Found in 170 of 343 platforms tracked (50% adoption) · 382 provisions
The provision establishes the scope and permissible uses of de-identified data for internal product development and potential third-party commercialization activities. By specifying that such activit…
This dual-role structure establishes different legal responsibilities and accountability frameworks for ADP's data processing activities. When ADP acts as a processor, the client employer retains pri…
The clause creates a framework for data residency control and establishes AWS's data access limitations and non-disclosure obligations as operational requirements. It specifies the conditions under w…
This clause clarifies the data protection framework by delineating AWS's role as a processor rather than controller for customer data stored on AWS infrastructure. It specifies that responsibility fo…
The provision allocates data processing compliance responsibility to the customer rather than AWS, establishing that AWS Bedrock does not automatically create lawful processing authority and that cus…
The provision establishes the operational infrastructure for data collection and ad targeting by external vendors, enabling Affirm to monetize user behavioral data through advertising partnerships wh…
The clause establishes the operational basis for behavioral targeting while creating a consent requirement for personally identifying data in interest-based ad delivery, thereby delineating the scope…
The clause establishes a broad operational authority for Amazon to incorporate user-generated data into model development and training processes as part of service improvement functions, without requ…
The clause establishes the operational basis for Amazon's use of collected data across advertising functions, including both first-party advertising delivered to users and third-party advertising ser…
The clause establishes Amazon's operational authority to process user personal information for targeted advertising purposes while maintaining a stated distinction between identifiable and non-identi…
The clause establishes a default data use authorization for model development with a user-controlled opt-out mechanism, while preserving the company's authorization to use materials for training purp…
This scope exclusion clarifies the division of data governance responsibility between Anthropic and its commercial customers. When Anthropic processes data as a processor rather than a controller, th…
The provision establishes a bifurcated data usage framework where general model training is subject to user opt-out, but safety-related uses and user-initiated reporting create categorical exceptions…
The clause establishes a dual-authorization framework: a default permission structure with an opt-out mechanism, coupled with carve-outs that preserve the company's training use rights for specific m…
The provision establishes Anthropic's ownership and usage rights over feedback data collected through rating interactions and user submissions. This creates an operational mechanism for the service t…
The provision establishes a dual-consent framework where users may restrict training use through opt-out but retain defined carve-outs that permit training use for safety-related flagging and user-in…
This provision operationalizes Apple's regulatory compliance framework for child-directed content by restricting data monetization mechanisms in the Kids Category and establishing developer obligatio…
Session recording can capture a detailed replay of everything you do on Arlo's site, including browsing products, adding items to your cart, and progressing through checkout, which goes beyond standa…
This provision clarifies the allocation of data responsibility in business deployments, designating the employing or sponsoring organization—rather than Asana—as the entity responsible for determinin…
The clause establishes the operational framework for Audible's advertising delivery and analytics infrastructure by explicitly authorizing third-party data collection and use. This authorization stru…
The clause establishes the legal basis and scope for handling sensitive personal data regulated under GDPR Article 9. By designating processing as consent-based, the terms specify the regulatory fram…
This disclosure indicates that Bumble may conduct background or criminal history checks on users in response to reported misconduct, which has implications for how personal data and third-party backg…
The clause establishes broad operational rights for the platform to exploit user-generated content across all current and future formats and media without compensation or case-by-case consent, reduci…
This allocation establishes the customer's legal responsibility for compliance with data protection regulations governing invitee information. By designating the customer as data controller, the term…
This clause establishes a data sourcing mechanism that supplements Cash App's first-party data collection with third-party derived data. The operational significance is that user profiles maintained …
The provision establishes Character.AI's operational authority to incorporate user-generated content into service operations, product improvement, and commercial activities without ongoing compensati…
The clause establishes the operational basis for the service provider's use of user-generated content and interaction data as training material for model development and service enhancement.
The provision allocates regulatory responsibilities based on functional role under data protection law. This operational distinction determines which legal framework governs personal data handling an…
This provision establishes the legal responsibility framework for personal data processing. The allocation of controller and processor roles determines which entity bears regulatory compliance obliga…
This distinction allocates legal and operational responsibility between Cloudflare and its customers under data protection frameworks. By defining Cloudflare as processor rather than controller, the …
Data processing terms are operationally significant because they define the scope of information flows within the service architecture and establish the legal basis for Cohere's handling of customer …
This prohibition covers AI-assisted surveillance applications, which are an increasingly scrutinized category under both privacy law and the EU AI Act; deploying such applications on Cohere's infrast…
This clause establishes the scope of data recipients beyond Coinbase's direct control, defining which categories of external entities may receive user personal information as part of normal business …
The provision establishes the operational scope of personal data sharing within the service delivery model and identifies the categories of recipients who receive access to user personal information.…
This clause clarifies the legal relationship between Datadog and its customers regarding data handling obligations, designating Datadog as a processor rather than controller. The allocation establish…
This provision establishes the operational framework for behavioral profiling and inference generation as core data processing activities. It specifies both internal use (service personalization) and…
The provision establishes a reference mechanism for disclosure of AI and machine learning data practices rather than detailing those practices directly in the privacy policy itself. This structure de…
The provision establishes the foundational operational scope of the entity's data processing activities, defining what categories of data (commercial and personal) and what volume of subjects (600M+ …
This allocation of data controller responsibility clarifies the operational relationship and regulatory obligations between Cisco, the enterprise customer, and end users under data protection framewo…
This provision means that in-game voice and text conversations are not private; they may be recorded, reviewed by EA staff or automated systems, and used as grounds for account action.
