This distinction determines who is legally responsible for protecting your data and who you can contact to exercise rights like deletion or access, which may not be obvious when visiting a Squarespace-powered site.
This distinction determines who is legally accountable for cardholder data rights requests: if a cardholder wants to exercise GDPR rights over their payment data, they may need to contact the merchant rather than Checkout.com directly for certain processing activities.
This distinction determines who is legally responsible for your data and who you should contact with privacy requests, depending on how you encountered Amplitude.
The clause delineates ZipRecruiter's operational role in data processing arrangements where clients retain primary control over personal data. This allocation affects the routing of data subject rights requests and establishes that ZipRecruiter's responsibility is limited to processing under client direction rather than independent data stewardship.
This provision delineates Amplitude's legal responsibilities under data protection frameworks by specifying when Amplitude bears primary accountability for data handling decisions versus when it operates under customer instructions. The classification determines which party holds primary obligations under applicable data protection regulations and customer contractual requirements.
The dual-role structure defines HubSpot's legal responsibilities and regulatory obligations under data protection frameworks. When operating as a controller, HubSpot bears primary responsibility for processing decisions; when operating as a processor, responsibility for lawfulness and data subject rights transfers to the customer as controller, while HubSpot assumes data handling obligations specified in processing agreements.
Stripe
· Stripe Privacy Policy
The designation of Stripe's role as controller or processor determines the scope of Stripe's obligations and legal responsibilities under data protection regulations, particularly GDPR and similar frameworks. This distinction affects how Stripe handles data subject rights requests, consent requirements, and breach notification obligations.
Slack
· Slack Privacy Policy
The processor/controller distinction defines legal obligations and accountability structures under data protection frameworks. As a processor of Customer Data, Slack operates under customer instructions; as a controller of Other Information, Slack independently determines processing purposes and means, creating different compliance obligations and data handling requirements for each category.
Yelp
· Yelp Terms of Service
EEA, UK, and Switzerland residents contract with Yelp Ireland Ltd. rather than the US entity, which is relevant for determining which data protection authority oversees their complaints and which consumer protection laws apply.
Hinge
· Hinge Terms of Service
Which entity operates your account determines which country's laws apply to your relationship with Hinge, what privacy rights you have, and which courts or regulators have jurisdiction over complaints.
The dual-channel data collection enables Walmart to maintain a unified customer profile across retail touchpoints, which supports targeted marketing, inventory management, and personalization of offers across platforms.
Stripe
· Stripe Privacy Policy
The dual-role framework establishes Stripe's legal responsibilities under data protection regulations. As a data controller, Stripe determines processing purposes and means; as a processor, Stripe processes data on behalf of other controllers. This distinction determines which entity bears primary compliance obligations and liability for data handling practices.
The distinction between controller and processor determines who is ultimately responsible for your data rights; if you are an employee or end user of a business that uses Synthesia, your data rights may need to be exercised through that business rather than directly with Synthesia.
The dual role designation establishes different data governance responsibilities depending on the product used. When DocuSign acts as controller rather than solely as processor, it assumes independent obligations regarding data retention, use, and compliance with data protection regulations, which affects the scope of accountability between DocuSign and its customers.
The document establishes that materially different terms apply to users based on their jurisdiction, with EU and UK users retaining access to Digital Services Act and Online Safety Act redress mechanisms not reflected in the updated non-EU terms.
This restriction defines operational boundaries for Google's AI development and deployment activities. The clause establishes commitments regarding categories of applications that fall outside the scope of Google's AI product development strategy.
The provision addresses the operational persistence of content licensing beyond the point of user-initiated removal, establishing that YouTube's rights do not terminate immediately upon deletion and that the platform may maintain backend copies for technical or compliance purposes. This structure allows YouTube to manage content lifecycle and archive retention separately from active distribution rights.
The term commercially reasonable period is not defined in the agreement, creating ambiguity about how long YouTube retains active license rights over removed content. The server copy retention right is stated separately and is not subject to a defined duration.
The clause designates a specific legal framework and forum for dispute resolution, establishing that Netherlands courts have exclusive authority to adjudicate disputes and that substantive agreement interpretation follows Netherlands law.
This provision establishes that pricing is not fixed and may increase substantially during high-demand periods, with Uber's obligation limited to reasonable notification efforts rather than explicit pre-transaction consent for each surge price. The user's account-level responsibility for all charges applies regardless of the pricing mechanism in effect at the time of the transaction.
This provision establishes Instacart's operational authority to adjust its fee structure unilaterally and dynamically. The authorization to vary fees based on demand and order attributes creates a variable pricing mechanism rather than fixed, predetermined rates.
eBay
· eBay Privacy Notice
The inclusion of a dedicated AI section in eBay's privacy notice indicates that user data may be used to train, test, or inform AI systems, which has implications for automated decision-making and profiling rights under GDPR.
This clause ties a financial consequence, specifically the loss of any subscription or payment made, to a conduct determination made at Midjourney's discretion, without describing an appeals or review process.
The clause conditions continued access to the Editor tool on compliance with stated community standards and establishes the operational consequence—account suspension or ban—as a potential enforcement response to violation, with financial implications for prepaid service balances.
This provision establishes the legal framework governing EEA and UK user data, including the reliance on standard contractual clauses for international transfers. The adequacy of these safeguards and the validity of the legitimate interest basis for AI training and advertising processing are subject to evaluation by EU supervisory authorities and the UK ICO.
This provision establishes GDPR-based rights for EEA and UK users and requires OpenSea to identify the lawful basis for each category of processing, which creates obligations around consent management, legitimate interests assessments, and response procedures for data subject requests.
GDPR rights are among the strongest consumer data protections globally, and Grammarly's policy acknowledges them for EEA and UK users, meaning those users have enforceable legal recourse if their data is mishandled.
The policy acknowledges GDPR and UK GDPR rights for EEA and UK users but does not specify the lawful basis for processing under GDPR Article 6, which may be material for users or regulators assessing the adequacy of OpenRouter's data processing compliance.
Suno
· Suno Privacy Policy
EEA users can object to processing carried out under legitimate interests, including potentially Suno's use of their Content and prompts for AI model training, which gives these users more control over their data than users in most other jurisdictions.
The geographic designation signals that Comcast has structured its privacy obligations to account for regional regulatory frameworks in these jurisdictions, including GDPR and equivalent data protection regimes. This framing indicates differentiated privacy obligations may apply depending on user location.