Meta
· Meta Platform Policy
This provision establishes a floor of prohibited developer behaviors, particularly around sensitive data categories including health, financial, and precise location data, which receive additional protections requiring adequate consent and disclosure beyond what may be required for less sensitive data.
Meta
· Llama API Terms of Service
This provision establishes an absolute contractual prohibition on commercialization of platform-sourced data through sale, licensing, or brokerage channels, which constitutes a significant restriction on permissible business models for applications built on Meta's platform.
Google
· Google Analytics Terms of Service
This provision establishes a contractual prohibition on transmitting personally identifiable information through the Google Analytics service, which has direct implications for analytics implementations that may inadvertently include PII in URL parameters, custom dimensions, or event parameters. The parenthetical reference to data that could identify individuals 'in combination with other information held by Google' is operationally significant because it encompasses data that may not appear identifiable in isolation.
Cursor
· Cursor Terms of Service
This provision places contractual responsibility on users to ensure they do not input regulated data types such as medical records or financial account information into Cursor, which is significant for enterprise users and developers working with sensitive data.
This provision establishes affirmative age-targeting obligations that advertisers must operationalize through audience configuration settings, and creates compliance exposure under COPPA and equivalent frameworks if campaigns are found to have reached users below the specified age thresholds.
This provision establishes age-based targeting restrictions that require advertisers to configure audience parameters in compliance with both Pinterest's policy thresholds and jurisdiction-specific legal minimums, creating a layered compliance obligation.
This provision addresses AI-enabled privacy violations, including the use of generative AI to build surveillance or data harvesting tools targeting individuals without their knowledge.
This provision establishes the publisher, rather than Google, as the party responsible for obtaining and managing end-user consent for ad-related data collection on their properties. Failure to implement a compliant consent mechanism creates potential regulatory exposure for the publisher under GDPR and the EU ePrivacy Directive, independent of Google's own consent infrastructure.
Lime
· Lime Privacy Policy
Precise location data reveals your daily movements, home address, workplace, and travel patterns, making it one of the most sensitive categories of personal data collected by the service.
Oura
· Oura Privacy Policy
Reproductive health data carries heightened legal and personal risk, particularly given evolving US state laws on reproductive rights; users should understand that this data is stored by Oura and, in Platform contexts, can be shared with third-party Data Recipients.
23andMe
· 23andMe Privacy Statement
The policy discloses that Research consent, once acted upon and data shared, creates an irreversible commitment; withdrawal from Research stops future sharing but does not remove already-contributed data from third-party researchers who received it.
Meta
· Meta Platform Policy
This provision establishes a baseline protection for minors by restricting developer access to Meta's platform for child-directed applications unless specific approval and legal compliance obligations are met, particularly under COPPA.
Meta
· Meta Platform Policy
This clause establishes restrictions on data use for child-directed applications and creates a compliance obligation for developers to adhere to regulatory requirements governing the collection and use of minors' data.
Meta
· Llama API Terms of Service
This provision establishes categorical prohibitions on specific uses of platform data that intersect with anti-discrimination law and data protection frameworks governing special categories of personal data, creating compliance obligations for any developer whose application processes or could infer such attributes from platform data.
This exception creates a carve-out from the opt-out mechanism that allows the entity to retain training rights over flagged or reported content regardless of a user's training opt-out election. The provision operationalizes safety review and user-initiated reporting as independent grounds for data use authorization.
Grindr
· Grindr Privacy Policy
The clause establishes a default data sharing arrangement with advertising partners while providing users with a mechanism to control participation in this specific practice. The opt-out/opt-in structure determines whether personal data flows to marketing partners for targeted advertising purposes.
This provision establishes that Equifax engages in data sharing practices that qualify as a sale or share under CPRA and potentially other state privacy statutes, triggering opt-out rights for residents of qualifying states and requiring a conspicuous opt-out mechanism.
The provision establishes the operational framework under which user data becomes a functional component of the platform's advertising delivery system. This authorization governs how personal information flows to external parties and defines the permissible uses of that data within the advertising ecosystem.
Yelp
· Yelp Privacy Policy
This provision establishes the operational framework for Yelp's data sharing practices with external advertising partners. It clarifies that information shared under this authorization is limited to non-identifiable and aggregated forms, which defines the scope of third-party data access permitted under the policy.
The policy explicitly acknowledges that personal information is sold and shared within the meaning of CCPA, which means your purchase history, device identifiers, and browsing behavior may be transferred to third-party advertising and analytics companies.
This provision triggers opt-out rights under CCPA/CPRA for California residents and requires Walgreens to provide a clear and accessible opt-out mechanism, including recognition of the Global Privacy Control signal. The provision also implicates CPRA's annual data minimization obligations for data shared with advertising partners.
The provision operationalizes CCPA/CPRA compliance by creating an accessible consumer control mechanism and establishing a heightened consent standard for minors. The dual-track approach (opt-out for general consumers, opt-in for minors under 16) reflects statutory requirements for data sale and sharing practices.
Target
· Target Privacy Policy
The clause establishes a mechanism for users to affirmatively restrict how Target uses personal information for advertising purposes and establishes Target's procedural obligation to honor Global Privacy Control signals as equivalent to formal opt-out requests.
This clause operationalizes state-law opt-out rights by designating specific mechanisms (online portal and phone line) and establishing a processing timeline, creating procedural obligations for the company to honor consumer election of data usage restrictions.
Palantir's most significant data operations involve analyzing large datasets for government and corporate clients, and those processing activities are entirely outside the scope of this public privacy statement.
Unity
· Unity Privacy Policy
This provision affects potentially hundreds of millions of mobile game players who have no direct relationship with Unity but whose data Unity collects and uses for advertising profiling.
This provision requires sellers to submit sensitive personal and financial data categories that are subject to heightened protection under state financial privacy laws, data breach notification statutes, and potentially federal requirements depending on the nature of payout processing relationships.
eBay
· eBay Privacy Notice
Sellers are required to submit highly sensitive identity data including government IDs, social security numbers, and selfie photos, which represents a significant privacy commitment and creates elevated risk if this data were ever compromised or misused.
This provision discloses that sensitive personal data categories are processed within Meta's advertising infrastructure. The distinction between 'exclusionary' and 'targeting' use of special category data may require evaluation under GDPR Article 9, which restricts processing of such data regardless of the direction of its application in ad delivery.
The collection and inference of special category data carries heightened legal obligations under GDPR and many other frameworks, and creates elevated privacy risk if that data is used in advertising targeting or shared with partners.