Hardware fingerprinting goes beyond typical cookie-based tracking because it can identify a device even if cookies are cleared or a new account is created, raising concerns about the persistence and …
Cross-device profiling enables analytics providers to maintain unified user profiles independent of which device accesses EA's services. This operational capability allows EA to obtain comprehensive …
Video and audio footage from inside and around your home represents highly sensitive personal data; the policy authorizes use of this footage for product improvement beyond the core security monitori…
The distinction between controller and processor roles carries different legal obligations under data protection frameworks such as GDPR. As a controller, Fastly bears primary responsibility for lawf…
This provision creates a multi-document framework for data governance by incorporating privacy obligations by reference rather than specifying them within the main service agreement. It establishes t…
The provision establishes the scope of authorized use of Customer Content by Figma and its service providers, and creates a requirement that users consult separate documentation (Figma AI Terms) to u…
This provision establishes the operational basis for incorporating user-generated content into Figma's AI model development pipeline, with the requirement that such data undergo de-identification and…
The clause defines the operational data processing relationship and allocates responsibility for compliance with data protection obligations. Fly.io's processor status means the customer bears primar…
This provision establishes Ford's data-sharing practices for advertising and analytics purposes, creating a operational framework where user behavioral information flows to external partners. The cla…
This provision establishes GitHub's operational authority to apply user-generated content to AI model training, which affects how the platform monetizes and develops its technical infrastructure. The…
This provision clarifies the data governance structure within organizational deployments, allocating responsibility and control authority between GitHub and the organization, which affects compliance…
This provision establishes a legal data processing relationship where responsibility for data governance and privacy compliance is assigned to the customer organization rather than to Glean. It clari…
This license establishes Google's operational rights to process and repurpose user content across its infrastructure and product ecosystem. The authorization to create derivative works and modify con…
The data controller/processor distinction determines regulatory obligations, lawful basis requirements, and liability allocation under data protection frameworks. This allocation affects what privacy…
The clause establishes a data retention and usage framework that ties continued service operation to participation in model training activities, creating an operational dependency between account set…
The provision establishes a human review process as an operational mechanism for quality assurance and model improvement, which means certain conversation data flows to human reviewers as part of Goo…
This clause establishes customer responsibility for the legal and procedural requirements of data processing under the Maps Platform. By allocating consent and disclosure obligations to the customer …
The license structure establishes Grindr's rights to use user-generated content across its service operations and product development without time limitations or exclusivity restrictions. The sublice…
The provision creates a framework under which sensitive personal data is collected with user consent and made visible within the service ecosystem. This establishes both the data collection mechanism…
The clause establishes a dual data management structure where both employers and individual members have upload and access capabilities within the platform, creating a shared data repository that sup…
The clause establishes the scope of health data that Gusto processes in its operational capacity as a benefits administrator, defining what categories of sensitive health information the platform han…
The clause establishes the operational framework for Home Depot's use of personal data in advertising partnerships and creates a disclosure requirement under California privacy law. It specifies the …
The provision clarifies the operational framework for data handling compliance by designating a separate DPA as the governing instrument for regulated data processing and allocating the compliance ob…
The incorporation by reference establishes a separate contractual framework governing data processing obligations, liability allocation, and compliance responsibilities under European data protection…
The provision allocates data ownership to the customer while establishing the customer's sole responsibility for data accuracy, quality, and legality. This framework clarifies that HubSpot does not c…
The clause allocates data governance responsibilities between HubSpot and its customers by defining HubSpot's role as a service provider rather than an independent controller, which determines applic…
The provision defines the operational scope of Hugging Face's access rights to user-controlled content, establishing which internal functions and purposes permit platform personnel to view or process…
This provision establishes the operational basis for cross-context behavioral advertising practices. It describes the technical infrastructure and data flows that enable Hulu and partner companies to…
The clause creates a structural requirement that Instacart maintain transparency about third-party data sharing practices by consolidating disclosure information in a designated policy section, enabl…
The clause establishes a data use pathway that enables Intuit to leverage user financial information for advertising purposes, requiring coordination with external advertising platforms and data shar…
Personal data processing for sales transactions is operationally necessary for order fulfillment, payment processing, and regulatory compliance. This provision establishes the legal basis and scope f…
The provision establishes LinkedIn's operational authority to process user-generated content across multiple uses and business functions without ongoing consent requirements. The transferable and sub…
The clause establishes a data use practice for model development and establishes an opt-out mechanism through user-controlled settings rather than requiring affirmative consent prior to training use.
This authorization establishes LinkedIn's operational rights to exploit user content across its service ecosystem and derivative uses. The transferable and sublicensable nature permits LinkedIn to au…
The provision establishes LinkedIn's operational authority to incorporate user content into AI training datasets without separate compensation or per-use licensing arrangements. This licensing struct…
This provision establishes Meta's operational rights to process and utilize user-generated content across its service ecosystem. The broad scope of authorized uses—including modification, derivative …
The clause operationalizes Meta's advertising model by describing the mechanism through which user data informs ad targeting while restricting direct identifier sharing. This structure defines the sc…
This provision establishes the operational basis for Meta's advertising business model by creating explicit authorization to process user data for ad targeting and delivery. The clause defines the sc…
This clause establishes the operational basis for the service delivery model and clarifies the consideration users provide in exchange for access to Meta Products. It specifies that personalized data…
The license establishes Meta's operational authority to process, store, and repurpose user-generated content across its product ecosystem and to engage service providers in these functions. The trans…
This clause defines the operational boundaries of Meta's advertising business by permitting targeted ad delivery based on user attributes while restricting certain data sharing practices. The distinc…
This clause establishes Meta's operational authority to incorporate user identity elements and activity information into advertising display mechanisms. The provision defines the scope of permitted u…
This clause defines the operational boundaries of Meta's data-sharing practices with advertising partners, establishing that direct identifiers remain separate from behavioral targeting mechanisms wh…
This clause establishes a contractual boundary on permissible downstream uses of Meta-sourced data, restricting the development of surveillance capabilities as a derivative application of the platfor…
The legitimate interests basis is a lawful processing ground under data protection frameworks that permits data use when organizational interests are balanced against individual rights. By invoking t…
This provision establishes mandatory compliance obligations for advertisers using the platform to display age-restricted content categories. The targeting requirement creates an operational gate that…
