AWS
· AWS Customer Agreement
The clause creates a framework for data residency control and establishes AWS's data access limitations and non-disclosure obligations as operational requirements. It specifies the conditions under which AWS may deviate from customer region selections, creating a clear procedure for compliance-driven data transfers.
Slack
· Slack Terms of Service
The incorporation of the DPA by reference creates binding obligations for both parties regarding personal data processing, particularly in relation to GDPR and other data protection regulations. This establishes the operational and legal framework under which customer data is processed and defines controller-processor responsibilities.
The provision clarifies the operational framework for data handling compliance by designating a separate DPA as the governing instrument for regulated data processing and allocating the compliance obligation for pre-transfer authorization to the customer organization.
The incorporation by reference establishes a separate contractual framework governing data processing obligations, liability allocation, and compliance responsibilities under European data protection law. This mechanism ensures that data processing activities are subject to statutorily-mandated terms rather than remaining within the general service agreement, affecting the regulatory compliance posture of both parties.
This clause establishes customer responsibility for the legal and procedural requirements of data processing under the Maps Platform. By allocating consent and disclosure obligations to the customer rather than Google, the provision defines the customer as the entity accountable for end-user privacy compliance in the deployment of Maps APIs.
Cohere
· Cohere SaaS Agreement
Data processing terms are operationally significant because they define the scope of information flows within the service architecture and establish the legal basis for Cohere's handling of customer inputs. This affects compliance obligations, data residency requirements, and the permissible uses of processed information.
Fastly
· Fastly Terms of Service
This provision creates a multi-document framework for data governance by incorporating privacy obligations by reference rather than specifying them within the main service agreement. It establishes that actual data processing requirements are defined in separate, potentially negotiated documents (the Privacy Policy and DPA) rather than solely in the Terms.
Vercel
· Vercel Terms of Service
The incorporation by reference mechanism makes privacy obligations enforceable as part of the contractual agreement, while the DPA requirement establishes a conditional obligation for certain jurisdictions to formalize data processor roles and responsibilities under regulatory frameworks.
Stripe
· Stripe Terms of Service
The incorporation of the DPA establishes a framework that specifies how each party must handle Personal Data processing, including mechanisms for international data transfers. This creates enforceable obligations for data handling practices that supplement the primary service agreement.
Neon
· Neon Terms of Service
The provision creates a structured allocation of data protection obligations between Neon and its customers. By incorporating the DPA by reference, the clause establishes that data processing terms are documented in a separate agreement and that customers retain responsibility for compliance with applicable data protection laws and notification requirements.
The clause creates a binding framework for how personal data is handled during service delivery by making a separate data protection document an enforceable part of the primary service agreement. This establishes specific compliance requirements and allocates data processing responsibilities between the parties.
The provision defines the scope and mechanics of data handling within Segment's platform infrastructure. It establishes the operational framework under which customer data is processed and classified for analytics and segmentation purposes.
The clause establishes a data sharing practice for advertising purposes as a standard operational term, while creating a compliance pathway for California residents under applicable state privacy law requirements.
Meta
· Meta Terms of Service
This provision establishes the operational basis for Meta's advertising business model by creating explicit authorization to process user data for ad targeting and delivery. The clause defines the scope of data Meta may process and the purposes for which it may be used within the service.
The provision establishes the operational scope of data utilization beyond primary service delivery, specifically authorizing use of user-provided and collected data for model training and research functions that support product development and service improvement.
The provision establishes the scope and permissible uses of de-identified data for internal product development and potential third-party commercialization activities. By specifying that such activities operate under voluntary participation with IRB oversight, the clause delineates the regulatory framework governing 23andMe's research operations on de-identified genetic and health information.
The clause establishes a framework for data monetization and operational insight generation across State Farm's business ecosystem. By de-identifying customer data, State Farm creates a data asset that can be distributed and used without the restrictions that typically apply to personally identifiable information under privacy law.
Netflix
· Netflix Privacy Statement
This provision establishes the operational scope of Netflix's data sharing practices for advertising and marketing functions. It defines the categories of third-party recipients who receive personal information as part of Netflix's standard advertising operations.
The clause allocates data governance responsibilities between HubSpot and its customers by defining HubSpot's role as a service provider rather than an independent controller, which determines applicable legal obligations under data protection frameworks and establishes the customer as the entity accountable for lawful basis to process contact data.
This allocation of roles creates a clear operational division of data responsibilities under applicable data protection frameworks. The provision establishes that Squarespace's data handling obligations are defined by the website creator's instructions and requirements, rather than Squarespace independently determining how visitor data is used.
ADP
· ADP Privacy Statement
This dual-role structure establishes different legal responsibilities and accountability frameworks for ADP's data processing activities. When ADP acts as a processor, the client employer retains primary data control obligations; when ADP acts as a controller, ADP assumes direct responsibility for establishing lawful bases for processing.
The dual role structure determines Zendesk's regulatory obligations and accountability framework under data protection law. As a controller, Zendesk bears primary responsibility for lawful processing of direct user data; as a processor, Zendesk operates under customer instructions and the customer retains controller status for end-user data.
This allocation of controller responsibility determines which party bears primary legal obligations under data protection regimes. The provision clarifies Shopify's role as a processor or service provider rather than a controller, affecting liability distribution and compliance obligations between the platform and its merchant users.
Glean
· Glean Privacy Policy
This provision establishes a legal data processing relationship where responsibility for data governance and privacy compliance is assigned to the customer organization rather than to Glean. It clarifies the chain of accountability for personal data handling and directs individuals to the appropriate entity for privacy inquiries.
Asana
· Asana Privacy Statement
This provision clarifies the allocation of data responsibility in business deployments, designating the employing or sponsoring organization—rather than Asana—as the entity responsible for determining how user data is collected, used, and disclosed. This structure establishes the contractual relationship between Asana and the organization as the primary data governance arrangement.
GitHub
· GitHub Privacy Statement
This provision clarifies the data governance structure within organizational deployments, allocating responsibility and control authority between GitHub and the organization, which affects compliance obligations and data handling authority within the enterprise context.
The clause authorizes cross-platform data integration between YouTube Kids and the broader Google account ecosystem. This operational integration means data collected in the YouTube Kids environment becomes part of the child's persistent Google account record and informs personalization across Google's services.
The provision establishes Anthropic's ownership and usage rights over feedback data collected through rating interactions and user submissions. This creates an operational mechanism for the service to incorporate user-generated data into model training, product improvement, or other internal purposes without contractual constraints on use or limitations on commercial application.
The provision allocates regulatory responsibilities based on functional role under data protection law. This operational distinction determines which legal framework governs personal data handling and establishes whether a separate data processing agreement is required for compliance.
Strava
· Strava Privacy Policy
The clause establishes the operational basis for Strava's aggregation and sharing of user-generated location data at scale. This authorization applies to all users whose activities contribute to these features unless explicitly opted out through available settings.