Fitbit
· Fitbit Privacy Policy
Health research data sharing involves your most sensitive biometric information being transferred to third parties outside Fitbit, and the consent terms at enrollment govern what protections apply—not this general privacy policy.
Home lending clients are subject to a wider data sharing network than standard investment clients, and consent to this sharing is embedded in the agreement to begin a loan application, not a separate affirmative opt-in.
Inferences can reveal sensitive personal traits without your explicit disclosure, and sharing them with third parties can result in profiling that affects the ads and content you see across the internet.
Inferences derived from your behavior create a detailed personal profile that can be used for advertising targeting, and may not be obvious to users who think they are simply listening to music.
The inclusion of 'when we believe' disclosure is necessary to protect rights or safety, in addition to legally compelled disclosures, gives T-Mobile discretion to share data with government entities beyond situations of formal legal compulsion.
The default opt-in structure means your data is shared with advertising partners unless you actively change your settings; this sharing may qualify as a 'sale' or 'sharing' of personal information under California law, giving California residents specific rights.
Microsoft
· Microsoft Privacy Statement (Legacy)
Even without sharing your name, the combination of search queries, location, device identifiers, and IP address shared with advertising partners can enable re-identification and detailed behavioural profiling by those third parties.
Your usage data, identifiers, and behavioral inferences from the PlanetScale platform may be used to target you with advertising on completely separate third-party platforms, which many users would not anticipate from a developer database service.
Runway
· Runway Privacy Policy
For EU and UK users, international data transfers to the United States require a lawful transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses. The policy's reliance on user acknowledgment through service use as a consent mechanism for transfers may not satisfy GDPR transfer requirements.
Users outside the US, particularly in the EU and UK, have stronger data protection rights under local law, and transferring data to the US without a specific legal mechanism may not satisfy those legal requirements.
For users in the EU, UK, and other jurisdictions with strong data protection laws, international transfers require specific legal safeguards; this provision acknowledges the transfer risk but does not specify which transfer mechanisms Supabase relies on.
Calm
· Calm Privacy Policy
For EU, UK, and Swiss users, the lawfulness of data transfers to the US depends on these mechanisms being properly implemented and maintained.
OpenAI
· OpenAI Data Processing Addendum
This provision establishes the legal mechanism for transferring EU/EEA, UK, and Swiss personal data to OpenAI in the United States, which is a mandatory requirement under GDPR Chapter V. Operators relying on this mechanism should verify the SCCs are properly incorporated and that the associated transfer impact assessment is adequate.
EU and UK users' data is processed under US law once transferred, and the adequacy of Standard Contractual Clauses as a transfer mechanism is subject to ongoing regulatory and legal scrutiny.
If you live in the EU, UK, or another jurisdiction with strong privacy protections, your data may be sent to countries with weaker legal protections, potentially reducing your rights and remedies.
Consent-based international data transfer clauses are legally contentious under GDPR, where consent alone is generally insufficient as a transfer mechanism — EU users should understand that their data is transferred to and processed in the US under Apple's Standard Contractual Clauses.
23andMe
· 23andMe Privacy Statement
For EU, UK, and other international users, transferring genetic data outside their jurisdiction may reduce the legal protections available to them under local law.
Grindr
· Grindr Privacy Policy
Transferring data internationally can expose it to different and potentially weaker legal protections than those available in the user's home country.
If you are in the EU or UK, your data may be sent to countries without equivalent legal protections unless adequate safeguards are in place, which the policy does not detail.
Netflix
· Netflix Privacy Statement
International data transfers mean your personal information may be processed in countries with different levels of data protection, and understanding which Netflix entity controls your data determines which legal framework and rights apply to you.
The policy states that data may be transferred internationally and that standard contractual clauses or equivalent mechanisms are used, but does not specify which mechanisms apply to which transfer routes, which is relevant for EU and UK users assessing GDPR transfer compliance.
Your data processed under EU or UK privacy law may be transferred to the US, where it could be subject to broader government surveillance access under US law — a key concern highlighted in the Schrems II ruling.
Transferring your data internationally means it may be subject to different — and potentially weaker — legal protections, and may be accessible to foreign governments or other entities.
International transfers mean your personal data may be subject to different legal protections depending on where it ends up, which is particularly significant for EU and UK residents with stronger home-country rights.
Fiverr
· Fiverr Privacy Policy
For EU and UK users, international data transfers carry legal significance because your data may leave a jurisdiction with strong privacy protections and be processed under different legal regimes, with Fiverr relying on Standard Contractual Clauses as the primary safeguard.
International data transfers from the EU to the US remain a compliance-sensitive area following the Schrems II ruling. The adequacy of Standard Contractual Clauses depends on supplementary measures and the nature of the data, and regulators continue to scrutinize these transfers.
For EU and UK users, data transferred to the US must be protected by appropriate legal mechanisms; while SCCs are an accepted GDPR transfer tool, their adequacy in practice depends on the specific supplementary measures implemented alongside them.
Bumble
· Bumble Privacy Policy
When your data is transferred internationally, it may be subject to foreign government access requests or weaker privacy laws, reducing your ability to enforce your rights.
Data transferred outside the EU or UK may be subject to different legal protections, and the adequacy of Standard Contractual Clauses as a transfer mechanism depends on whether supplementary measures are in place given the privacy laws of the recipient country.
Cursor
· Cursor Privacy Policy
EEA and UK users have stronger data protection rights under GDPR and UK GDPR, and international transfers of their data require specific legal safeguards; this clause confirms transfers occur but does not name the specific transfer mechanisms used.