The clause establishes a unified data framework that treats information collection across disparate services as a consolidated dataset for operational purposes. This integration enables cross-platfor…
The provision establishes Meta's authority to construct and maintain derived demographic and preference profiles through algorithmic inference rather than direct user declaration. This inferred data …
This provision establishes the operational scope of Meta's data processing infrastructure by codifying the receipt of third-party data and permitting algorithmic inference generation as authorized da…
The provision establishes Meta's operational authority to derive inferred data classifications beyond explicitly provided information, expanding the data categories available for advertising targetin…
The clause establishes Microsoft's operational rights to incorporate user content into product development, service operations, and derivative applications without payment obligations or exclusivity …
The provision establishes a broad data usage framework that permits Microsoft to apply user data across multiple business functions and product lines. This authorization structure enables the company…
The provision establishes that Microsoft's data collection and processing practices are documented in a separate Privacy Statement rather than within the Services Agreement itself. This structure all…
The provision establishes a data processing purpose beyond the primary service delivery function, creating an operational category where customer data serves dual purposes: immediate service provisio…
The clause establishes the operational scope of Microsoft's rights to process and utilize user-generated content across its service infrastructure. This authorization enables core service functions i…
The provision establishes a broad operational basis for repurposing customer data beyond the primary service delivery function. This expands the permitted use cases for data processed through Azure s…
This license grant operates as a condition of service use and defines the scope of rights Microsoft acquires over user-submitted content. The provision establishes that Microsoft may utilize user con…
This provision establishes the operational scope of data sharing necessary for service delivery and performance measurement. The authorization extends beyond internal service delivery to include exte…
The license authorizes Midjourney and its successors to use user-generated inputs and outputs for any purpose without time limitation, geographic restriction, or obligation to pay compensation. The s…
This provision creates a contractual framework linking AI feature usage to supplemental terms and establishes the operational scope of content processing through AI systems. It clarifies that AI func…
The provision operationalizes differentiated governance structures between consumer and commercial users. Commercial customers are subject to supplementary contractual instruments beyond the base Ter…
This clause defines Mixpanel's legal role and compliance obligations in the data processing relationship, establishing that Mixpanel acts under the direction of its direct customers rather than as an…
The provision creates a structured allocation of data protection obligations between Neon and its customers. By incorporating the DPA by reference, the clause establishes that data processing terms a…
This provision establishes the operational scope of Netflix's advertising data collection and targeting practices by authorizing the integration of first-party advertising signals with third-party in…
This provision establishes the operational mechanism by which Netflix integrates third-party interest inferences into its ad targeting system. The clause permits cross-platform data aggregation—combi…
This provision establishes the data collection and processing practices that support Netflix's advertising operations. The clause operationalizes the use of behavioral targeting, which requires colle…
This provision establishes the operational scope of Netflix's data sharing practices for advertising and marketing functions. It defines the categories of third-party recipients who receive personal …
This provision establishes Netflix's operational practice of monetizing user data through advertising partnerships. It defines the scope and categories of information that may be transferred to third…
This clause establishes the operational scope and recipient categories for Netflix's sale and sharing of personal information under state privacy law definitions. It specifies which data categories a…
The provision clarifies that the privacy policy's data processing disclosures extend beyond direct platform users to include individuals who appear in user-generated content but may not have independ…
The provision establishes distinct data usage policies based on account type, creating different baseline training data practices for API and consumer users. This operational distinction means the sc…
The provision defines operational boundaries around heightened data protection obligations for sensitive categories, establishing which processing activities are authorized and under what conditions …
The clause establishes the operational scope of data use for model development purposes and creates an opt-out mechanism that allows users to restrict a specific category of data processing while oth…
This clause establishes the operational scope of data usage for model development purposes and creates a mechanism by which users can control participation in training activities. The provision disti…
This authorization allows OpenAI to incorporate user submissions into its model development workflow, which is operationally central to the service's improvement and feature development. The provisio…
The clause establishes OpenAI's operational authority to incorporate user content and feedback into service development and improvement activities. This authorization permits the company to leverage …
The clause establishes OpenAI's rights to incorporate user content into model development processes while providing users with a mechanism to opt out of this particular data use through settings cont…
The provision establishes a default authorization for content reuse unless the user takes affirmative action to opt out, which affects how user-submitted materials are incorporated into service devel…
The clause establishes a data processing practice where conversation content is accessed for model training purposes, subject to specified privacy protections. This defines the scope of internal acce…
The provision establishes the operational scope of data utilization within the service delivery model. It defines what uses of submitted content fall within the authorized scope of the agreement and …
This provision establishes a data utilization practice that directly supports the entity's core business function of model training and refinement. The operational significance lies in how user-gener…
The clause establishes the operational infrastructure for cross-platform behavioral tracking and advertising measurement. It documents the company's use of intermediary service providers to gather us…
The provision establishes a data-sharing practice with advertising partners as a default operational practice, while creating an opt-out mechanism available specifically to California residents under…
Cross-device tracking allows the service provider to maintain continuous behavioral profiles across a user's digital ecosystem, enabling advertisers to reach users with personalized advertisements re…
The clause establishes the operational framework for cross-context behavioral advertising, permitting data consolidation across multiple digital properties to construct user interest profiles that in…
The clause establishes PayPal's operational authority to incorporate user data into AI model development and to apply automated decision systems for security and fraud mitigation functions. This defi…
The provision establishes PayPal's operational authority to construct user profiles through data inference rather than direct collection alone, enabling the development of predictive attributes that …
This provision establishes the operational framework for Peacock's interest-based advertising model, defining the scope of data sharing with external partners and the uses of viewing history data in …
Keystroke logging and offline data queuing go beyond standard analytics and raise questions about the scope of behavioral surveillance, particularly for partially completed forms which may contain da…
This clause establishes the operational scope of Pinterest's machine learning development activities by authorizing use of user-generated content and behavioral data for model training without time r…
The provision establishes the operational scope of inferential data processing, defining which data sources Pinterest combines to generate predictive attributes about users. This shapes the categorie…
This provision establishes the operational scope of Pinterest's cross-context advertising system, defining what data sources inform ad selection and where resulting advertisements may be distributed.…
This provision clarifies the operational structure of data handling within Plaid's platform, establishing that Plaid processes data pursuant to instructions from client institutions rather than as an…
