountability frameworks. This structure means data protection obligatio…
The clause allocates data control responsibility from Oura to receiving third parties, requiring users to evaluate each Data Recipient's independent privacy practices rather than relying on Oura's da…
Cross-device tracking allows the service provider to maintain continuous behavioral profiles across a user's digital ecosystem, enabling advertisers to reach users with personalized advertisements re…
The provision establishes a data-sharing practice with advertising partners as a default operational practice, while creating an opt-out mechanism available specifically to California residents under…
The clause establishes the operational framework for cross-context behavioral advertising, permitting data consolidation across multiple digital properties to construct user interest profiles that in…
The clause establishes PayPal's operational authority to incorporate user data into AI model development and to apply automated decision systems for security and fraud mitigation functions. This defi…
The provision establishes PayPal's operational authority to construct user profiles through data inference rather than direct collection alone, enabling the development of predictive attributes that …
This provision establishes the operational framework for Peacock's interest-based advertising model, defining the scope of data sharing with external partners and the uses of viewing history data in …
The clause establishes the operational scope of data usage for advertising functions, specifying that sensitive categories of personal information—particularly geolocation data—may be processed for t…
This clause establishes the operational scope of Pinterest's machine learning development activities by authorizing use of user-generated content and behavioral data for model training without time r…
The provision establishes the operational scope of inferential data processing, defining which data sources Pinterest combines to generate predictive attributes about users. This shapes the categorie…
This provision establishes the operational scope of Pinterest's cross-context advertising system, defining what data sources inform ad selection and where resulting advertisements may be distributed.…
This provision clarifies the operational structure of data handling within Plaid's platform, establishing that Plaid processes data pursuant to instructions from client institutions rather than as an…
This carve-out establishes that PlanetScale's obligations regarding enterprise customer data are determined by separate data processing agreements rather than this Privacy Policy. The operational sig…
The clause establishes Poshmark's operational authorization to reuse and repurpose all user-generated content across its service ecosystem and marketing activities without time limitation or addition…
This clause establishes Reddit's operational rights to monetize, archive, and repurpose user content across its services and platforms indefinitely. The perpetual scope means these rights continue ev…
The provision establishes Reddit's operational authority to incorporate user-generated content into AI/ML training datasets and model development processes. This authorization affects the scope of pe…
This provision establishes the operational scope of data-sharing practices that support Redfin's service delivery, analytics, and advertising functions across multiple platforms. The authorization en…
Special category data receives heightened regulatory protections under data protection frameworks like GDPR. This clause establishes the operational basis for Revolut to collect and process these sen…
The clause creates a parental gatekeeping mechanism requiring affirmative approval before child account creation and establishes a data minimization standard that constrains the scope of information …
The clause establishes a behavioral advertising framework for the teen user segment (13-17) that uses in-platform activity data as the basis for ad targeting, while creating a dual control mechanism …
The clause establishes a permitted use category for user-generated content beyond the primary service delivery function, expanding the operational scope of data processing activities the platform may…
The clause creates a binding framework for how personal data is handled during service delivery by making a separate data protection document an enforceable part of the primary service agreement. Thi…
The clause creates a binding procedural framework for personal data handling by designating a separate DPA as the controlling document for data processing activities. This establishes clear contractu…
The provision defines the scope and mechanics of data handling within Segment's platform infrastructure. It establishes the operational framework under which customer data is processed and classified…
The SDK implementation establishes the technical infrastructure through which Shein manages user consent states, storage interception, and third-party advertising tracker deployment. The configuratio…
The clause establishes the operational basis for cross-context behavioral advertising, allowing the company to leverage user contact information and engagement data through third-party advertising pa…
This allocation of controller responsibility determines which party bears primary legal obligations under data protection regimes. The provision clarifies Shopify's role as a processor or service pro…
This provision establishes the operational scope of data sharing practices by specifying the categories of recipients (advertising and analytics partners) and the purposes for which shared data may b…
The clause establishes a data sharing practice for advertising purposes as a standard operational term, while creating a compliance pathway for California residents under applicable state privacy law…
The incorporation of the DPA by reference creates binding obligations for both parties regarding personal data processing, particularly in relation to GDPR and other data protection regulations. This…
The provision establishes the operational scope of data usage across Slack's service infrastructure and product development activities. It creates a conditional authorization for AI/ML training that …
This provision allocates responsibility for personal data governance by designating the customer as the entity responsible for establishing privacy policies and responding to data subject inquiries. …
The provision establishes Snapchat's operational rights over user content across all core business functions, including service delivery, product development, and research activities. This licensing …
This clause establishes the operational basis for Snapchat's inference-based advertising system, specifying that ad personalization relies on derived data rather than explicit user declarations. It d…
This clause establishes Spotify's operational rights to incorporate user-generated content into service delivery and product development without ongoing licensing fees or restrictions on sublicensing…
The provision establishes Spotify's authorization to use submitted user content across its service and derivative applications without ongoing royalty obligations or restrictions on sublicensing. The…
The provision establishes a data-sharing framework across a portfolio of distinct consumer-facing products under common corporate ownership. This operational structure allows consolidated data practi…
The provision establishes Square's operational practice of engaging external vendors for advertising optimization and analytics measurement, which directly affects the scope of entities with access t…
This allocation of roles creates a clear operational division of data responsibilities under applicable data protection frameworks. The provision establishes that Squarespace's data handling obligati…
The license grant enables Stability AI to incorporate, modify, and distribute user-submitted content operationally across its service infrastructure and distribution channels without royalty obligati…
This provision establishes the operational framework for how user interactions with the service become training data for model enhancement. The authorization determines whether user-submitted content…
The provision establishes the data sharing practice as a standard operational feature of the service and creates a mechanism for California residents to exercise statutory opt-out rights through a sp…
The clause establishes a framework for data monetization and operational insight generation across State Farm's business ecosystem. By de-identifying customer data, State Farm creates a data asset th…
The provision operationally defines the lawful grounds for data processing activities, establishing that Valve's collection practices span contractual necessity, regulatory compliance, institutional …
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The author…
The clause establishes the operational basis for Strava's aggregation and sharing of user-generated location data at scale. This authorization applies to all users whose activities contribute to thes…
The clause establishes broad operational rights for Strava to process and repurpose user content across multiple channels and formats. The transferable and sub-licensable nature of the license permit…
This provision establishes that Stripe's data processing responsibilities and regulatory obligations are not uniform across all activities, requiring reference to supplementary documentation to deter…
The incorporation of the DPA establishes a framework that specifies how each party must handle Personal Data processing, including mechanisms for international data transfers. This creates enforceabl…
The provision creates a clear delineation between customer-specific data (which remains customer property) and aggregated usage analytics (which constitute Supabase IP). This classification determine…
