Found in 39 of 325 platforms tracked (12% adoption) · 43 provisions
Given Equifax's 2017 breach affecting 147 million Americans — the largest breach of financial data in U.S. history at the time — the company's use of qualified 'reasonable measures' language rather t…
This standard disclaimer is particularly significant for Ledger given their documented 2020 breach, which exposed the physical home addresses of over 270,000 customers who were then targeted by phish…
Because Plaid handles bank credentials and full financial transaction histories for millions of consumers, the adequacy of its security measures directly determines the risk of large-scale financial …
By granting Robinhood a security interest over all account assets, you allow them to use your investments as collateral and lend them to third parties — meaning if Robinhood faced financial difficult…
T-Mobile has experienced multiple major data breaches affecting tens of millions of customers, making the adequacy of these security commitments and the timeliness of breach notifications a material …
Government IDs and Social Security numbers are the primary identifiers used in identity theft; their collection by a large platform creates concentrated risk, and their use must comply with strict st…
If your account is compromised and you failed to take adequate security precautions or delayed reporting unauthorized access, Wise may deny liability for resulting financial losses — even if the unde…
This standard disclaimer limits Acorns' liability in the event of a data breach — particularly significant given that Acorns holds Social Security numbers, bank credentials, and investment account da…
If someone gains unauthorized access to your account and makes purchases or posts content, Amazon holds you responsible for those actions — and children under 18 are legally restricted from independe…
Session replay tools like Sentry can capture detailed records of your on-screen activity, including what you type and where you click on a financial platform, which creates privacy risks if this data…
Placing full liability for unauthorized account access on the user — with no reciprocal obligation on Bluesky regarding security standards — means victims of account hacking bear all consequences, in…
While standard security language is typical for financial institutions, this provision does not specify encryption standards, breach notification timelines, or penetration testing frequency, leaving …
This is a high-level security commitment with minimal specifics — consumers cannot assess the actual strength of protections applied to their sensitive financial data from this description alone.
If your account is compromised due to a phishing attack, credential stuffing, or other security incident not caused by GitHub, you bear full responsibility for all activity and content posted under y…
Employees may not receive timely breach notifications because Glean notifies only the employer-controller, creating a chain of communication that could delay individual notification beyond statutory …
On a platform used by millions of students and minors, any data breach could expose sensitive educational and personal data; the disclaimer that security cannot be guaranteed is a standard but signif…
The 'reasonable measures' standard is a minimum legal threshold, not a guarantee; it does not specify encryption standards, access controls, penetration testing, or incident response times, leaving u…
While Mercury implements security controls, the disclaimer that absolute security cannot be guaranteed is standard but important for users to understand given the highly sensitive financial and ident…
This provision shifts liability for account misuse entirely to the user — even in scenarios where a breach may result from platform-side security vulnerabilities — and limits Meta's financial exposur…
AI systems face unique security threats that could cause them to behave harmfully or unpredictably — security failures in AI could expose your personal data or cause AI systems to make harmful decisi…
This provision acknowledges the applicability of privacy laws to AI systems and states that data collection, use, and storage in AI contexts should be transparent and subject to user control, which e…
This commitment is relevant to consumers whose personal data is processed by Microsoft AI systems, but it does not specify what data is collected, how long it is retained, or with whom it is shared —…
The acknowledgment that no security is 100% guaranteed is standard, but the policy's commitment to breach notification only 'as required by law' means notification standards vary by jurisdiction and …
The explicit prohibition on circumventing AI safety filters — commonly known as 'jailbreaking' — goes beyond standard cybersecurity terms and directly targets attempts to override the model's guardra…
The breach notification commitment is qualified by 'where required by applicable law' — meaning notification to individual users is not guaranteed in all breach scenarios, only where legally mandated.
The 'no guarantee of security' disclaimer is standard industry language, but it limits Nintendo's liability in the event of a data breach and places the residual risk of data exposure on users.
The standard 'no system is perfectly secure' disclaimer limits Palantir's liability in the event of a data breach, which is particularly significant given the sensitivity of data processed by Palanti…
The acknowledgment that security cannot be guaranteed is standard but important — it signals that in the event of a data breach, Progressive's liability may be limited by this disclosure.
The disclaimer that security cannot be 100% guaranteed is standard but meaningful given the sensitivity of financial data held — a breach could expose SSNs, trading history, and bank account numbers …
Default encryption protects your home footage from unauthorized interception or server breaches, but it does not prevent Ring or Amazon from accessing your videos — only end-to-end encryption does th…
Privacy by design is a GDPR legal requirement in the EU and a best practice standard globally — however, this is a marketing assertion without verifiable technical specifics, and Ring's prior FTC enf…
End-to-end encryption provides substantially stronger privacy protection than default encryption because it prevents Ring, Amazon, and potentially law enforcement from accessing your video content wi…
The disclaimer that 'no security measures are perfect' limits Squarespace's accountability in the event of a data breach, placing residual security risk with users.
If your account is compromised and a fraudulent Task or payment is processed, you may be held responsible for those charges because the Terms place all account activity liability on you.
A major information services company like Thomson Reuters holds highly sensitive professional, legal, and financial data, making the adequacy of security measures critical — but the vague language do…
Given the volume and sensitivity of precise location data Waze collects, a data breach could expose detailed records of users' physical movements, home addresses, and daily routines.
The disclaimer that security cannot be guaranteed is standard, but for a platform holding your SSN, bank accounts, and trading data, the practical consequence of a breach is severe — including identi…
This standard security disclaimer limits Wix's liability in the event of a data breach while placing the residual risk of unauthorized access on users, which is particularly relevant given the volume…
If someone else uses your account (even with your knowledge), DeepL may suspend or terminate it, and you remain responsible for all activity under your credentials.
The security disclaimer means that in the event of a data breach, Fastly's liability may be limited by this acknowledgment that absolute security cannot be guaranteed.
This is a strong and specific privacy protection: not only does Signal choose not to read your messages, it is technically architected so that it cannot, which provides much stronger protection than …
Secret Chats provide genuine privacy protection that cloud chats do not; users who want their conversations to be inaccessible to Telegram and third parties must specifically use this feature.
A security freeze is one of the most effective tools to prevent identity theft using your credit data, and placing one is free and can be done online.
Create a free account and watch the platforms that matter to you. We'll email you the moment something changes.
A security clause is a provision in a platform's terms of service or privacy policy governing security-related rights, obligations, or restrictions.
ConductAtlas tracks 39 platforms with security clauses - roughly 12% of platforms in the archive. 7 are classified as high severity.
Severity reflects the magnitude of rights waived, availability of opt-out, breadth of users affected, financial or legal exposure created, and the degree of discretion retained by the platform.