The clause establishes Poshmark's operational authorization to reuse and repurpose all user-generated content across its service ecosystem and marketing activities without time limitation or addition…
This clause establishes Reddit's operational rights to monetize, archive, and repurpose user content across its services and platforms indefinitely. The perpetual scope means these rights continue ev…
The provision establishes Reddit's operational authority to incorporate user-generated content into AI/ML training datasets and model development processes. This authorization affects the scope of pe…
Special category data receives heightened regulatory protections under data protection frameworks like GDPR. This clause establishes the operational basis for Revolut to collect and process these sen…
The clause creates a parental gatekeeping mechanism requiring affirmative approval before child account creation and establishes a data minimization standard that constrains the scope of information …
Kernel-level software has privileged access to your entire system. The fact that it may run and collect data even when the game is not active means your device is being monitored outside of gameplay …
Most players assume in-game voice chat is ephemeral; this clause establishes that communications content may be retained and reviewed, which has legal implications in jurisdictions requiring all-part…
The clause establishes a permitted use category for user-generated content beyond the primary service delivery function, expanding the operational scope of data processing activities the platform may…
The provision defines the scope and mechanics of data handling within Segment's platform infrastructure. It establishes the operational framework under which customer data is processed and classified…
The clause creates a binding framework for how personal data is handled during service delivery by making a separate data protection document an enforceable part of the primary service agreement. Thi…
The SDK implementation establishes the technical infrastructure through which Shein manages user consent states, storage interception, and third-party advertising tracker deployment. The configuratio…
The clause establishes the operational basis for cross-context behavioral advertising, allowing the company to leverage user contact information and engagement data through third-party advertising pa…
This allocation of controller responsibility determines which party bears primary legal obligations under data protection regimes. The provision clarifies Shopify's role as a processor or service pro…
This provision establishes the operational scope of data sharing practices by specifying the categories of recipients (advertising and analytics partners) and the purposes for which shared data may b…
The clause establishes a data sharing practice for advertising purposes as a standard operational term, while creating a compliance pathway for California residents under applicable state privacy law…
Employees who assume their workplace Slack messages are private should be aware that their employer has broad administrative access to all workspace content, including direct messages, depending on t…
The incorporation of the DPA by reference creates binding obligations for both parties regarding personal data processing, particularly in relation to GDPR and other data protection regulations. This…
The provision establishes the operational scope of data usage across Slack's service infrastructure and product development activities. It creates a conditional authorization for AI/ML training that …
This provision allocates responsibility for personal data governance by designating the customer as the entity responsible for establishing privacy policies and responding to data subject inquiries. …
This clause establishes the operational basis for Snapchat's inference-based advertising system, specifying that ad personalization relies on derived data rather than explicit user declarations. It d…
The provision establishes Snapchat's operational rights over user content across all core business functions, including service delivery, product development, and research activities. This licensing …
This clause establishes Spotify's operational rights to incorporate user-generated content into service delivery and product development without ongoing licensing fees or restrictions on sublicensing…
The provision establishes Spotify's authorization to use submitted user content across its service and derivative applications without ongoing royalty obligations or restrictions on sublicensing. The…
The provision establishes a data-sharing framework across a portfolio of distinct consumer-facing products under common corporate ownership. This operational structure allows consolidated data practi…
This allocation of roles creates a clear operational division of data responsibilities under applicable data protection frameworks. The provision establishes that Squarespace's data handling obligati…
This provision establishes the operational framework for how user interactions with the service become training data for model enhancement. The authorization determines whether user-submitted content…
The provision establishes the data sharing practice as a standard operational feature of the service and creates a mechanism for California residents to exercise statutory opt-out rights through a sp…
The clause establishes a framework for data monetization and operational insight generation across State Farm's business ecosystem. By de-identifying customer data, State Farm creates a data asset th…
The provision operationally defines the lawful grounds for data processing activities, establishing that Valve's collection practices span contractual necessity, regulatory compliance, institutional …
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The author…
The clause establishes the operational basis for Strava's aggregation and sharing of user-generated location data at scale. This authorization applies to all users whose activities contribute to thes…
The clause establishes broad operational rights for Strava to process and repurpose user content across multiple channels and formats. The transferable and sub-licensable nature of the license permit…
The incorporation of the DPA establishes a framework that specifies how each party must handle Personal Data processing, including mechanisms for international data transfers. This creates enforceabl…
The provision creates a clear delineation between customer-specific data (which remains customer property) and aggregated usage analytics (which constitute Supabase IP). This classification determine…
This clause operationalizes T-Mobile's marketing data practices by conditioning CPNI use for commercial purposes on affirmative customer consent, while establishing the Privacy Dashboard as the admin…
The clause establishes the operational framework for T-Mobile's data monetization through its Advertising Solutions program, which derives targeting capabilities from network usage patterns and locat…
The provision establishes the operational basis for collecting accessibility-related data including health information, with explicit consent as a procedural requirement. This framework allows the pl…
The provision establishes the operational scope of TikTok's content usage rights beyond displaying content to other users. It authorizes derivative works creation and algorithmic training activities …
The clause establishes the operational scope of content use beyond direct platform distribution, specifically authorizing incorporation of user content into model training and algorithm development w…
The provision establishes the legal basis for TikTok's use of user content in AI model development and algorithm improvement, allowing the platform to process content at scale for training purposes w…
The clause establishes a mechanism by which content shared on the Platform automatically grants other users broad usage rights, including derivative work creation, without compensation to the origina…
Keystroke dynamics can be used as a behavioral biometric identifier, capable of uniquely identifying individuals; collection of this data is unusual among mainstream consumer apps and may carry speci…
The provision establishes Tinder's operational authority to repurpose user content across its service infrastructure, including storage, display, advertising, and incorporation into derivative works.…
This provision clarifies the data controller relationship in the embedded SDK context, meaning Unity assumes direct legal responsibility for the personal data it collects through these services rathe…
The clause establishes Unity's data collection and aggregation practices across its service ecosystem, enabling the creation of persistent behavioral profiles that support targeted advertising operat…
This provision establishes the operational framework for financial data handling on the platform. It designates third-party payment processors as intermediaries in the transaction chain and specifies…
The clause establishes the operational basis for Venmo's use of user data in advertising and marketing functions, including targeting mechanisms and performance measurement activities.