The clause establishes the operational framework for T-Mobile's data monetization through its Advertising Solutions program, which derives targeting capabilities from network usage patterns and locat…
This clause operationalizes T-Mobile's marketing data practices by conditioning CPNI use for commercial purposes on affirmative customer consent, while establishing the Privacy Dashboard as the admin…
This clause establishes Target's operational framework for advertising data use across owned and third-party digital channels. It specifies the mechanisms through which collected information flows to…
The provision establishes the operational basis for collecting accessibility-related data including health information, with explicit consent as a procedural requirement. This framework allows the pl…
The provision establishes the operational scope of TikTok's content usage rights beyond displaying content to other users. It authorizes derivative works creation and algorithmic training activities …
The clause establishes the operational scope of content use beyond direct platform distribution, specifically authorizing incorporation of user content into model training and algorithm development w…
The clause establishes a mechanism by which content shared on the Platform automatically grants other users broad usage rights, including derivative work creation, without compensation to the origina…
The provision establishes the legal basis for TikTok's use of user content in AI model development and algorithm improvement, allowing the platform to process content at scale for training purposes w…
The clause establishes a data ingestion mechanism that enables cross-platform behavioral tracking and audience matching. This operational framework allows TikTok to augment its on-platform user profi…
The provision establishes Tinder's operational authority to repurpose user content across its service infrastructure, including storage, display, advertising, and incorporation into derivative works.…
The provision establishes the operational framework through which Uber conducts background screening as a condition of driver and delivery partner onboarding. This data collection mechanism supports …
This provision establishes the operational basis for Unity's targeted advertising infrastructure. It defines the data categories and partner-sharing mechanisms that support the company's ad delivery …
This provision clarifies the data controller relationship in the embedded SDK context, meaning Unity assumes direct legal responsibility for the personal data it collects through these services rathe…
The clause establishes Unity's data collection and aggregation practices across its service ecosystem, enabling the creation of persistent behavioral profiles that support targeted advertising operat…
This provision establishes the operational framework for financial data handling on the platform. It designates third-party payment processors as intermediaries in the transaction chain and specifies…
The clause establishes the operational basis for Venmo's use of user data in advertising and marketing functions, including targeting mechanisms and performance measurement activities.
The incorporation by reference mechanism makes privacy obligations enforceable as part of the contractual agreement, while the DPA requirement establishes a conditional obligation for certain jurisdi…
This allocation of roles under data protection frameworks means Vercel AI operates under the user's instructions and direction regarding personal data handling, and users bear primary responsibility …
This allocation of roles determines regulatory responsibility under data protection frameworks. As controller, the customer bears primary compliance obligations for lawfulness of processing, while Ve…
The provision establishes the operational basis for Verizon's personalized marketing and advertising practices, specifying the data sources (app use, web browsing, service usage) and purposes (prefer…
The provision establishes the operational scope of Verizon's advertising program by defining what categories of user information may be leveraged for ad targeting and across which properties (owned a…
The provision establishes the operational scope of data collection and use for Verizon's advertising personalization programs. It clarifies that network-level usage data constitutes authorized inform…
The clause establishes the operational scope and purpose of the Custom Experience Plus program, specifying which data categories Verizon collects and processes for advertising personalization and bus…
Default enrollment mechanisms shift the administrative burden to customers who wish to decline participation, establishing that the service operates under an opt-out rather than opt-in framework for …
This provision establishes the operational scope of permissible use of CPNI for marketing purposes under telecommunications regulations. The explicit authorization to use CPNI for service marketing, …
This clause establishes the operational scope of permitted uses for CPNI data under federal telecommunications law. It defines three specific categories of authorized use: service delivery, targeted …
The provision establishes the operational framework under which Verizon processes personal and usage data. This determines what customer information the carrier collects as a standard business practi…
The provision establishes Visa's operational authority to develop predictive profiles and segmentation models from payment data without requiring explicit consent for each inferred attribute. This en…
The provision establishes Visa's operational authority to leverage transactional information as an input for advertising and marketing analytics, creating a revenue stream from data derived from paym…
This authorization establishes Visa's operational use of transaction data as a basis for developing client-facing analytical products. The provision defines a core business function whereby aggregate…
This provision establishes the operational framework for Walmart's disclosure of personal information to advertising partners and specifies the procedural pathway through which users may restrict suc…
This provision establishes the operational scope of Walmart's advertising data usage, specifying that user information collected through transactions and site activity feeds into a retail media netwo…
The provision establishes that user-submitted content becomes available for use by the platform and its user base in perpetuity without compensation. This authorization permits Waze to incorporate us…
The clause establishes the operational framework for ad targeting and identifies the data categories and external parties involved in the personalization mechanism. This defines how the service gener…
The clause establishes the operational scope of data utilization for advertising purposes, clarifying that location and behavioral data collected through the service may be processed for targeted ad …
The absence of clear controller/processor designation creates ambiguity regarding legal responsibilities and data governance obligations under data protection frameworks. This affects the allocation …
The data controller/processor distinction determines which party bears primary legal responsibility for data protection compliance, liability exposure, and regulatory obligations under frameworks lik…
This framing functions as a prefatory statement to the privacy framework and establishes the institutional positioning from which Workday's data handling practices derive. It does not itself create s…
This clause delineates Workday's operational role and responsibility boundaries in the data processing relationship. By identifying the business customer as the data controller, the provision clarifi…
The dual-role structure determines Writer's legal obligations and liability framework under data protection regulations. When acting as a processor, Writer's data handling is governed by service agre…
This allocation of roles establishes the legal framework governing data handling obligations. By designating the customer as controller, Writer clarifies that data governance responsibilities—includi…
The clause creates a dual-rights structure where user ownership persists concurrently with X's distribution rights, establishing X's operational authority to make user-generated content available acr…
The provision establishes the operational scope of data utilization beyond primary service delivery, specifically authorizing use of user-provided and collected data for model training and research f…
The provision establishes a data usage practice that ties viewing activity collection to two operational functions: internal service personalization and external advertising targeting. This creates a…
This provision defines the scope of data utilization for marketing operations. It establishes the operational framework under which customer information becomes available for advertising targeting an…
The provision's operational significance lies in establishing user access options (authenticated and unauthenticated) and clarifying that privacy configuration mechanisms exist across the Google serv…
The provision establishes the operational scope of Google's ad targeting infrastructure by defining which data sources can be combined for personalization purposes and which categories are explicitly…
The clause authorizes cross-platform data integration between YouTube Kids and the broader Google account ecosystem. This operational integration means data collected in the YouTube Kids environment …
The provision establishes Zelle's operational framework for implementing behavioral targeting infrastructure, which requires coordination with third-party advertising and analytics partners to deploy…
