Violating these restrictions, including transmitting data that breaches third-party privacy rights, can trigger immediate account suspension and indemnification obligations, and the Customer is responsible for all authorized users under its account.
This provision establishes a data sharing relationship between Substack and third-party child safety organizations for CSAM detection purposes, which represents a newly disclosed category of third-party data transfer. The provision does not identify the specific consortia involved, which limits the ability of users or compliance teams to assess the data governance practices of receiving organizations.
Acorns
· Acorns Privacy Policy
Linking external financial accounts extends the scope of data Acorns collects beyond its own platform, and involves third-party aggregators who may have their own data retention and sharing practices.
This provision authorizes the use of cross-site tracking technologies and sharing of behavioral data with advertising and analytics partners, which may constitute a sale or sharing of personal information under CPRA for California residents. For EEA users, the use of non-essential tracking technologies requires consent under the ePrivacy Directive as implemented in EU member states.
This provision authorizes cross-context behavioral advertising data sharing, which triggers CCPA/CPRA opt-out rights for California residents and analogous rights under other state privacy laws. The breadth of data categories shared, including purchase history and inferences, creates ongoing consent and opt-out mechanism compliance obligations.
Personal data including behavioral and device information from an AI chat platform, where users may share sensitive or personal content, is being shared with third-party advertising networks for commercial purposes.
Waze
· Waze Privacy Policy
This provision establishes the operational basis for Waze's advertising model by permitting data sharing with third-party business partners and enabling personalized ad delivery across multiple platforms. The authorization to use collected information for targeted advertising is central to the service's business operations.
Uber
· Uber Privacy Notice
This clause establishes the operational framework for Uber's data sharing practices in advertising contexts, specifying which categories of business partners receive user data and the authorized uses of that data within those partnerships.
This provision authorizes sharing of personal data with advertising partners, which constitutes a sale or sharing of personal information under CCPA for California residents and requires a valid lawful basis under GDPR, typically consent for behavioral advertising. The provision engages CCPA opt-out rights and GDPR consent requirements for targeted advertising.
The provision establishes the operational framework for Discord's advertising monetization model by defining which data categories flow to advertising partners and the conditions under which users can restrict those transfers. This structure determines the scope of data sharing integral to the service's advertising infrastructure.
This provision establishes a data flow from Anyscale's services to third-party advertising networks that involves direct collection of behavioral data by those third parties, not merely receipt of information passed by Anyscale. This has compliance implications under GDPR consent requirements for cookie-based tracking and CCPA opt-out obligations for the sale or sharing of personal information.
Runway
· Runway Privacy Policy
The provision clarifies Runway's data sharing practices with advertising and analytics partners while establishing procedural pathways for users to restrict such disclosures under state privacy law frameworks that regulate 'sales' of personal information. The clause addresses technical limitations (cookie blockers) that may interfere with opt-out tool visibility.
The clause establishes the operational framework for information sharing across the Binance.US corporate group and with external vendors necessary for service delivery. It specifies that affiliate and service provider access to user data is governed by contractual restrictions limiting their use to authorized purposes.
Chase
· Chase Privacy Notice
Your financial and personal data may flow across the entire JPMorgan Chase enterprise and to third-party service providers, which broadens the number of entities that may access your information beyond Chase itself.
The clause establishes the scope of entities with access to user personal information and defines the operational basis for data sharing within the corporate group and to external service providers. This outlines the institutional structure through which personal data flows to support service provision.
The definition of affiliates determines which entities are authorized to access user data under LinkedIn's data sharing policies. Including Microsoft and its subsidiaries as affiliates expands the corporate group to which user information may be disclosed under the terms.
Cross-affiliate data sharing between Glassdoor and Indeed means that your job search behavior, profile, and contributions on one platform may be linked to your activity on the other, potentially without users realizing the two are connected.
This provision authorizes transfer of personal data to successor entities in a corporate transaction, which may result in users' data being held and processed by a new company operating under different practices, without requiring affirmative re-consent at the time of transfer.
This provision authorizes Mixpanel to derive value from data collected across all customer deployments by removing identifying information and using the resulting aggregate data for its own product development and analytics purposes.
The policy asserts that aggregated or de-identified data falls outside normal privacy protections, but the robustness of de-identification is not independently verified in the policy text, and re-identification risks exist particularly with detailed financial behavioral data.
Even if your individual personal data is deleted, Luma retains ownership of the aggregated and usage data derived from your activity and the analytical insights generated from it, which can be used to develop new products and services.
Even though Supabase does not claim ownership of your raw customer data, it retains rights to insights and analytics derived from that data, which is a common but material practice in cloud service agreements that customers should factor into their own privacy disclosures.
Users who enter sensitive business information into ClickUp Brain should be aware that their inputs may be processed by external AI providers, which introduces additional data exposure considerations beyond ClickUp's own infrastructure.
AI services like Azure OpenAI and Copilot may carry distinct terms governing data use for model training, output ownership, acceptable use, and liability for AI-generated content that differ from standard Azure cloud service terms.
Ring
· Ring Privacy Notice
As an Amazon subsidiary, Ring operates within Amazon's data ecosystem, meaning your video footage, usage data, and personal information may be accessible to or processed by Amazon, with implications for how your data is used across Amazon's services.
Steam
· Steam Privacy Policy
The policy asserts a broad right to share anonymized behavioral data with any third party, and the standard of what qualifies as sufficiently anonymized is not defined in the document, which may create re-identification risks depending on the data types involved.
Steam
· Steam Privacy Policy
The provision establishes a data processing framework that allows collection and distribution of anonymized analytics to external parties. The absence of specified retention limits means anonymous data may be retained and shared indefinitely under this authorization.
Your API usage data, which may reveal details about your application's architecture, business logic, and user behavior, can be disclosed to third-party API providers, potentially without your explicit consent for each disclosure.
The provision establishes the operational framework for a third-party transcription service, defining the scope of data transmission and imposing contractual restrictions on Google's use of shared audio data. This arrangement allows Telegram to offer voice-to-text functionality while limiting the categories of information accessible to the third-party processor.
The clause establishes the operational scope of automatic data collection mechanisms, specifying that collection occurs across multiple data categories and involves third-party service providers and advertising partners, creating a multi-party data flow structure.