The incorporation by reference mechanism makes privacy obligations enforceable as part of the contractual agreement, while the DPA requirement establishes a conditional obligation for certain jurisdi…
This allocation of roles determines regulatory responsibility under data protection frameworks. As controller, the customer bears primary compliance obligations for lawfulness of processing, while Ve…
The clause establishes the operational scope and purpose of the Custom Experience Plus program, specifying which data categories Verizon collects and processes for advertising personalization and bus…
This clause establishes the operational scope of permitted uses for CPNI data under federal telecommunications law. It defines three specific categories of authorized use: service delivery, targeted …
The provision establishes the operational framework under which Verizon processes personal and usage data. This determines what customer information the carrier collects as a standard business practi…
The provision establishes the operational scope of data collection and use for Verizon's advertising personalization programs. It clarifies that network-level usage data constitutes authorized inform…
The provision establishes the operational scope of Verizon's advertising program by defining what categories of user information may be leveraged for ad targeting and across which properties (owned a…
The provision establishes Visa's operational authority to leverage transactional information as an input for advertising and marketing analytics, creating a revenue stream from data derived from paym…
The provision establishes Visa's operational authority to develop predictive profiles and segmentation models from payment data without requiring explicit consent for each inferred attribute. This en…
This authorization establishes Visa's operational use of transaction data as a basis for developing client-facing analytical products. The provision defines a core business function whereby aggregate…
This provision establishes the operational scope of Walmart's advertising data usage, specifying that user information collected through transactions and site activity feeds into a retail media netwo…
The clause establishes the operational framework for ad targeting and identifies the data categories and external parties involved in the personalization mechanism. This defines how the service gener…
The provision establishes that user-submitted content becomes available for use by the platform and its user base in perpetuity without compensation. This authorization permits Waze to incorporate us…
The clause establishes the operational scope of data utilization for advertising purposes, clarifying that location and behavioral data collected through the service may be processed for targeted ad …
The data controller/processor distinction determines which party bears primary legal responsibility for data protection compliance, liability exposure, and regulatory obligations under frameworks lik…
The absence of clear controller/processor designation creates ambiguity regarding legal responsibilities and data governance obligations under data protection frameworks. This affects the allocation …
This clause delineates Workday's operational role and responsibility boundaries in the data processing relationship. By identifying the business customer as the data controller, the provision clarifi…
The dual-role structure determines Writer's legal obligations and liability framework under data protection regulations. When acting as a processor, Writer's data handling is governed by service agre…
The provision establishes the operational scope of data utilization beyond primary service delivery, specifically authorizing use of user-provided and collected data for model training and research f…
This provision defines the scope of data utilization for marketing operations. It establishes the operational framework under which customer information becomes available for advertising targeting an…
The provision establishes the operational scope of Google's ad targeting infrastructure by defining which data sources can be combined for personalization purposes and which categories are explicitly…
The provision's operational significance lies in establishing user access options (authenticated and unauthenticated) and clarifying that privacy configuration mechanisms exist across the Google serv…
The clause authorizes cross-platform data integration between YouTube Kids and the broader Google account ecosystem. This operational integration means data collected in the YouTube Kids environment …
The provision establishes Zelle's operational framework for implementing behavioral targeting infrastructure, which requires coordination with third-party advertising and analytics partners to deploy…
The dual role structure determines Zendesk's regulatory obligations and accountability framework under data protection law. As a controller, Zendesk bears primary responsibility for lawful processing…
This provision establishes the operational basis for Zillow's behavioral profiling and advertising infrastructure, defining both internal data use and third-party data sharing relationships. It permi…
The intellectual property license structure determines the scope of 23andMe's authorization to process, store, and derive insights from genetic data submitted through the service. This framing establ…
The restriction operates as a condition of service eligibility by excluding specific institutional entity types from accessing 23andMe's platform. This limitation may reflect regulatory requirements …
Cookie deployment enables Activision to implement personalized content delivery and marketing optimization at scale. This mechanism supports the operational infrastructure for targeted advertising an…
The clause establishes a boundary on permissible AI training applications while creating a distinct authorization pathway for Adobe's own AI development activities using licensed Stock content. This …
This clause establishes the legal framework under which Adobe processes content data without explicit user consent, relying instead on a balancing test between Adobe's business interests and user pri…
The clause establishes the operational framework for data flows required under the payment processing model. Card scheme participation requires data sharing with multiple entities in the payment netw…
Tracking technologies can collect data about your browsing behavior both on Afterpay's platform and, in some cases, across the web, which may be used to serve targeted advertising and shared with thi…
The clause establishes Amazon's operational rights to repurpose user content across its services and platforms without additional compensation or time limitation. The sublicensable component permits …
The provision establishes Amazon's operational rights to exploit user-generated content across all platforms and media without compensation or time limitation. The sublicensable nature permits Amazon…
Session replay captures granular behavioral data including mouse movements and form inputs, which may include sensitive information, and the responsibility for obtaining your consent rests with the b…
This provision delineates Amplitude's legal responsibilities under data protection frameworks by specifying when Amplitude bears primary accountability for data handling decisions versus when it oper…
This clause establishes a separate data use pathway independent of customer-specific data restrictions, permitting the service provider to extract and utilize insights from customer activity for oper…
The clause establishes the operational framework through which Anthropic enforces its Usage Policy, including the detection mechanisms it deploys and the enforcement actions available to it. It creat…
This clause delineates the scope of Anthropic's Privacy Policy by carving out a category of service relationships where Anthropic's obligations are defined by separate data processing agreements with…
This provision clarifies the scope of Anthropic's stated privacy obligations by distinguishing between direct-consumer relationships (where Anthropic acts as controller) and B2B relationships (where …
The provision operationalizes transparency obligations in B2B relationships by designating specific parties who receive formal notice of data processing terms and policy changes, ensuring accountabil…
This provision establishes the scope of automated data collection, including cross-service user identification using device identifiers. The use of MAC addresses and mobile advertising identifiers al…
The provision defines the operational scope and technical limitations of Apple's advertising system, specifying that ad delivery relies on first-party data from Apple services only rather than data a…
This distinction allocates data governance responsibilities between Atlassian and its customers according to data protection regulatory frameworks. The provision clarifies that Atlassian's obligation…
The incorporation by reference mechanism establishes the DPA as the operative framework governing Auth0's data processing obligations and practices, rather than relying solely on data handling terms …
Communications you send through online banking — including secure messages and transaction notes — may be reviewed by the bank, and this consent is a condition of using the service.
The provision establishes the scope of BeReal's operational rights over publicly shared user content, permitting the platform to repurpose and distribute such content without additional compensation …
For a financial services platform holding highly sensitive data, the use of third-party behavioral tracking tools on core product pages raises questions about whether behavioral data derived from fin…
The explicit assertion of the right to review direct messages between users means private conversations on Bumble are not confidential and may be accessed and acted upon by Bumble's moderation team o…
This provision establishes Calendly's operational authority to extract insights from service usage patterns and share resulting aggregate metrics with third parties or the public, independent of indi…
The provision establishes that Calm engages in data inference practices beyond directly provided information, enabling the company to supplement its user profile data with derived demographic attribu…
The license grant establishes Calm's operational rights to incorporate user content into service delivery, marketing materials, and derivative products without additional compensation or per-use auth…
This provision establishes the operational framework for third-party data sharing and cross-platform advertising infrastructure. It defines the scope of personal information transfer and the technolo…
This provision allocates data protection responsibilities by designating the customer as the party responsible for lawful basis, compliance obligations, and end-user disclosures, while Cohere assumes…
The provision establishes the operational basis for Coinbase's direct marketing practices and cross-platform advertising activities, structured within stated regulatory compliance obligations. This d…
This clause delineates the legal relationship and contractual framework for personal data handling, establishing that processor obligations flow through customer agreements rather than through Databr…
This distinction allocates data processing responsibility between Datadog and its customers under data protection frameworks. It clarifies that Datadog's data handling practices are governed by custo…
This clause establishes the operational framework for secondary use of user data beyond the primary service delivery function. By authorizing de-identified data use, the provision creates a distinct …
This clause establishes DocuSign's operational rights to incorporate user-generated content into service operations, product improvements, and distribution channels without separate compensation or e…