The dual role structure determines Zendesk's regulatory obligations and accountability framework under data protection law. As a controller, Zendesk bears primary responsibility for lawful processing…
This provision establishes the operational basis for Zillow's behavioral profiling and advertising infrastructure, defining both internal data use and third-party data sharing relationships. It permi…
The intellectual property license structure determines the scope of 23andMe's authorization to process, store, and derive insights from genetic data submitted through the service. This framing establ…
The restriction operates as a condition of service eligibility by excluding specific institutional entity types from accessing 23andMe's platform. This limitation may reflect regulatory requirements …
This clause creates a dual governance structure where enterprise API customers' data handling is subject to custom negotiated terms rather than standard consumer privacy provisions. The operational s…
This provision establishes the operational framework for how Customer Content is handled and creates a consent requirement before AWS may use such content for model training purposes. The clause clar…
Cookie deployment enables Activision to implement personalized content delivery and marketing optimization at scale. This mechanism supports the operational infrastructure for targeted advertising an…
The clause establishes a boundary on permissible AI training applications while creating a distinct authorization pathway for Adobe's own AI development activities using licensed Stock content. This …
This clause establishes the legal framework under which Adobe processes content data without explicit user consent, relying instead on a balancing test between Adobe's business interests and user pri…
The provision clarifies the data processing framework between the parties and establishes the user's obligation to ensure lawful data sharing. This allocation of responsibility is operationally signi…
The dual role designation establishes distinct legal responsibilities under data protection frameworks. When Adyen acts as controller, it bears primary accountability for processing decisions; when a…
The clause establishes the operational framework for data flows required under the payment processing model. Card scheme participation requires data sharing with multiple entities in the payment netw…
The clause establishes Amazon's operational rights to repurpose user content across its services and platforms without additional compensation or time limitation. The sublicensable component permits …
The provision establishes Amazon's operational rights to exploit user-generated content across all platforms and media without compensation or time limitation. The sublicensable nature permits Amazon…
This provision establishes the operational framework for behavioral advertising across Amazon's properties and partner networks. It clarifies the distinction between Amazon's direct use of user data …
This provision establishes the operational framework for data integration across American Airlines' customer touchpoints, enabling the airline to maintain a consolidated customer profile that spans d…
This clause establishes a separate data use pathway independent of customer-specific data restrictions, permitting the service provider to extract and utilize insights from customer activity for oper…
This dual-role structure defines Amplitude's legal responsibilities and obligations under data protection frameworks. As a controller, Amplitude determines purposes and means of personal data process…
This provision delineates Amplitude's legal responsibilities under data protection frameworks by specifying when Amplitude bears primary accountability for data handling decisions versus when it oper…
This scope limitation clarifies the division of regulatory responsibility between Anthropic and its commercial customers. It establishes that Anthropic's privacy commitments apply only when Anthropic…
The clause establishes the operational framework through which Anthropic enforces its Usage Policy, including the detection mechanisms it deploys and the enforcement actions available to it. It creat…
This scope limitation clarifies Anthropic's regulatory role and liability framework in commercial deployments. When Anthropic processes data on behalf of a customer, responsibility for compliance wit…
This provision clarifies the scope of Anthropic's stated privacy obligations by distinguishing between direct-consumer relationships (where Anthropic acts as controller) and B2B relationships (where …
This clause delineates the scope of Anthropic's Privacy Policy by carving out a category of service relationships where Anthropic's obligations are defined by separate data processing agreements with…
The provision operationalizes transparency obligations in B2B relationships by designating specific parties who receive formal notice of data processing terms and policy changes, ensuring accountabil…
The provision establishes the operational framework for data sharing with advertising partners and acknowledges the legal classification of this practice under state privacy regimes. It creates a dis…
The provision defines the operational scope and technical limitations of Apple's advertising system, specifying that ad delivery relies on first-party data from Apple services only rather than data a…
The provision establishes the operational scope of data collection and processing tied to voice assistant functionality, including the conditions under which human review of audio data may occur. It …
This provision establishes the operational framework for health data collection under the agreement by conditioning collection on affirmative consent, designating health information as a protected ca…
This distinction allocates legal responsibilities under data protection regulations like GDPR and CCPA. As a processor, Asana's handling of workspace data is governed by customer instructions and dat…
This distinction allocates data governance responsibilities between Atlassian and its customers according to data protection regulatory frameworks. The provision clarifies that Atlassian's obligation…
The incorporation by reference mechanism establishes the DPA as the operative framework governing Auth0's data processing obligations and practices, rather than relying solely on data handling terms …
This dual-role distinction determines which privacy framework applies to personal data depending on Okta's functional relationship with the organization using the service. When Okta acts as a process…
The provision establishes the scope of BeReal's operational rights over publicly shared user content, permitting the platform to repurpose and distribute such content without additional compensation …
This provision establishes Calendly's operational authority to extract insights from service usage patterns and share resulting aggregate metrics with third parties or the public, independent of indi…
The clause establishes a data-sharing mechanism that enables cross-platform advertising coordination. By converting personal contact information into non-human-readable identifiers, the practice perm…
The license grant establishes Calm's operational rights to incorporate user content into service delivery, marketing materials, and derivative products without additional compensation or per-use auth…
The provision establishes that Calm engages in data inference practices beyond directly provided information, enabling the company to supplement its user profile data with derived demographic attribu…
The clause establishes Canva's authority to process user-derived data in aggregated or de-identified form across a broad range of organizational purposes without requiring prior notice, consent, or l…
The provision establishes the legal framework governing data ownership and usage rights, which determines how Cash App may process information generated by user transactions and account activity. Thi…
This provision establishes the operational framework for third-party data sharing and cross-platform advertising infrastructure. It defines the scope of personal information transfer and the technolo…
This dual status clarification establishes Checkout.com's distinct data handling responsibilities under data protection law: as a controller, it determines processing purposes and means for merchant …
The incorporation by reference makes the Privacy Policy a binding component of the agreement, establishing the operational framework for how Cloudflare processes user data. The acknowledgment of tran…
This provision allocates data protection responsibilities by designating the customer as the party responsible for lawful basis, compliance obligations, and end-user disclosures, while Cohere assumes…
The provision establishes the operational basis for Coinbase's direct marketing practices and cross-platform advertising activities, structured within stated regulatory compliance obligations. This d…
This clause delineates the legal relationship and contractual framework for personal data handling, establishing that processor obligations flow through customer agreements rather than through Databr…
This clause establishes the operational framework for secondary use of user data beyond the primary service delivery function. By authorizing de-identified data use, the provision creates a distinct …
This distinction allocates data processing responsibility between Datadog and its customers under data protection frameworks. It clarifies that Datadog's data handling practices are governed by custo…
The clause establishes the data collection framework that enables Disney+ to maintain customer records and transaction history, which forms the operational basis for account management and service de…
The controller/processor distinction determines DocuSign's legal obligations and liabilities under data protection regulations. As a controller, DocuSign assumes primary responsibility for lawfulness…
