Gusto
· Gusto Privacy Policy
The processor designation clarifies the legal relationship between Gusto and employers regarding data responsibility. Under data protection frameworks, processors have specific obligations regarding data handling, security, and limitations on use that differ from those of data controllers.
Gusto
· Gusto Privacy Policy
This provision defines the operational responsibility structure for personal data handling, allocating data controller authority to the employer-customer while positioning Gusto as a processor bound by customer instructions. This framework establishes the contractual basis for how personal information flows through the platform and which entity bears primary liability for data governance decisions.
Gusto
· Gusto Privacy Policy
This allocation of roles establishes the contractual and legal framework for data handling responsibilities. It clarifies that employers, not Gusto, bear primary responsibility for determining how employee data is used and for compliance with data protection obligations.
Glean
· Glean Privacy Policy
This clause determines where your privacy rights can actually be exercised. Employees cannot bypass their employer to make data requests directly to Glean, which may create practical barriers.
Slack
· Slack Terms of Service
This provision defines the data governance model for enterprise deployments, establishing the employer as the data controller within the workspace infrastructure. The administrative authority granted to employers affects how personal data, communications, and work product are managed, retained, and potentially transferred or deleted.
Employees using Fireworks AI under an enterprise account should be aware that their activity and personal data may be visible to their employer or other company representatives through Fireworks, which has potential workplace privacy implications.
Gusto
· Gusto Terms of Service
This provision establishes that Employers bear contractual responsibility for Administrator compliance with the full agreement, including conduct of third-party accountant administrators, without Gusto assuming any monitoring obligation. This allocation of compliance responsibility is operationally significant for Employers who delegate account management to external parties.
Gusto
· Gusto Terms of Service
Payroll errors caused by incorrect data entry remain the legal and financial responsibility of the employer, even though Gusto is the platform processing and transmitting the payroll and tax filings.
Meta
· Meta Special Ad Category Requirements
This provision defines the scope of the Employment Special Ad Category and establishes that the mandatory designation applies not only to direct job listings but also to internship opportunities and professional training or certification programmes. Recruitment platforms, staffing agencies, and corporate talent acquisition advertisers must evaluate their campaign portfolios against this definition.
The collection of salary information, paystubs, benefits enrollment data, and timecard records represents a category of sensitive financial and employment data that extends beyond standard payment app data collection and may interact with payroll data privacy requirements and GLBA depending on use.
This provision applies to both whole specimens and component parts of endangered species, covering a range of products in wildlife trade, traditional medicine, luxury goods, and collectibles sectors. Advertisers in these sectors must assess product eligibility before campaign launch.
Stripe
· Stripe Privacy Policy
This allocation of data controller responsibilities clarifies the contractual relationship and legal obligations regarding personal data. It establishes that the Business User assumes primary responsibility for data subject rights and privacy compliance obligations, while Stripe operates under processor or service provider constraints.
This provision establishes the technical framework governing message confidentiality. The encryption mechanism defines the scope of data WhatsApp can access and disclose regarding message content.
End-to-end encryption is a significant privacy protection for message content, but the policy makes clear this applies to message content in transit and does not necessarily protect metadata (such as who you message, when, and how frequently) which WhatsApp does collect and may share.
This provision establishes a procedural mechanism for users to exercise control over whether their data is collected by Mixpanel's analytics platform. The availability of an opt-out mechanism defines the operational scope of user choice regarding data collection practices.
The provision establishes a mechanism through which users can control whether Mixpanel collects data from their device. The opt-out relies on a persistent cookie, meaning the user's opt-out preference must be maintained across browsing sessions to remain effective.
This clause establishes a contractual obligation for customers to propagate Google's substantive terms downstream to their own end users, creating a chain of contractual compliance and ensuring that Google's intellectual property protections and usage restrictions extend through the customer's service layer to ultimate users.
The enforcement clause covers all violations in this policy and gives Mistral AI broad discretion over whether to suspend or permanently terminate accounts, without specifying an appeals or review process in this document.
This clause establishes a controlled distribution model for engine tooling by designating specific authorized channels, which affects how developers can make Engine Tools-inclusive products available to end users and shapes the operational requirements for commercial distribution of such products.
Non-English-speaking users who rely on a translated version of the terms may be bound by obligations they did not fully understand if the translation differs materially from the English original.
Google Ads
· Google Ads Editorial and Technical Requirements
This provision establishes that advertisers relying on translated versions of the policy may encounter enforcement based on English-language terms that differ from the translation, creating compliance risk for non-English-speaking advertisers who may not be aware of discrepancies between the controlling text and the version they reviewed.
Runway
· Runway Privacy Policy
Employees using Runway with work email addresses may have their account information disclosed to their employer without a separate consent step, and enterprise account administrators are granted access and control rights over individual user accounts.
Figma
· Figma Privacy Policy
Employees using Figma under a company account should understand that their employer may be able to view their work, activity, and communications within the platform.
Notion
· Notion Privacy Policy
This provision clarifies the data governance structure for enterprise deployments by allocating administrative access rights to the organization rather than individual users, and establishes that data handling practices operate under the organization's policies rather than solely under Notion's privacy terms.
Runway
· Runway Privacy Policy
This provision establishes the administrative control structure for enterprise deployments and defines the scope of email disclosure practices tied to organizational domain membership. It reflects operational procedures for enterprise account management and cross-organizational communication.
OpenAI
· OpenAI API Data Usage Policies
This distinction is material for businesses processing employee or customer data through OpenAI products, as it affects whether submitted inputs could be incorporated into future model outputs accessible to other users.
Microsoft
· Microsoft Privacy Statement (Legacy)
This provision establishes a contractual data processing relationship where Microsoft's privacy obligations are defined by the enterprise customer's agreement rather than Microsoft's public privacy statement. The enterprise customer assumes primary responsibility for privacy compliance and data governance under this arrangement.
Microsoft
· Microsoft Privacy Statement (Legacy)
Users accessing Microsoft products through organizational accounts should be aware that their employer or institution may have access to their communications and files and may control their privacy settings, which is materially different from the protections available to personal account holders.
Runway
· Runway Privacy Policy
The provision establishes administrative access controls within enterprise deployments, enabling account management and workspace coordination at the organizational level. It also defines conditions under which Runway may share user contact information with organizational representatives for account administration purposes.
Cohere
· Cohere Privacy Policy
This provision allocates data protection responsibilities by designating the customer as the party responsible for lawful basis, compliance obligations, and end-user disclosures, while Cohere assumes processor liability for handling personal information according to customer directions. This allocation determines which party bears primary responsibility for regulatory compliance and data subject rights under frameworks like GDPR.