Gemini
· Gemini Privacy Policy
International data transfers from the EU and UK are subject to GDPR transfer restrictions, and Gemini's compliance with these requirements affects the legal basis for processing EU and UK user data.
EEA and UK users have strong GDPR protections that may not be replicated in the US, and cross-border data transfers require specific legal mechanisms to be lawful under GDPR.
The policy states that by using the service, users consent to data transfer to the US, which for EU and UK users intersects with GDPR requirements for lawful international data transfer mechanisms that go beyond consent alone.
EU, UK, and Swiss users have strong data protection rights, and the legal mechanisms Dropbox relies on to transfer data to the US have been subject to legal challenge; if those mechanisms were invalidated, data transfer practices would need to change.
The policy states that personal data of non-US users is processed in the United States, which does not have a general federal privacy law equivalent to GDPR, and that transfers are protected through standard contractual clauses and other approved mechanisms, though the adequacy of those mechanisms is subject to ongoing regulatory and legal developments.
Writer
· Writer Privacy Policy
EU and UK users should know their data is processed in the US and that SCCs are the legal basis for that transfer, which may require assessment under applicable data protection law.
For users in the EU, UK, and other jurisdictions with strict data transfer rules, relying on implied consent from platform use as the legal basis for international data transfers may not satisfy applicable legal requirements.
Twitch
· Twitch Privacy Notice
International data transfers can mean your personal information is processed in countries with different levels of legal privacy protection than your home country, which is particularly significant for EU and UK users.
UK and EU users are entitled to specific safeguards when their personal data is transferred internationally, and this clause discloses that such transfers occur without specifying the precise mechanisms used to protect data in transit.
For EU and UK users, transferring data to the US requires specific legal safeguards under GDPR and UK GDPR, and asserting broad consent as the transfer mechanism may not meet the required legal standard in all cases.
Transfers of personal data from the EU or UK to countries without an adequacy decision require a legal transfer mechanism. The adequacy and implementation of that mechanism determines whether the transfer is lawful and what additional safeguards may be required.
For users in countries with stronger privacy protections such as the EU, transferring data to the US may reduce the level of protection their personal data receives, and users should be aware that US law will govern their data once transferred.
Ledger
· Ledger Privacy Policy
Data transferred outside the EEA may be subject to less protective legal regimes, and compliance with post-Schrems II transfer requirements depends on whether Ledger has implemented the 2021 updated SCCs and conducted transfer impact assessments.
Data transferred internationally may be subject to different legal protections. The use of SCCs is a recognized GDPR transfer mechanism, but transfers to the US remain subject to ongoing legal scrutiny following the Schrems II ruling and evolving EU-US data privacy framework developments.
If you are an EU or UK resident, your personal data being transferred to the US means it may be subject to US government access laws, and the legal validity of transfer mechanisms has been subject to regulatory and judicial scrutiny in Europe.
The policy identifies Standard Contractual Clauses as the primary transfer mechanism for EEA personal data, which requires Datadog to conduct transfer impact assessments where required and to maintain compliant SCC documentation; APEC CBPR participation provides a separate framework for Asia-Pacific transfers.
Data transferred to the US is subject to US surveillance laws and may not receive the same legal protections as in the EU or UK, making the adequacy of transfer mechanisms a material compliance question for European organizations.
The incorporation of SCC Module 4 by reference upon DPA acceptance provides a recognized GDPR transfer mechanism, but fixes French law as the governing law and French courts as the dispute forum, which affects where and under what legal framework customers in non-adequate third countries (such as the US, absent an adequacy decision) must pursue remedies.
Zoom
· Zoom Privacy Statement
International data transfers are a significant compliance area under GDPR, and the adequacy of transfer mechanisms is subject to ongoing regulatory and legal scrutiny, particularly for transfers to the United States.
Notion
· Notion Privacy Policy
Data transfers from the EU to the US remain an area of regulatory scrutiny, and the adequacy of Standard Contractual Clauses depends on whether Notion has implemented the required supplementary measures following the Schrems II ruling.
International transfers of EU/EEA personal data are subject to strict GDPR rules, and the policy's reliance on SCCs, while legally recognized, requires ongoing monitoring and supplementary measures depending on the destination country.
Unity
· Unity Privacy Policy
International data transfers carry risk because data protection laws in destination countries, particularly the US, may offer weaker protections than GDPR; standard contractual clauses help but require Unity to conduct transfer impact assessments to verify they are effective in practice.
Microsoft
· Microsoft Privacy Statement (Legacy)
Following the Schrems II ruling (CJEU 2020), the legal validity of data transfers to the US depends on supplementary measures alongside SCCs; while the EU-US Data Privacy Framework (2023) now provides an alternative adequacy basis, any future invalidation of these mechanisms could disrupt Microsoft's services for EU users.
Zoom
· Zoom Privacy Statement
This provision governs how EU, UK, and Swiss users' personal data is legally protected when transferred to Zoom's servers or operations outside those regions. Standard Contractual Clauses are a standard but operationally significant mechanism that requires Zoom to provide contractual data protection commitments.
Slack
· Slack Privacy Policy
For EU, UK, and Swiss users, these transfer mechanisms are what legally permits your data to flow to Slack's U.S.-based infrastructure, and their validity is subject to ongoing legal developments at the EU and national level.
Stripe
· Stripe Privacy Policy
If you are in the EU, UK, or another jurisdiction with data transfer restrictions, your personal data is being sent to the US under legal mechanisms that have faced legal challenges, and your protections in the US differ from those in your home country.
Slack
· Slack Privacy Policy
Cross-border data transfers of EU/UK personal data to the US must be legally justified under GDPR, and the adequacy of SCCs remains subject to regulatory and judicial scrutiny, creating ongoing compliance risk.
Upwork
· Upwork Privacy Policy
For EU, UK, and Swiss users, the adequacy of the transfer mechanism directly affects whether their personal data receives the same level of protection outside Europe as it does within it. The use of SCCs requires a transfer impact assessment to be conducted and documented.
EU and UK users' data is subject to U.S. data access laws and surveillance frameworks once transferred, and the adequacy of Standard Contractual Clauses as a transfer mechanism requires that Windsurf has assessed and documented those transfer risks.
Strava
· Strava Privacy Policy
EU and UK users' data is processed in the United States, which is subject to US surveillance laws; Standard Contractual Clauses are the primary transfer mechanism but their adequacy has been contested, and users should be aware that their data crosses jurisdictional boundaries.