The dual role designation establishes different data governance responsibilities depending on the product used. When DocuSign acts as controller rather than solely as processor, it assumes independen…
This clause establishes DocuSign's operational rights to incorporate user-generated content into service operations, product improvements, and distribution channels without separate compensation or e…
The clause establishes that data meeting the de-identification standard—defined as data not reasonably capable of being associated with or linked to an identifiable individual—falls outside the scope…
The clause establishes that data rendered non-identifiable through aggregation or anonymization falls outside the scope of personal data restrictions, enabling the entity to repurpose derived dataset…
This clause establishes the operational foundation for Dropbox's service delivery by granting the technical permissions required to perform hosting, data processing, and feature generation. Without t…
The provision establishes the operational foundation for D&B's data processing activities by defining the breadth of data categories subject to processing and identifying the technological systems em…
The incorporation of the DPA by reference creates a dual-layer governance structure where data processing obligations are separated from general service terms, ensuring that personal data handling co…
The clause establishes that competitive mode participation includes recording and public replay of individual player inputs and performance data as part of the standard competitive experience infrast…
The dual role designation clarifies liability allocation and regulatory obligations between Egnyte and its customers under data protection frameworks like GDPR. As a processor, Egnyte's data handling…
This provision establishes the operational framework for data collection and third-party vendor integration, enabling analytics and advertising delivery across the service. The authorization permits …
This provision establishes the operational scope for data inference activities. It permits the company to develop and expand algorithmic capabilities that generate new data attributes beyond informat…
This broad license grant establishes Eventbrite's operational rights to incorporate user content into service delivery, marketing operations, and third-party distribution partnerships without requiri…
This clause establishes the operational scope of FanDuel's marketing communication practices and identifies the channels and content categories the company is authorized to deploy. It specifies that …
The provision clarifies operational data responsibilities by allocating controller authority to Fastly's customers and positioning Fastly as a processor acting under their instructions. This structur…
This clause creates a hierarchical governance structure in which enterprise data processing agreements take precedence over the standard Privacy Policy, enabling customized data handling arrangements…
This clause creates a bifurcated governance structure where data practices depend on the authentication method used. It clarifies that Google's data handling obligations apply in parallel to Fitbit's…
This clause establishes Fitbit's operational rights to process and repurpose user-generated content across multiple formats and distribution channels without requiring additional compensation or per-…
The clause establishes a broad authorization for data use once personal information undergoes de-identification or aggregation, effectively exempting such processed data from standard privacy constra…
The clause defines the scope of intellectual property rights the platform retains over user submissions, establishing Fiverr's authorization to exploit platform content across operational and commerc…
The clause establishes the operational use of tracking and advertising technologies across the service and creates a framework for user control over non-essential technologies. This disclosure addres…
This clause establishes a carve-out from privacy protections for data in de-identified or aggregated form, permitting internal research operations and product development to proceed without the notic…
The clause establishes a data collection and sharing framework that enables behavioral tracking through third-party analytics providers. This operational arrangement allows service providers acting o…
The designation of a data controller and appointed representatives establishes the legal entity responsible for GDPR compliance and creates a formal point of contact for data subject requests and reg…
The clause establishes the operational framework for Glean's use of sub-processors and creates a notification mechanism for enterprise customers when sub-processor arrangements change materially, ali…
This provision allocates data control responsibilities between Glean and its enterprise customers, clarifying that data governance and privacy obligations flow through the enterprise customer rather …
The provision operationalizes Glean's responsibility for sub-processor oversight by requiring contractual commitments around data limitation and security with downstream processors. The disclosure me…
The provision establishes the scope of Google's operational rights to content users provide to the service, enabling Google to process, store, and deliver that content across its systems and partners…
This provision creates a bifurcated regulatory framework where enterprise customers operate under distinct data processing terms negotiated between the customer and Grammarly, rather than under the s…
This provision creates a categorical exemption from privacy policy restrictions for de-identified data, establishing operational flexibility for Groq to derive and monetize aggregated insights from u…
The clause establishes that de-identified data falls outside the scope of the privacy policy's restrictions, creating a separate category of information that the company may use and share without lim…
The provision establishes the factual and technical basis for Groq's data collection infrastructure, specifying the categories and types of information captured during service use. This collection su…
This allocation of roles establishes the contractual and legal framework for data handling responsibilities. It clarifies that employers, not Gusto, bear primary responsibility for determining how em…
This provision establishes a categorical exclusion from privacy notice protections for data in aggregated or de-identified form, enabling the entity to conduct analytics and product development activ…
This provision defines the operational responsibility structure for personal data handling, allocating data controller authority to the employer-customer while positioning Gusto as a processor bound …
The clause establishes Headspace's operational rights to repurpose user-generated content across all media formats and commercial channels without ongoing consent, compensation, or attribution obliga…
This clause establishes the operational basis for Hinge's behavioral advertising practices and allows the company to generate performance metrics from advertising campaigns. The dual legal grounds (c…
The clause establishes a legal basis for data processing activities that support the company's advertising operations and service promotion. By invoking legitimate interest as an alternate ground to …
The operational significance is that Hinge obtains comprehensive rights to user content without temporal limitation or geographic restriction. The transferability and sub-licensability provisions mea…
The clause establishes the operational scope of data use beyond service delivery, permitting HubSpot to process user information for internal product development and analytics functions. This authori…
The dual-role structure defines HubSpot's legal responsibilities and regulatory obligations under data protection frameworks. When operating as a controller, HubSpot bears primary responsibility for …
The clause establishes the scope of intellectual property rights Hugging Face acquires over user content, specifying that the company may modify, republish, and distribute such content without paymen…
The legitimate interests basis expands the permissible scope of data processing beyond consent-dependent activities, enabling the entity to conduct processing necessary for service operation, fraud p…
The clause operationalizes the definition of 'ad-free' service by carving out specific exceptions where advertisements and promotional content may appear despite the no-ads tier designation. This est…
The clause operationalizes Instacart's authorization to monetize personal data through sale or sharing arrangements with advertising partners, while establishing a procedural framework through which …
The clause creates a structured disclosure framework where the company identifies specific categories of third parties and the informational basis for sharing personal data, establishing transparency…
The provision establishes a broad operational basis for data processing activities beyond service delivery, enabling product development and research functions. The carve-out for de-identified data r…
Payment data processing through a designated third-party processor is a standard operational requirement for platforms accepting user payments. This provision clarifies the procedural framework for h…
This authorization establishes the operational framework through which Kick monetizes user engagement data by connecting it with advertising technology infrastructure. The provision defines the scope…
This provision establishes the operational framework for behavioral advertising practices, specifying the data collection mechanisms (cookies and tracking technologies), the parties involved (Klarna …
