PayPal
· PayPal Buyer and Seller Protection
The clause creates PayPal's authority to condition claim reimbursement on the claimant's compliance with information requests and shipping requirements, establishing evidentiary and logistical obligations that must be satisfied within PayPal-specified timeframes to advance a claim.
Documents signed through DocuSign frequently contain sensitive personal, financial, legal, or medical information, and this clause confirms that content is collected and processed by DocuSign as part of its service.
Without the clause text, consumers and compliance teams cannot confirm what rights they hold, what data SimpliSafe may collect or share, or what dispute resolution mechanisms apply to their agreement.
Hulu
· Hulu Privacy Policy
The California Privacy Rights Act gives California residents enforceable rights to stop their data from being used for cross-context behavioral advertising, and this clause describes how to exercise those rights.
Roblox
· Roblox Privacy Policy
CPRA grants California residents a statutory right to opt out of the sale and sharing of personal information for cross-context behavioral advertising; this provision establishes the mechanism by which that right can be exercised on the Roblox platform.
Noom
· Noom Privacy Policy
This provision operationalizes California privacy law requirements by establishing the procedural mechanism through which users can exercise statutory data control rights. It delineates the scope of permissible data sharing absent an affirmative opt-out election by the user.
Slack
· Slack Privacy Policy
The CCPA opt-out right is a legally enforceable protection for California residents that limits how Slack can use personal data for commercial purposes beyond service delivery, including potential use for targeted advertising.
This provision establishes the mechanism by which consumers can exercise their statutory opt-out rights under CCPA/CPRA and analogous state laws, and discloses that opting out may affect the personalized experience consumers receive.
Yelp
· Yelp Privacy Policy
The clause operationalizes statutory obligations under state privacy laws (CCPA/CPRA) by establishing specific procedural channels through which consumers can exercise opt-out rights. The non-discrimination requirement establishes that exercise of these rights does not alter service availability, pricing, or quality of service.
Stash
· Stash Privacy Policy
This provision clarifies Stash's tracking practices in relation to browser-level privacy signals. It establishes that the service's data collection scope is not modified by DNT browser settings, meaning tracking behavior remains consistent with the terms' stated data practices.
Stash
· Stash Privacy Policy
Several US states have enacted or are implementing universal opt-out signal requirements that go beyond the legacy Do Not Track standard; Stash's policy of not responding to browser-level signals may require re-evaluation as these requirements expand.
Several state privacy laws now require businesses to honor browser-based opt-out signals such as the Global Privacy Control; State Farm's stated non-support for these signals may create compliance exposure in states where honoring such signals is legally required.
This provision creates a layered obligation structure in which the entity closest to the end user (the API customer or operator) bears contractual responsibility for policy compliance throughout their deployment, not merely at the point of API access.
This provision creates a compliance obligation for deployers to implement and enforce acceptable use terms with their own customers, extending Stability AI's policy framework through the distribution chain.
Businesses cannot assess Amplitude's data protection obligations from the ToS alone; the DPA is the operative document for GDPR and privacy law compliance, and it must be reviewed separately.
Pinecone
· Pinecone Data Processing Addendum
This clause reserves Pinecone's right to modify the DPA unilaterally, which may affect the data protection commitments business customers rely upon for their own regulatory compliance. The modification procedure in Section 15 governs how and when changes take effect.
Lyft
· Lyft Privacy Policy
The provision establishes Lyft's authority to process and utilize background check and identity verification data as a standard operational practice. This authorization enables Lyft to conduct safety screening and verification procedures that are core to platform operations and risk management.
Uber
· Uber Privacy Notice
This clause operationalizes data subject rights by defining the mechanism and scope of individual data access and deletion requests. The provision also establishes Uber's retention authority for data needed to satisfy legal obligations and specified operational functions, which defines the boundaries of deletion requests under the agreement.
Uber
· Uber Privacy Notice
The notice provides access and deletion rights but includes a broad retention carve-out for legal, safety, and business purposes, which may significantly limit the practical scope of deletion rights depending on how broadly Uber applies these categories.
Uber
· Uber Privacy Notice
The collection and processing of banking and payment information is operationally necessary for Uber to facilitate payment transactions and offer financial products to drivers. This establishes the data categories and purposes that structure the payment system.
Lyft
· Lyft Privacy Policy
Drivers' personal identifying information including real-time location is shared with riders and third-party vendors, which creates specific privacy and safety considerations for drivers as a distinct user group whose data is more broadly disclosed than riders' data.
Uber
· Uber Privacy Notice
This provision establishes the operational mechanisms through which users can exercise data subject access and deletion rights, establishing Uber's procedural obligations to facilitate these requests and maintain accessible data retrieval systems.
Uber
· Uber Privacy Notice
The provision establishes a data collection and usage framework that ties driver performance metrics to platform ratings and safety assessments, while enabling data sharing with third-party insurance entities as part of the operational structure.
The dual role designation determines Shopify's legal responsibilities and the scope of its independent decision-making authority regarding personal data. When operating as a controller, Shopify maintains independent authority over data handling decisions; when operating as a processor, Shopify's data processing activities are governed by Merchant directives, establishing a chain of responsibility between Merchant and Shopify for customer data.
Adyen
· Adyen Privacy Policy
If Adyen is acting as a processor for a merchant, you may need to go to that merchant, not Adyen, to exercise rights like deletion or access, which adds a step and could delay or complicate your request.
This provision determines which legal obligations, data subject rights workflows, and contractual requirements apply depending on the data processing context. Organizations deploying Amplitude's SDK must assess their own controller responsibilities for end-user personal data processed through the platform, and should ensure a Data Processing Agreement with Amplitude is in place to govern the processor relationship.
The dual-role structure establishes different legal responsibilities and compliance obligations depending on the data category. As a processor, Mixpanel operates under customer instructions and data protection agreements; as a controller, Mixpanel determines purposes and means of processing and bears direct regulatory accountability.
Workday
· Workday Privacy Statement
If you are an employee using Workday at work, your employer, not Workday, is typically the controller of your HR data, which means you may need to direct privacy requests to your employer rather than to Workday directly.
Egnyte
· Egnyte Privacy Policy
This distinction determines who you must contact to exercise privacy rights over your data and which policies govern your information depending on context.
This dual-role structure allocates data protection responsibilities between Monday.com and its customers under applicable data protection regulations. The designation clarifies that customer-uploaded data processing obligations flow through a dedicated Data Processing Agreement rather than the privacy policy alone, establishing the contractual framework for processor liability and compliance requirements.