Fitbit
· Fitbit Privacy Policy
Health research data sharing involves your most sensitive biometric information being transferred to third parties outside Fitbit, and the consent terms at enrollment govern what protections apply—not this general privacy policy.
Home lending clients are subject to a wider data sharing network than standard investment clients, and consent to this sharing is embedded in the agreement to begin a loan application, not a separate affirmative opt-in.
Inferences can reveal sensitive personal traits without your explicit disclosure, and sharing them with third parties can result in profiling that affects the ads and content you see across the internet.
Inferences derived from your behavior create a detailed personal profile that can be used for advertising targeting, and may not be obvious to users who think they are simply listening to music.
The inclusion of 'when we believe' disclosure is necessary to protect rights or safety, in addition to legally compelled disclosures, gives T-Mobile discretion to share data with government entities beyond situations of formal legal compulsion.
The default opt-in structure means your data is shared with advertising partners unless you actively change your settings; this sharing may qualify as a 'sale' or 'sharing' of personal information under California law, giving California residents specific rights.
Microsoft
· Microsoft Privacy Statement (Legacy)
Even without sharing your name, the combination of search queries, location, device identifiers, and IP address shared with advertising partners can enable re-identification and detailed behavioural profiling by those third parties.
Your usage data, identifiers, and behavioral inferences from the PlanetScale platform may be used to target you with advertising on completely separate third-party platforms, which many users would not anticipate from a developer database service.
Runway
· Runway Privacy Policy
For EU and UK users, international data transfers to the United States require a lawful transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses. The policy's reliance on user acknowledgment through service use as a consent mechanism for transfers may not satisfy GDPR transfer requirements.
Users outside the US, particularly in the EU and UK, have stronger data protection rights under local law, and transferring data to the US without a specific legal mechanism may not satisfy those legal requirements.
For users in the EU, UK, and other jurisdictions with strong data protection laws, international transfers require specific legal safeguards; this provision acknowledges the transfer risk but does not specify which transfer mechanisms Supabase relies on.
Calm
· Calm Privacy Policy
For EU, UK, and Swiss users, the lawfulness of data transfers to the US depends on these mechanisms being properly implemented and maintained.
OpenAI
· OpenAI Data Processing Addendum
This provision establishes the legal mechanism for transferring EU/EEA, UK, and Swiss personal data to OpenAI in the United States, which is a mandatory requirement under GDPR Chapter V. Operators relying on this mechanism should verify the SCCs are properly incorporated and that the associated transfer impact assessment is adequate.
Cursor
· Cursor Privacy Policy
EEA and UK users have stronger data protection rights under GDPR and UK GDPR, and international transfers of their data require specific legal safeguards; this clause confirms transfers occur but does not name the specific transfer mechanisms used.
If you live in the EU, UK, or another jurisdiction with strong privacy protections, your data may be sent to countries with weaker legal protections, potentially reducing your rights and remedies.
Transfers of personal data from the EU or UK to countries without an adequacy decision require a legal transfer mechanism. The adequacy and implementation of that mechanism determines whether the transfer is lawful and what additional safeguards may be required.
For EU and UK users, transferring data to the US requires specific legal safeguards under GDPR and UK GDPR, and asserting broad consent as the transfer mechanism may not meet the required legal standard in all cases.
EU and UK users' data is processed under US law once transferred, and the adequacy of Standard Contractual Clauses as a transfer mechanism is subject to ongoing regulatory and legal scrutiny.
For users in countries with stronger privacy protections such as the EU, transferring data to the US may reduce the level of protection their personal data receives, and users should be aware that US law will govern their data once transferred.
EEA and UK users have strong GDPR protections that may not be replicated in the US, and cross-border data transfers require specific legal mechanisms to be lawful under GDPR.
Gemini
· Gemini Privacy Policy
International data transfers from the EU and UK are subject to GDPR transfer restrictions, and Gemini's compliance with these requirements affects the legal basis for processing EU and UK user data.
Bumble
· Bumble Privacy Policy
When your data is transferred internationally, it may be subject to foreign government access requests or weaker privacy laws, reducing your ability to enforce your rights.
The policy states that personal data of non-US users is processed in the United States, which does not have a general federal privacy law equivalent to GDPR, and that transfers are protected through standard contractual clauses and other approved mechanisms, though the adequacy of those mechanisms is subject to ongoing regulatory and legal developments.
The policy states that data may be transferred internationally and that standard contractual clauses or equivalent mechanisms are used, but does not specify which mechanisms apply to which transfer routes, which is relevant for EU and UK users assessing GDPR transfer compliance.
Netflix
· Netflix Privacy Statement
International data transfers mean your personal information may be processed in countries with different levels of data protection, and understanding which Netflix entity controls your data determines which legal framework and rights apply to you.
Consent-based international data transfer clauses are legally contentious under GDPR, where consent alone is generally insufficient as a transfer mechanism — EU users should understand that their data is transferred to and processed in the US under Apple's Standard Contractual Clauses.
Transferring your data internationally means it may be subject to different — and potentially weaker — legal protections, and may be accessible to foreign governments or other entities.
Data transferred outside the EU or UK may be subject to different legal protections, and the adequacy of Standard Contractual Clauses as a transfer mechanism depends on whether supplementary measures are in place given the privacy laws of the recipient country.
Ledger
· Ledger Privacy Policy
Data transferred outside the EEA may be subject to less protective legal regimes, and compliance with post-Schrems II transfer requirements depends on whether Ledger has implemented the 2021 updated SCCs and conducted transfer impact assessments.
International data transfers from the EU to the US remain a compliance-sensitive area following the Schrems II ruling. The adequacy of Standard Contractual Clauses depends on supplementary measures and the nature of the data, and regulators continue to scrutinize these transfers.