The dual role designation establishes different data governance responsibilities depending on the product used. When DocuSign acts as controller rather than solely as processor, it assumes independen…
The clause establishes that data rendered non-identifiable through aggregation or anonymization falls outside the scope of personal data restrictions, enabling the entity to repurpose derived dataset…
Recording consent is embedded in the act of communicating with customer support rather than through a separate explicit notice, which may raise questions about adequacy under state wiretapping and co…
This provision means DraftKings actively analyzes user gambling patterns for behavioral risk indicators, which involves processing sensitive behavioral and financial data. While framed as consumer pr…
This clause establishes the operational foundation for Dropbox's service delivery by granting the technical permissions required to perform hosting, data processing, and feature generation. Without t…
The clause establishes that competitive mode participation includes recording and public replay of individual player inputs and performance data as part of the standard competitive experience infrast…
This broad license grant establishes Eventbrite's operational rights to incorporate user content into service delivery, marketing operations, and third-party distribution partnerships without requiri…
This provision establishes the operational scope for data inference activities. It permits the company to develop and expand algorithmic capabilities that generate new data attributes beyond informat…
This clause establishes the operational scope of FanDuel's marketing communication practices and identifies the channels and content categories the company is authorized to deploy. It specifies that …
This clause creates a hierarchical governance structure in which enterprise data processing agreements take precedence over the standard Privacy Policy, enabling customized data handling arrangements…
This clause establishes Fitbit's operational rights to process and repurpose user-generated content across multiple formats and distribution channels without requiring additional compensation or per-…
The clause defines the scope of intellectual property rights the platform retains over user submissions, establishing Fiverr's authorization to exploit platform content across operational and commerc…
The clause establishes a broad authorization for data use once personal information undergoes de-identification or aggregation, effectively exempting such processed data from standard privacy constra…
Tracking technologies enable persistent monitoring of user behavior across sessions and potentially across the web, and the data collected feeds into advertising targeting and analytics that may invo…
This clause establishes a carve-out from privacy protections for data in de-identified or aggregated form, permitting internal research operations and product development to proceed without the notic…
The clause establishes a data collection and sharing framework that enables behavioral tracking through third-party analytics providers. This operational arrangement allows service providers acting o…
The provision operationalizes Glean's responsibility for sub-processor oversight by requiring contractual commitments around data limitation and security with downstream processors. The disclosure me…
The provision establishes the scope of Google's operational rights to content users provide to the service, enabling Google to process, store, and deliver that content across its systems and partners…
The clause establishes that de-identified data falls outside the scope of the privacy policy's restrictions, creating a separate category of information that the company may use and share without lim…
Third-party tracking technologies operated by analytics and advertising partners collect behavioral data independently and may combine it with information they hold about you from other sources, exte…
This provision defines the operational responsibility structure for personal data handling, allocating data controller authority to the employer-customer while positioning Gusto as a processor bound …
This allocation of roles establishes the contractual and legal framework for data handling responsibilities. It clarifies that employers, not Gusto, bear primary responsibility for determining how em…
The clause establishes Headspace's operational rights to repurpose user-generated content across all media formats and commercial channels without ongoing consent, compensation, or attribution obliga…
This clause establishes the operational basis for Hinge's behavioral advertising practices and allows the company to generate performance metrics from advertising campaigns. The dual legal grounds (c…
The operational significance is that Hinge obtains comprehensive rights to user content without temporal limitation or geographic restriction. The transferability and sub-licensability provisions mea…
The dual-role structure defines HubSpot's legal responsibilities and regulatory obligations under data protection frameworks. When operating as a controller, HubSpot bears primary responsibility for …
The clause establishes the operational scope of data use beyond service delivery, permitting HubSpot to process user information for internal product development and analytics functions. This authori…
The clause establishes the scope of intellectual property rights Hugging Face acquires over user content, specifying that the company may modify, republish, and distribute such content without paymen…
The legitimate interests basis expands the permissible scope of data processing beyond consent-dependent activities, enabling the entity to conduct processing necessary for service operation, fraud p…
The clause operationalizes the definition of 'ad-free' service by carving out specific exceptions where advertisements and promotional content may appear despite the no-ads tier designation. This est…
The clause creates a structured disclosure framework where the company identifies specific categories of third parties and the informational basis for sharing personal data, establishing transparency…
The clause operationalizes Instacart's authorization to monetize personal data through sale or sharing arrangements with advertising partners, while establishing a procedural framework through which …
The provision establishes a broad operational basis for data processing activities beyond service delivery, enabling product development and research functions. The carve-out for de-identified data r…
The policy authorizes use of tracking technologies including pixel tags and web beacons for advertising purposes, meaning browsing and interaction data collected on LangChain's properties may be used…
Legitimate interest as a legal basis permits data processing without requiring explicit user consent, provided the organization's interests do not override privacy protections. This basis enables Led…
The clause establishes the operational framework for LinkedIn's advertising infrastructure by explicitly authorizing data aggregation across multiple collection mechanisms and sources, and by establi…
This clause establishes the operational scope and data inputs for LinkedIn's advertising targeting infrastructure. It specifies that the company aggregates data from multiple sources—both first-party…
This clause establishes the operational basis for LinkedIn to process user data through machine learning systems and algorithmic inference. It defines the scope of permitted data uses beyond the prim…
The provision establishes an operational pathway for the entity to derive commercial value from user data through de-identification and aggregation processes, enabling downstream use and third-party …
The provision creates a categorical compliance framework that separates political and issue-based advertising from standard commercial advertising, establishing distinct authorization and disclosure …
This distinction allocates data governance responsibility between Microsoft and its customers. In enterprise contexts, customers retain primary control over data policies and compliance obligations, …
The clause establishes the operational basis for Microsoft's interest-based advertising system, specifying the data categories used for ad targeting and the mechanism through which users can modify t…
This clause establishes the operational framework for Microsoft's advertising delivery system and defines the categories of data that may and may not be used for targeting purposes. The distinction b…
This provision establishes the operational framework under which usage data flows from the platform to external entities. It defines the scope of permissible data practices that support the business …
This provision authorizes Mistral AI to conduct automated moderation and abuse monitoring as a Controller, which means this processing is governed by Mistral AI's own legal basis and purposes rather …
Automated monitoring of user interactions means your conversations and usage patterns may be systematically reviewed by Mistral AI's systems, which has implications for user privacy and the scope of …
This clause establishes Mixpanel's operational rights to derive insights from aggregated customer datasets for internal analytics and service improvement. The aggregation and de-identification mechan…
The dual-role structure establishes different legal responsibilities and compliance obligations depending on the data category. As a processor, Mixpanel operates under customer instructions and data …
This clause establishes Mixpanel's operational right to extract value from event data through aggregation and de-identification processes, creating a secondary use stream beyond the primary customer …
Data processor designation establishes the legal framework for how Mixpanel handles personal data, clarifying liability allocation and compliance obligations under data protection regulations. This d…
This dual-role structure allocates data protection responsibilities between Monday.com and its customers under applicable data protection regulations. The designation clarifies that customer-uploaded…
This clause establishes the operational framework for Nintendo's targeted advertising practices, specifying the technical mechanisms (cookies, pixel tags) and data collection scope (cross-platform ac…
This distinction allocates responsibility for data handling between Okta and its organizational customers under data protection frameworks. By designating customers as controllers, the provision clar…
This clause establishes a hierarchy of governing documents for data processing obligations, ensuring that data protection requirements are specified in the Data Processing Addendum rather than the ge…
This provision establishes a data processing pathway that removes personal data from privacy restrictions once de-identification occurs. The authorization to share de-identified data with third parti…
This clause establishes OpenAI's operational rights to process and utilize user-submitted content across service functions. The broad scope of authorized uses—including modification and derivative wo…
This provision operationalizes the data controller-processor relationship required under data protection regulations. It establishes the legal framework under which OpenAI processes personal data and…
This clause establishes the procedural framework governing third-party processor engagement under data protection regulations. It conditions sub-processor use on advance notification and creates a st…
This prohibition addresses the use of AI to enable invasive personal tracking, including applications designed to covertly monitor individuals' communications, location, or activity without consent.