Legitimate interest as a legal basis permits data processing without requiring explicit user consent, provided the organization's interests do not override privacy protections. This basis enables Led…
The data controller designation has operational significance because it determines which LinkedIn entity has legal responsibility for data processing compliance, including obligations under applicabl…
The designation of different data controllers based on geographic location determines which entity bears legal responsibility for personal data processing and compliance with applicable data protecti…
This clause establishes the operational scope and data inputs for LinkedIn's advertising targeting infrastructure. It specifies that the company aggregates data from multiple sources—both first-party…
This clause establishes the operational basis for LinkedIn to process user data through machine learning systems and algorithmic inference. It defines the scope of permitted data uses beyond the prim…
The clause establishes the operational framework for LinkedIn's advertising infrastructure by explicitly authorizing data aggregation across multiple collection mechanisms and sources, and by establi…
The dual role designation allocates data protection obligations between Loom's operational functions. This structure clarifies which legal standards—controller or processor requirements—apply to spec…
The provision establishes an operational pathway for the entity to derive commercial value from user data through de-identification and aggregation processes, enabling downstream use and third-party …
This carve-out establishes a distinct regulatory framework for enterprise processor relationships, where contractual data processing agreements supersede the standard Privacy Policy terms. The provis…
The provision establishes the framework through which Max discloses its data processing practices and structures regulatory compliance through both a primary policy and state/country-specific supplem…
The provision creates a categorical compliance framework that separates political and issue-based advertising from standard commercial advertising, establishing distinct authorization and disclosure …
This distinction allocates data governance responsibility between Microsoft and its customers. In enterprise contexts, customers retain primary control over data policies and compliance obligations, …
The clause establishes the operational basis for Microsoft's interest-based advertising system, specifying the data categories used for ad targeting and the mechanism through which users can modify t…
This clause establishes the operational framework for Microsoft's advertising delivery system and defines the categories of data that may and may not be used for targeting purposes. The distinction b…
The provision establishes the operational basis for Microsoft's use of user data in targeted advertising operations. This authorization enables the company to process personal data for marketing purp…
This allocation of roles clarifies the legal responsibilities and authorities between Microsoft and the licensing organization. It specifies that data governance decisions flow from the organization …
The clause establishes the institutional framework for data sharing across Midjourney's vendor ecosystem, defining the categories of recipients and the permissible purposes for disclosure. This opera…
This provision establishes the operational framework under which usage data flows from the platform to external entities. It defines the scope of permissible data practices that support the business …
The provision establishes the operational scope of data collection and processing across multiple business functions—product improvement, personalization, and advertising—within Microsoft's integrate…
This provision defines the operational structure through which personal data flows within Miro's service infrastructure. By establishing a subprocessor framework, the terms clarify the company's data…
This clause creates a structured notification and consultation mechanism that allocates decision-making authority between the parties regarding third-party data processors. It establishes procedural …
This clause establishes Mistral AI's lawful basis and scope for processing user data through automated systems to detect and address policy violations. The provision clarifies that such processing oc…
This clause establishes the operational scope of Mixpanel's data usage rights beyond the direct service delivery function. It creates a distinct category of customer data—aggregated and de-identified…
This clause establishes Mixpanel's operational right to extract value from event data through aggregation and de-identification processes, creating a secondary use stream beyond the primary customer …
This clause establishes Mixpanel's operational rights to derive insights from aggregated customer datasets for internal analytics and service improvement. The aggregation and de-identification mechan…
Data processor designation establishes the legal framework for how Mixpanel handles personal data, clarifying liability allocation and compliance obligations under data protection regulations. This d…
The dual-role structure establishes different legal responsibilities and compliance obligations depending on the data category. As a processor, Mixpanel operates under customer instructions and data …
This clause establishes the operational scope of data sharing within Mixpanel's service delivery model. It defines the categories of third parties who receive access to personal information and speci…
The clause establishes the operational framework for data handling in AI features, specifying that personal data processing is governed by existing privacy policies rather than creating separate data…
This dual-role structure allocates data protection responsibilities between Monday.com and its customers under applicable data protection regulations. The designation clarifies that customer-uploaded…
This provision allocates data protection responsibilities between Monday.com and its customers under GDPR and similar regulatory frameworks. The distinction determines which entity bears primary obli…
This provision establishes the operational basis for behavioral data collection and use. It defines the categories of user activity data the service captures and specifies three authorized uses: serv…
This clause establishes the operational framework for Nintendo's targeted advertising practices, specifying the technical mechanisms (cookies, pixel tags) and data collection scope (cross-platform ac…
This clause establishes Noom's operational rights to incorporate user-generated content into service delivery, product development, and distribution channels without requiring per-use compensation or…
This distinction allocates responsibility for data handling between Okta and its organizational customers under data protection frameworks. By designating customers as controllers, the provision clar…
This clause establishes a hierarchy of governing documents for data processing obligations, ensuring that data protection requirements are specified in the Data Processing Addendum rather than the ge…
This clause establishes the operational mechanism by which OnlyFans transfers payment data to external processors necessary for transaction settlement. Third-party payment processing is a standard re…
This clause establishes the operational framework for third-party data processor engagement under the Data Processing Addendum. It creates a structured notification and objection process that provide…
This clause establishes the procedural framework governing third-party processor engagement under data protection regulations. It conditions sub-processor use on advance notification and creates a st…
This clause establishes OpenAI's operational rights to process and utilize user-submitted content across service functions. The broad scope of authorized uses—including modification and derivative wo…
This provision operationalizes the data controller-processor relationship required under data protection regulations. It establishes the legal framework under which OpenAI processes personal data and…
This clause operationalizes the data processor role by tying OpenAI's processing authority to explicit customer instructions and carving out a legal compliance exception. It establishes a contractual…
This provision establishes a data processing pathway that removes personal data from privacy restrictions once de-identification occurs. The authorization to share de-identified data with third parti…
Subprocessor disclosure establishes transparency regarding the chain of entities that access or process data submitted to the service. This disclosure requirement creates operational accountability f…
The clause establishes the procedural framework for location data collection and processing, specifying the consent requirement upfront and the technical sources from which location data may be deriv…
This provision establishes the operational framework for Oura's advertising infrastructure, defining how personal data flows to support audience segmentation and marketing delivery across the company…
This clause defines the scope and purpose of recruitment data collection, establishing the lawful basis for processing applicant personal data during the hiring process. It delineates what categories…
The clause establishes the operational basis for the service's personalization infrastructure, including the collection of behavioral data and its processing through automated systems to generate ind…
The license grant establishes Patreon's operational rights to exploit user-generated content across multiple distribution channels and formats without ongoing compensation or the need to seek individ…
The clause establishes that data processing involving Facebook Ireland operates under a joint controllership model, meaning both Peacock and Facebook Ireland bear responsibility for GDPR compliance r…
