Pika
· Pika Acceptable Use Policy
This provision places the obligation to obtain express consent and hold all necessary rights directly on the user, covering privacy, publicity, and intellectual property laws, which creates significant personal legal exposure for users who upload images of others without following these steps.
Shein
· Shein Terms and Conditions
Loading a third-party advertising tracker on a privacy disclosure page may constitute data sharing before a user has had the opportunity to read or respond to the privacy notice, which engages notice-before-collection principles under multiple privacy frameworks.
This provision effectively overrides a user's deletion request for content embedded in a public character, which may conflict with data deletion rights under GDPR and US state privacy laws and creates a situation where personal information embedded in a character persona persists without the user's ongoing consent.
Lyft
· Lyft Privacy Policy
Continuous and background location tracking creates a detailed record of your physical movements, which the policy permits sharing with advertising and business partners beyond the core purpose of providing a ride.
Precise location and driving behavior data can reveal sensitive patterns about your daily life, routine, and movements, and this data is shared with affiliates and third parties.
Precise location data is among the most sensitive personal data types because it can reveal home and work addresses, religious or medical visits, and daily routines, and this data is shared with advertising partners.
Your real home neighborhood is tied to your account by design, and this data is used for advertising, meaning your physical location is part of Nextdoor's ad-targeting infrastructure.
Ford
· Ford Privacy Policy
This provision discloses collection of precise geolocation as a sensitive personal information category, which under CPRA and similar state laws may require specific consent mechanisms, disclosure obligations, and opt-out or opt-in rights distinct from general personal information.
Precise geolocation is among the most sensitive categories of personal data and is classified as sensitive personal information under California law, triggering heightened consumer rights and restrictions on its use and sharing.
Precise location data is among the most sensitive personal information a carrier can collect, revealing where you live, work, worship, receive medical care, and travel. Prior FCC enforcement actions against major carriers, including T-Mobile, involved unauthorized sale of this exact data type to third-party aggregators.
Grindr
· Grindr Privacy Policy
Precise geolocation data can reveal where you live, work, worship, receive medical care, and whom you associate with. For users of an LGBTQ+ platform, location data combined with identity data creates specific safety risks.
Grindr
· Grindr Terms of Service
Precise geolocation on an LGBTQ+ platform can be used to infer or expose a user's presence in sensitive locations such as health clinics, community centers, or private residences, creating safety and outing risks beyond typical location data concerns.
Precise GPS-level location data is among the most sensitive categories of personal information because it can reveal where you live, work, worship, or seek medical care, and this policy authorizes sharing it with a broad set of third parties beyond what is necessary for basic service delivery.
Garmin
· Garmin Privacy Statement
Precise location data over time can reveal sensitive information about a person's daily routines, home and work addresses, medical appointments, religious attendance, and other private behaviors, making it one of the most sensitive data categories in consumer technology.
This provision authorizes collection of multiple categories of precise location data, including GPS coordinates and cell tower proximity, and its combination with other data types enables detailed location profiling. Under CPRA, precise geolocation is classified as sensitive personal information subject to opt-out rights.
Prescription data is among the most sensitive categories of personal information; the policy's separate treatment of this data category signals distinct handling obligations, but the applicable protections depend on whether Instacart qualifies as a HIPAA-covered entity or business associate in this context.
TikTok
· TikTok Privacy Policy
This provision states that content collection can occur before a user makes a final decision to share or store content, meaning data about content a user chose not to publish may still be retained and processed by TikTok.
The provision creates a distinct data processing framework for preview services, authorizing Microsoft to apply alternative privacy protections and data collection practices that differ from standard commercial service terms, with governance determined by preview-specific notices rather than the primary privacy policy.
For any user submitting data to the Cohere API, the Privacy Policy governs what Cohere does with that data, including whether it is used to train or improve models, which is a material consideration for enterprise customers handling sensitive data.
These requirements directly affect how apps handle personal data belonging to millions of consumers, and non-compliance can result in app rejection or removal.
Redfin
· Redfin Privacy Policy
This provision creates a contractual linkage between the Privacy Notice and the Terms of Use, meaning that privacy disputes do not operate under a standalone privacy framework but instead fall under the dispute resolution and damages limitation procedures established in the Terms of Use. This integration affects which procedural rules, arbitration requirements, and liability caps apply to privacy-related claims.
Cursor
· Cursor Data Use & Privacy Overview
This provision establishes the full scope of data use when Privacy Mode is disabled, authorizing collection and use of codebase data, prompts, and editor actions for AI model training and disclosure to third-party model providers.
The Privacy Policy incorporated by reference governs the collection of identifiers, usage data, location-related data, and behavioral data associated with Threads use, and determines the legal basis for data processing asserted by Meta.
Google
· Google Analytics Terms of Service
This provision establishes a direct contractual obligation on account holders as data controllers to maintain adequate privacy disclosures, creating compliance dependencies with GDPR consent requirements, CCPA notice obligations, and FTC guidance on deceptive practices. Failure to post an adequate privacy policy constitutes a breach of the agreement and may independently trigger regulatory scrutiny.
As a major telecommunications carrier, Verizon has access to particularly sensitive data including precise location information and communications metadata, making the privacy policy one of the most consequential linked documents for consumers.
By reference incorporation, this provision creates a unified contractual framework where privacy practices become enforceable agreement terms rather than unilateral company policy. This mechanism ensures privacy obligations are subject to the same dispute resolution, liability, and modification procedures as other agreement provisions.
This provision operationalizes the separation between service terms and privacy practices by referencing external privacy documentation. It establishes that Azure data handling is subject to Microsoft's Privacy Statement rather than being solely defined within the Azure Terms themselves.
This provision operationalizes Anthropic's compliance obligations under child protection frameworks by establishing specific categorical prohibitions and affirmative safeguard requirements for products with minor user populations. The clause creates enforceable standards for product design, content filtering, and legal compliance across Anthropic's service offerings.
The explicit prohibition on child exploitation material and grooming reflects mandatory legal obligations under federal law and directly implicates the platform's CSAM reporting duties to the National Center for Missing and Exploited Children.
Google Ads
· Google Ads Advertising Policies Overview
This provision establishes data collection conduct standards that apply at the ad interaction level, complementing Google's broader privacy policies and creating a platform-level enforcement mechanism for deceptive data collection practices independent of applicable privacy law.