This provision establishes the operational framework for Oura's advertising infrastructure, defining how personal data flows to support audience segmentation and marketing delivery across the company…
The clause establishes the operational basis for the service's personalization infrastructure, including the collection of behavioral data and its processing through automated systems to generate ind…
The license grant establishes Patreon's operational rights to exploit user-generated content across multiple distribution channels and formats without ongoing compensation or the need to seek individ…
The joint controller arrangement allocates data protection responsibilities between Peacock and Facebook Ireland under GDPR Article 26, requiring both entities to document their respective compliance…
This provision establishes the scope of Peloton's operational rights over user-generated content submitted through the platform. By defining the license as non-exclusive and including sublicensing ri…
The provision establishes the operational basis for Pinterest's advertising model by clarifying that personal information is not sold to advertisers directly, but that usage data, ad performance metr…
The clause establishes the operational mechanism through which Pinterest generates behavioral inferences at scale, enabling the service to construct granular audience segments for content ranking and…
This clause establishes a carve-out from restrictions on data use by defining a category of processed data that falls outside individual identification constraints. The operational significance is th…
This carve-out creates a distinct regulatory framework for enterprise customer data, separating it from the general privacy terms that apply to other users. It clarifies that PlanetScale's obligation…
The clause establishes Public.com's authorization to use user content across multiple formats and channels without compensation, including for advertising and marketing activities. This operational s…
Telephone calls with real estate agents often include sensitive personal and financial discussions; knowing these may be recorded is important for understanding what information Redfin retains.
The license grants Redfin broad authority over user content without restriction to specific geographic markets or internal use only, and permits sublicensing to third parties. The royalty-free struct…
The clause establishes the scope of data collection practices integral to service operation and product analytics. The granular categories enumerated—from user interaction patterns to device specific…
The clause operationalizes COPPA compliance by implementing tiered privacy settings triggered by user age, ensuring regulatory alignment while establishing conditions for service feature expansion as…
This provision clarifies the scope of content usage rights retained by Roblox beyond the direct operation of the platform. It establishes the operational framework for how creator content may be repu…
The provision establishes the institutional framework for Runway's data processing authority under EEA and UK law by declaring controller status and transparency obligations. It identifies the specif…
This provision is operationally significant for enterprise users who might otherwise seek to integrate AI-generated visual or analytical content into surveillance, security, or monitoring systems, an…
The provision defines the operational framework governing data collection and use, establishing transparency requirements and compliance obligations under data protection regulations. It clarifies Sa…
The terms authorize Scale to monitor, record, and copy all information transmitted through the site; the scope of this reservation covers any and all information and identifies operational or other p…
The incorporation of the DPA establishes the contractual framework governing how Shopify handles personal data subject to GDPR regulations. This creates binding obligations regarding data processing …
The dual role designation determines Shopify's legal responsibilities and the scope of its independent decision-making authority regarding personal data. When operating as a controller, Shopify maint…
The clause establishes Shopify's operational authority to repurpose and redistribute user-generated content through its partner network without requiring additional compensation or per-instance conse…
The distinction between data controller and processor roles determines legal responsibility for data handling obligations under data protection regulations. This allocation clarifies that merchants r…
This broad intellectual property license enables Shopify to operationalize user-generated content across its platform infrastructure, including reproduction and derivative work creation, without sepa…
The clause establishes the operational mechanism and authorization for contact discovery functionality, clarifying that contact information undergoes cryptographic hashing before transmission and tha…
This provision establishes the operational scope of automated content management on the platform. It specifies that algorithmic systems operate on user-derived training data, which means user informa…
The processor/controller distinction defines legal obligations and accountability structures under data protection frameworks. As a processor of Customer Data, Slack operates under customer instructi…
The license grant defines the scope of Slack's operational authority over data processed within the platform and establishes the legal basis for data retention, system operations, and service deliver…
The clause establishes the operational framework for data sharing and identifies the categories of recipients (hosting providers, analytics companies, marketing platforms, business partners) who acce…
The provision establishes the operational framework under which AI-driven service functionality operates, including the scope of data processing activities and the security standards applied. This de…
Cookies and tracking technologies enable Smartsheet and its advertising partners to build a profile of your online behavior, and understanding how to control them is important for users who value pri…
The clause establishes the operational basis for Snapchat's inference and profiling capabilities, permitting the derivation of predictive user attributes from both first-party behavioral data and thi…
The operational significance is that Spotify uses actual user behavior data as the basis for constructing demographic and preference profiles. These inferred attributes enable the service to personal…
This clause establishes the operational basis for Spotify's targeted advertising model by authorizing cross-context data use and third-party data integration. The provision specifies that tailored ad…
The provision establishes Square's operational rights to process and utilize user content across service functions and corporate activities without additional licensing negotiations or royalty obliga…
The clause establishes the operational basis for Square's use of transactional and behavioral data for marketing purposes, while specifying that users retain the ability to restrict this use through …
This clause creates a carve-out from privacy protections for data that has been processed to remove individual identifiers. The operational significance is that Stash retains broad authority to deriv…
This clause establishes the contractual foundation for Stripe's data processing activities and defines the permissible uses of user data within the service relationship. It clarifies that data proces…
This authorization establishes Stripe's ability to leverage aggregated or de-identified customer data to improve service offerings and conduct marketing activities, which constitutes a standard opera…
The dual role designation determines Stripe's obligations and responsibilities under data protection regulations. As a controller, Stripe determines processing purposes and means; as a processor, Str…
The dual-role framework establishes Stripe's legal responsibilities under data protection regulations. As a data controller, Stripe determines processing purposes and means; as a processor, Stripe pr…
The clause establishes the operational basis for profile generation while specifying user control mechanisms. This defines both the data processing activity and the procedural rights users retain ove…
This provision clarifies the operational data governance structure by specifying that Supabase functions as a data processor for Customer Data rather than as a data controller. This allocation of res…