The joint controller arrangement allocates data protection responsibilities between Peacock and Facebook Ireland under GDPR Article 26, requiring both entities to document their respective compliance…
The clause establishes that data in aggregated or de-identified form is not subject to the privacy policy's standard restrictions, protections, and disclosure requirements. This creates a separate ca…
This provision establishes the scope of Peloton's operational rights over user-generated content submitted through the platform. By defining the license as non-exclusive and including sublicensing ri…
The controller-processor designation determines compliance obligations under data protection frameworks like GDPR and CCPA. It clarifies which party bears primary responsibility for lawful processing…
The subprocessor provision establishes operational transparency and control procedures around data handling chain management. It creates notification requirements and, depending on the specific terms…
This clause establishes Perplexity's operational authority to leverage usage patterns and interaction data in non-identifiable form as a component of its model development and service improvement pro…
The clause establishes the operational mechanism through which Pinterest generates behavioral inferences at scale, enabling the service to construct granular audience segments for content ranking and…
This clause establishes the operational basis for Pinterest's data processing practices, including the creation of inferred interest profiles derived from both on-platform and off-platform user activ…
The provision establishes the operational basis for Pinterest's advertising model by clarifying that personal information is not sold to advertisers directly, but that usage data, ad performance metr…
This broad license authorization establishes Pinterest's operational right to incorporate user-generated content into service functionality, product development, and partner distribution without addi…
This clause establishes a carve-out from restrictions on data use by defining a category of processed data that falls outside individual identification constraints. The operational significance is th…
This carve-out creates a distinct regulatory framework for enterprise customer data, separating it from the general privacy terms that apply to other users. It clarifies that PlanetScale's obligation…
This provision establishes the operational mechanisms through which the service collects behavioral data for ad targeting purposes and defines the scope of data sharing with third-party advertising p…
The clause establishes Public.com's authorization to use user content across multiple formats and channels without compensation, including for advertising and marketing activities. This operational s…
This provision establishes the operational scope of permissible data sharing beyond individually identifiable information. By authorizing use of aggregated and de-identified data, the terms create a …
The license grants Redfin broad authority over user content without restriction to specific geographic markets or internal use only, and permits sublicensing to third parties. The royalty-free struct…
This provision establishes the procedural framework for minor account creation and parental authorization requirements. It defines the operational conditions under which Revolut processes personal da…
The multi-entity structure clarifies which legal entities are data controllers under this privacy framework and establishes that the single policy governs data practices across distinct service lines…
This provision establishes the operational basis for behavioral data monetization through advertising partnerships. It defines the scope of data collection and sharing activities that support the com…
The clause establishes the scope of data collection practices integral to service operation and product analytics. The granular categories enumerated—from user interaction patterns to device specific…
The clause establishes the operational scope of data sharing practices and identifies the categories of third parties with whom user data may be disclosed. The opt-out right creates a procedural mech…
This provision clarifies the scope of content usage rights retained by Roblox beyond the direct operation of the platform. It establishes the operational framework for how creator content may be repu…
The clause operationalizes COPPA compliance by implementing tiered privacy settings triggered by user age, ensuring regulatory alignment while establishing conditions for service feature expansion as…
The provision establishes the institutional framework for Runway's data processing authority under EEA and UK law by declaring controller status and transparency obligations. It identifies the specif…
This carve-out establishes that the Privacy Statement's protections and disclosures apply only to Salesforce's own processing activities as a data controller, not to processing Salesforce performs un…
The provision defines the operational framework governing data collection and use, establishing transparency requirements and compliance obligations under data protection regulations. It clarifies Sa…
The distinction between data controller and processor roles determines legal responsibility for data handling obligations under data protection regulations. This allocation clarifies that merchants r…
This clause establishes the operational framework for data handling across Shopify's vendor network. It defines the scope of permissible information sharing and assigns contractual obligations to ser…
This broad intellectual property license enables Shopify to operationalize user-generated content across its platform infrastructure, including reproduction and derivative work creation, without sepa…
The incorporation of the DPA establishes the contractual framework governing how Shopify handles personal data subject to GDPR regulations. This creates binding obligations regarding data processing …
The clause establishes Shopify's operational authority to repurpose and redistribute user-generated content through its partner network without requiring additional compensation or per-instance conse…
The dual role designation determines Shopify's legal responsibilities and the scope of its independent decision-making authority regarding personal data. When operating as a controller, Shopify maint…
The clause establishes the operational mechanism and authorization for contact discovery functionality, clarifying that contact information undergoes cryptographic hashing before transmission and tha…
This provision establishes the operational scope of automated content management on the platform. It specifies that algorithmic systems operate on user-derived training data, which means user informa…
The processor/controller distinction defines legal obligations and accountability structures under data protection frameworks. As a processor of Customer Data, Slack operates under customer instructi…
The license grant defines the scope of Slack's operational authority over data processed within the platform and establishes the legal basis for data retention, system operations, and service deliver…
The clause establishes the operational framework for data sharing and identifies the categories of recipients (hosting providers, analytics companies, marketing platforms, business partners) who acce…
The provision establishes the operational framework under which AI-driven service functionality operates, including the scope of data processing activities and the security standards applied. This de…
This allocation of controller and processor roles establishes the legal responsibility framework under data protection regulations. It clarifies that primary responsibility for data processing purpos…
The clause establishes the operational basis for Snapchat's inference and profiling capabilities, permitting the derivation of predictive user attributes from both first-party behavioral data and thi…
The provision establishes the operational basis for behavioral profiling and audience segmentation, enabling the service to generate derivative attributes beyond directly collected data. This inferen…
This clause establishes the operational basis for Spotify's targeted advertising model by authorizing cross-context data use and third-party data integration. The provision specifies that tailored ad…
The operational significance is that Spotify uses actual user behavior data as the basis for constructing demographic and preference profiles. These inferred attributes enable the service to personal…
The clause establishes the operational basis for Square's use of transactional and behavioral data for marketing purposes, while specifying that users retain the ability to restrict this use through …
The provision establishes Square's operational rights to process and utilize user content across service functions and corporate activities without additional licensing negotiations or royalty obliga…
This provision establishes distinct legal responsibilities and accountability structures. As a processor for third-party websites, Squarespace's obligations flow to website owners rather than end use…
This provision establishes the operational basis for behavioral tracking and data collection across Starbucks digital properties. The authorization enables Starbucks to generate analytics on user eng…
This provision establishes the operational framework for data disclosure to external advertising partners and clarifies that such disclosures fall within California's statutory definitions of 'sale' …
This clause creates a carve-out from privacy protections for data that has been processed to remove individual identifiers. The operational significance is that Stash retains broad authority to deriv…
