These rights give you meaningful control over your personal data held by AI21, including the ability to request deletion or restrict use of your data for advertising purposes, but exercising them requires you to proactively contact AI21.
Auth0
· Auth0 Privacy Policy
The clause operationalizes Auth0's compliance obligations under privacy regulations (GDPR, CCPA) by establishing a formal mechanism for data subject requests. The provision conditions the availability of these rights on user location, meaning the substantive rights triggered depend on applicable jurisdictional law rather than Auth0's discretionary grant.
The policy acknowledges data subject rights under GDPR and CCPA, providing a contact mechanism for users to exercise access, correction, deletion, and restriction rights, which is a material protection for users in those jurisdictions.
Notion
· Notion Privacy Policy
The policy explicitly grants access, correction, deletion, portability, restriction, and objection rights to users in applicable jurisdictions, and directs users to contact privacy@makenotion.com to exercise these rights, providing a concrete mechanism for data control.
This provision operationalizes statutory data subject rights under GDPR and state privacy laws by specifying the mechanism (email contact), response timeline (45 days plus possible extension), and categories of rights available. The clause establishes Copy.ai's procedural obligations for processing and responding to data rights requests.
The clause establishes Monday.com's recognition of statutory data protection rights under GDPR and UK data protection frameworks, creating operational obligations for the entity to enable these rights upon user request and maintain mechanisms for their exercise.
The clause operationalizes data subject rights mandated by privacy regulations like GDPR, establishing Coursera's obligation to provide mechanisms through which users can exercise control over their personal data holdings and processing activities.
These rights are a core privacy protection, but they apply only to data for which HubSpot is the controller. If your data is in a business customer's HubSpot account, you must contact that business instead.
ADP
· ADP Privacy Statement
The clause operationalizes data subject rights by designating a submission mechanism, establishing response timelines tied to legal requirements, and specifying conditions under which ADP may verify identity or decline requests. This structures how individuals interact with ADP to exercise statutory privacy rights and delineates the procedural boundaries of those requests.
Fastly
· Fastly Privacy Policy
This provision operationalizes Fastly's compliance obligations under data protection regulations by establishing a documented mechanism for processing user requests related to personal data rights. The clause defines the procedural pathway through which requests are submitted and establishes Fastly's acknowledgment of rights that vary based on jurisdictional requirements.
The clause operationalizes regulatory data subject rights by creating a defined submission mechanism, establishing Thomson Reuters' obligation to receive and process such requests according to applicable jurisdictional requirements.
The provision operationalizes GDPR and similar privacy law obligations by designating a specific administrative channel for rights requests, standardizing the submission process and establishing a documented record of user-initiated data governance actions.
A corporate transaction could result in your wallet activity data, IP address history, and other personal information being acquired by an entity with entirely different privacy practices, and you may not receive advance notice before this happens.
This provision establishes that personal data constitutes a transferable asset in corporate restructuring events. The authorization applies both during negotiation periods and upon transaction completion, meaning data recipients may change without separate user consent if a qualifying business event occurs.
This clause establishes the operational framework governing how user data may be handled during corporate transactions or changes in service provision, clarifying that Personal Information constitutes a transferable asset subject to such events.
This clause means your data could end up controlled by a company with different privacy practices without requiring your consent, and the transfer may occur even during diligence before a deal is finalized.
A corporate transaction could result in your detailed financial profile, including account history, investment data, and Social Security number, being transferred to a new entity whose privacy practices you have not reviewed or agreed to.
Twilio
· Twilio Terms of Service
The clause establishes the operational scope of Twilio's data processing authority and clarifies the division of responsibility between the service provider and customer regarding data quality. This authorization is bounded by reference to a separate Data Protection Addendum, which specifies additional data handling requirements.
Stripe
· Stripe Terms of Service
The clause establishes the scope of Stripe's data collection and use rights across its service offerings. It establishes conditions for merchants handling customer personal data, requiring execution of a separate Data Processing Agreement to formalize responsibilities under data protection frameworks.
Stripe
· Stripe Terms of Service
The clause establishes Stripe's data processing authority across multiple operational and business intelligence functions. This governs the scope of permissible data practices and derivative work creation within the service delivery framework, including internal analytics and risk mitigation activities.
The policy states that personal data including gameplay activity and account identifiers may be used for advertising and analytics purposes, which may affect users who do not expect their gaming activity to be used for targeted advertising.
Writer
· Writer Privacy Policy
This provision authorizes use of user data for AI model training, which is operationally significant for enterprise customers concerned about proprietary content submitted to the platform potentially informing model improvements accessible to other users or the platform generally.
Meta
· Meta AI Labeling Policy
This provision establishes a use-limitation principle that confines the permissible scope of platform data use to the application context in which it was obtained, restricting cross-context behavioral profiling and off-platform advertising applications.
Users who delete their accounts expecting full erasure of their content may find that posts persist on other AT Protocol applications, which has direct implications for data subject rights under GDPR and CCPA.
This provision engages FTC guidance on AI-generated content disclosure and the EU AI Act's transparency requirements for AI-generated content, particularly in contexts such as customer service, journalism, academic submission, and legal proceedings. The clause is qualified by 'in contexts where this could mislead,' which preserves some discretion regarding fictional or clearly labeled creative uses.
This provision covers a broad range of AI-assisted deception use cases that have attracted significant regulatory and enforcement attention, including fake review generation and AI-powered impersonation.
Shopify
· Shopify Acceptable Use Policy
This provision establishes a conduct standard that mirrors FTC consumer protection requirements, and violations can result in account suspension or termination by Shopify in addition to any independent regulatory enforcement action.
PayPal
· PayPal User Agreement
The clause establishes an acceptance mechanism for ancillary terms beyond the primary user agreement, creating a binding commitment to supplementary terms at the point a user engages a specific payment solution product without requiring separate affirmative acceptance of those additional terms.
Pika
· Pika Acceptable Use Policy
This provision assigns users the obligation to disclose AI-generated or manipulated outputs, which aligns with and incorporates by reference applicable state and federal deepfake disclosure laws, placing legal compliance responsibility on users rather than the platform.
DeepL
· DeepL Terms and Conditions
The clause establishes DeepL's unilateral authority to alter service availability and functionality, and establishes that such modifications or access restrictions occur without incurring liability obligations to users. This defines the operational terms under which service continuity is not guaranteed.