This provision operationalizes data sharing with external service providers as a standard business practice. The authorization permits cross-site activity tracking, which expands the information ecos…
The provision establishes a perpetual, broad license grant that permits Target to exploit user-generated content across multiple use cases and derivative forms without temporal limitation or separate…
This provision establishes the operational basis for the Target Circle program's personalization functionality and creates a direct linkage between data collection and incentive delivery. It also est…
This provision establishes the operational basis for Threads' ad-supported business model. It clarifies the distinction between using data to target ads and the separate practice of selling personal …
This clause establishes the operational basis for algorithmic personalization and targeted advertising as core service functions. It specifies that information collection and use for personalization …
This clause establishes the operational scope and channels through which the entity may conduct marketing communications. The provision includes a mechanism for users to adjust their communication pr…
The clause establishes a data collection and sharing framework with third-party suppliers for purposes of service personalization. It clarifies that geodemographic profiling occurs through partner re…
This clause establishes the operational framework for the Platform's personalization system and establishes that ad targeting is a core service mechanism. It specifies the data categories TikTok uses…
The provision creates a framework for content regulation by establishing that TikTok enforces stated advertising standards through defined procedures applied consistently across platform sections. Th…
The provision establishes the operational framework for account access and platform integration, defining how advertisers authenticate and obtain authorization to use TikTok's advertising infrastruct…
The clause establishes the operational scope of Twilio's data processing authority and clarifies the division of responsibility between the service provider and customer regarding data quality. This …
This provision establishes the operational scope of data processing for AI features, clarifying that identifying information flows through the AI system in both directions—from user input through to …
In-store data collection through cameras and other technologies may capture biometric or behavioral data beyond what customers expect from a typical retail transaction, and the use of such data for m…
The provision establishes the operational scope for data use by permitting the company to process and apply user-derived data in de-identified form across a broad range of internal, product developme…
The clause establishes the operational basis for behavioral tracking infrastructure, enabling the service to maintain persistent user sessions and generate data used for both service optimization and…
The license grant establishes WhatsApp's operational rights to process, store, and utilize user-generated content across its service infrastructure. The sublicensable and transferable elements permit…
The provision specifies the operational lifecycle of voice data within the service: audio is treated as ephemeral processing material while the derived text outputs become persistent service records.…
The provision establishes an operational framework where model selection occurs at the system level rather than per-request, enabling Windsurf to allocate processing tasks to OpenAI infrastructure ba…
This clause defines the operational model for the free tier: advertising serves as the monetization mechanism that enables X to provide services without direct user payment. The authorization extends…
The clause operationally clarifies the scope boundaries of this privacy policy and establishes that different X-controlled services may implement different data handling practices. This creates a mul…
The clause establishes Microsoft's operational authority to process and repurpose user content across its service infrastructure and product development activities without additional compensation or …
The broad license structure enables Yelp to deploy user content across multiple platforms and purposes without ongoing compensation or exclusive content restrictions. The sublicensable and transferab…
This restriction establishes a specific advertising framework for the YouTube Kids service that excludes behavioral targeting and audience retargeting mechanisms commonly used in digital advertising …
This clause establishes the operational framework for Zendesk's use of sub-processors and defines the scope of their data access and permitted uses. It creates a contractual obligation requiring sub-…
This provision authorizes cross-device tracking and personalized advertising based on cookie and pixel data, which engages ePrivacy Directive consent requirements for EU users and CPRA opt-out rights…
This clause establishes a broad authorization for unrestricted use of data once it has been de-identified or aggregated, creating a category of data exempt from the privacy policy's standard limitati…
The clause delineates ZipRecruiter's operational role in data processing arrangements where clients retain primary control over personal data. This allocation affects the routing of data subject righ…
This provision authorizes automated AI-based analysis of user message content on the eBay messaging platform. The scope of 'harmful content' as determined by eBay is not precisely defined in this pro…
The broad scope of this license grant enables eBay to incorporate user-generated content into service operations, promotional activities, and platform expansion without obtaining separate permissions…
The clause establishes the legal basis for Betterment's collection and processing of personal financial information across multiple institutional functions, from core service delivery to secondary us…
The clause operationalizes content ownership and usage rights by preserving user IP ownership while authorizing the platform to utilize user-generated content across multiple operational and commerci…
This clause establishes Cursor's operational data practice boundaries under state privacy law frameworks, limiting the categories of data monetization and behavioral profiling activities the service …
The provision operationalizes a conditional data practice framework: tracking and advertising data flows remain subject to user signaling mechanisms and consent requirements. This establishes the pro…
The clause establishes broad authorization for Lyft to exploit user-generated content across multiple applications and derivative uses without time limitation or ongoing royalty obligations. The perp…
This clause establishes the operational basis for Salesforce's marketing communication activities and specifies the categories of personal data and communication channels through which such marketing…
Call recording without notice or consent may trigger legal requirements in certain states, and retaining recordings indefinitely raises questions about data minimization and the security of potential…
The clause establishes a specific operational use of location data within the subscription administration system. This defines how geographic information factors into the pricing mechanism rather tha…
Speed throttling after high-speed data limits are reached can significantly reduce the usability of your service for streaming, video calls, or other data-intensive applications for the remainder of …
This provision defines the operational scope of Verizon's rights to user-submitted materials and establishes the legal framework governing content ownership and licensing. The clause determines wheth…
The clause establishes the scope of permissible data processing activities internal to the service, defining operational functions that rely on information collection and use within YouTube Kids' sys…
Create a free account and watch the platforms that matter to you. We'll email you the moment something changes.
A data usage clause is a provision in a platform's terms of service or privacy policy governing data usage-related rights, obligations, or restrictions.
ConductAtlas tracks 170 platforms with data usage clauses - roughly 50% of platforms in the archive. 206 are classified as high severity.
Severity reflects the magnitude of rights waived, availability of opt-out, breadth of users affected, financial or legal exposure created, and the degree of discretion retained by the platform.