This carve-out creates a separate category of data subject to different regulatory treatment than personal data covered by the Privacy Policy. By defining anonymization as removal or modification of …
The clause defines Valve's operational role as an intermediary in payment processing, specifying what payment data flows through Valve's systems and the limited purposes for which Valve receives and …
The clause establishes Strava's retained ownership interest in aggregated and de-identified datasets generated through the platform, enabling the company to monetize or repurpose activity patterns in…
The clause establishes the operational basis for Strava's targeted advertising model and permits data sharing with third-party advertising partners. The provision creates an opt-out mechanism allowin…
The dual-role framework establishes Stripe's legal responsibilities under data protection regulations. As a data controller, Stripe determines processing purposes and means; as a processor, Stripe pr…
This authorization establishes Stripe's ability to leverage aggregated or de-identified customer data to improve service offerings and conduct marketing activities, which constitutes a standard opera…
The dual role designation determines Stripe's obligations and responsibilities under data protection regulations. As a controller, Stripe determines processing purposes and means; as a processor, Str…
This clause establishes the contractual foundation for Stripe's data processing activities and defines the permissible uses of user data within the service relationship. It clarifies that data proces…
The provision establishes the operational framework for data collection through tracking technologies and specifies that this activity involves both Suno and external service providers. It defines th…
The clause establishes the operational basis for profile generation while specifying user control mechanisms. This defines both the data processing activity and the procedural rights users retain ove…
This carve-out clarifies the contractual relationship and regulatory responsibility structure for data flowing through the platform. By designating itself as a processor, Supabase allocates primary d…
This provision clarifies the operational data governance structure by specifying that Supabase functions as a data processor for Customer Data rather than as a data controller. This allocation of res…
The incorporation by reference mechanism establishes that data processing obligations are governed by a distinct DPA document rather than solely by the primary Terms of Service. This structure allows…
This provision establishes the legal framework for how Synthesia's data processing obligations are defined. The distinction determines whether Synthesia's primary obligations flow from this Privacy P…
This provision operationalizes data sharing with external service providers as a standard business practice. The authorization permits cross-site activity tracking, which expands the information ecos…
The provision establishes a perpetual, broad license grant that permits Target to exploit user-generated content across multiple use cases and derivative forms without temporal limitation or separate…
This provision establishes the operational basis for the Target Circle program's personalization functionality and creates a direct linkage between data collection and incentive delivery. It also est…
This clause establishes the operational basis for algorithmic personalization and targeted advertising as core service functions. It specifies that information collection and use for personalization …
The clause establishes the operational framework for cross-product data utilization, enabling integrated advertising and content personalization across the Meta corporate family while specifying the …
This provision establishes the operational basis for Threads' ad-supported business model. It clarifies the distinction between using data to target ads and the separate practice of selling personal …
The clause establishes a data collection and sharing framework with third-party suppliers for purposes of service personalization. It clarifies that geodemographic profiling occurs through partner re…
This clause establishes the operational scope and channels through which the entity may conduct marketing communications. The provision includes a mechanism for users to adjust their communication pr…
This clause establishes the operational framework for the Platform's personalization system and establishes that ad targeting is a core service mechanism. It specifies the data categories TikTok uses…
This provision establishes the operational framework for personalization and ad targeting across the Platform. It defines the data inputs (user engagement, interests, device settings) that inform con…
The provision creates a framework for content regulation by establishing that TikTok enforces stated advertising standards through defined procedures applied consistently across platform sections. Th…
The clause establishes the scope of message data that TikTok processes operationally, including both message content and metadata. This collection applies across multiple messaging contexts within th…
The provision establishes the operational framework for account access and platform integration, defining how advertisers authenticate and obtain authorization to use TikTok's advertising infrastruct…
The clause establishes the operational scope of TikTok's rights to repurpose user content for promotional purposes beyond the user's original intended use, extending to third-party visibility and pla…
The clause establishes the institutional basis for data processing across multiple business functions—product development, analytics, and marketing communications—all derived from personal informatio…
The clause establishes the operational scope of Twilio's data processing authority and clarifies the division of responsibility between the service provider and customer regarding data quality. This …
This provision establishes the operational scope of data processing for AI features, clarifying that identifying information flows through the AI system in both directions—from user input through to …
This provision establishes Vercel's data protection obligations and defines the permissible scope of internal data access. The safeguards framework and access restrictions create operational boundari…
The clause describes the scope of transactional information available to Visa as a payment network operator, which forms the data foundation for Visa's operational, risk management, and reporting fun…
The provision establishes the operational basis for Visa's use of personal data for marketing and personalization purposes. The opt-out mechanism creates a procedural pathway for users to limit these…
This clause establishes a broad authorization for data use once information is processed into de-identified or aggregated form, removing practical constraints on secondary uses of such data. The prov…
The provision establishes the operational scope for data use by permitting the company to process and apply user-derived data in de-identified form across a broad range of internal, product developme…
This clause establishes a carve-out from the privacy policy's standard data governance framework, permitting unrestricted use and distribution of data once processed into aggregated or de-identified …
The clause establishes the operational basis for behavioral tracking infrastructure, enabling the service to maintain persistent user sessions and generate data used for both service optimization and…
The clause establishes the operational framework for data sharing with advertising partners and allocates responsibility for third-party tracking practices. This authorization applies across the user…
The license grant establishes WhatsApp's operational rights to process, store, and utilize user-generated content across its service infrastructure. The sublicensable and transferable elements permit…
The disclosure identifies specific third-party entities with access to user code during model training and inference operations, establishing the data flow architecture for Windsurf's computational i…
The provision establishes an operational framework where model selection occurs at the system level rather than per-request, enabling Windsurf to allocate processing tasks to OpenAI infrastructure ba…
The provision specifies the operational lifecycle of voice data within the service: audio is treated as ephemeral processing material while the derived text outputs become persistent service records.…
The statement articulates Workday's privacy stance as a baseline commitment to transparency but does not establish specific procedural mechanisms, data handling protocols, or enforceable obligations.…
The clause operationally clarifies the scope boundaries of this privacy policy and establishes that different X-controlled services may implement different data handling practices. This creates a mul…
This clause defines the operational model for the free tier: advertising serves as the monetization mechanism that enables X to provide services without direct user payment. The authorization extends…
The clause establishes Microsoft's operational authority to process and repurpose user content across its service infrastructure and product development activities without additional compensation or …
The broad license structure enables Yelp to deploy user content across multiple platforms and purposes without ongoing compensation or exclusive content restrictions. The sublicensable and transferab…
The clause establishes a cross-service data integration framework that enables Google to build comprehensive user profiles across its service portfolio and connected devices, which directly supports …
The clause establishes the operational basis for interest-based ad targeting across Google's services, enabling the matching of user behavioral signals to advertising inventory.
This restriction establishes a specific advertising framework for the YouTube Kids service that excludes behavioral targeting and audience retargeting mechanisms commonly used in digital advertising …
This distinction allocates data governance responsibilities between Zendesk and its direct customers. By designating itself as a processor, Zendesk clarifies that it processes personal data pursuant …
This clause establishes the operational framework for Zendesk's use of sub-processors and defines the scope of their data access and permitted uses. It creates a contractual obligation requiring sub-…
This clause establishes a broad authorization for unrestricted use of data once it has been de-identified or aggregated, creating a category of data exempt from the privacy policy's standard limitati…
The clause delineates ZipRecruiter's operational role in data processing arrangements where clients retain primary control over personal data. This allocation affects the routing of data subject righ…
This provision clarifies ZipRecruiter's operational role and liability structure in B2B data processing relationships. By designating the contracting client as the data controller and ZipRecruiter as…
This provision establishes the User Privacy Notice as the operative document governing data processing disclosures and user rights, rather than incorporating such information directly into the primar…
The broad scope of this license grant enables eBay to incorporate user-generated content into service operations, promotional activities, and platform expansion without obtaining separate permissions…
The clause establishes Anthropic's data practice regarding targeted advertising and provides users with an opt-out mechanism, which defines the scope of data usage for marketing purposes under the ag…
This provision establishes the operational scope of Apple's advertising data practices by defining which data categories are available for ad personalization and which are restricted. The provision a…
The clause establishes the legal basis for Betterment's collection and processing of personal financial information across multiple institutional functions, from core service delivery to secondary us…
The clause establishes Calendly's operational right to process and utilize de-identified usage data independently of other data use restrictions in the agreement, enabling product analytics and servi…
The clause operationalizes content ownership and usage rights by preserving user IP ownership while authorizing the platform to utilize user-generated content across multiple operational and commerci…
This clause establishes Cursor's operational data practice boundaries under state privacy law frameworks, limiting the categories of data monetization and behavioral profiling activities the service …
This clause defines the scope of Cursor's data processing practices by explicitly excluding certain commercial uses of personal data that are regulated under state privacy statutes, thereby establish…
This provision establishes the operational framework for DeepL's use of subprocessors, requiring contractual data protection obligations as a condition of third-party data access. The clause clarifie…
The provision operationalizes a conditional data practice framework: tracking and advertising data flows remain subject to user signaling mechanisms and consent requirements. This establishes the pro…
The clause establishes broad authorization for Lyft to exploit user-generated content across multiple applications and derivative uses without time limitation or ongoing royalty obligations. The perp…
This clause establishes the operational scope of data OpenAI may process independently of personal data restrictions. De-identification converts user information into a category the terms authorize f…
The clause establishes that OpenAI retains broad rights to utilize and distribute user data once it meets the de-identification or aggregation thresholds specified, creating a distinct category of da…
This clause establishes the operational basis for Salesforce's marketing communication activities and specifies the categories of personal data and communication channels through which such marketing…
This clause establishes the scope of permissible personal data processing activities under the agreement. It defines the operational categories within which Salesforce may process user information an…
The clause establishes a specific operational use of location data within the subscription administration system. This defines how geographic information factors into the pricing mechanism rather tha…
The clause establishes the operational basis for profile generation from activity data while designating user-accessible controls as the mechanism for managing profile settings. This authorization de…
This provision establishes Telegram's operational approach to advertising and data use, distinguishing its ad model from platforms that perform behavioral targeting. It defines the scope of permissib…
The clause establishes a carve-out from standard data governance requirements, permitting unrestricted deployment of aggregated datasets for purposes including analytics, research, product developmen…
This provision defines the operational scope of Verizon's rights to user-submitted materials and establishes the legal framework governing content ownership and licensing. The clause determines wheth…
This clause establishes a broad operational authorization for data use once information has been aggregated or de-identified, removing restrictions that would otherwise apply to identified personal d…
The clause establishes the scope of permissible data processing activities internal to the service, defining operational functions that rely on information collection and use within YouTube Kids' sys…
This clause establishes a category of data treated outside the personal data framework, allowing unrestricted commercial use once data meets the aggregation or de-identification standard. The authori…
Create a free account and watch the platforms that matter to you. We'll email you the moment something changes.
A data usage clause is a provision in a platform's terms of service or privacy policy governing data usage-related rights, obligations, or restrictions.
ConductAtlas tracks 189 platforms with data usage clauses - roughly 58% of platforms in the archive. 254 are classified as high severity.
Severity reflects the magnitude of rights waived, availability of opt-out, breadth of users affected, financial or legal exposure created, and the degree of discretion retained by the platform.