Lyft
· Lyft Privacy Policy
The policy permits disclosure of your trip history, location data, and other personal information to government or law enforcement not only under compulsory legal process but also when Lyft determines it is 'reasonably necessary,' which is a discretionary standard that goes beyond strict legal compulsion.
The provision clarifies the operational framework under which Roblox processes legal demands and discloses user data to government entities, establishing the company's compliance procedures and the scope of information it may provide to authorities.
This provision establishes the conditions under which Delta will share your data with government authorities, including a 'good faith belief' standard that permits voluntary disclosures beyond those strictly compelled by court order.
This clause establishes a mechanism for Anthropic to create differentiated contractual terms for government entities, allowing use restrictions to vary from standard policy terms based on Anthropic's assessment of whether alternative safeguards sufficiently mitigate identified risks.
The clause establishes a framework under which Anthropic retains discretionary authority to negotiate alternative use restriction terms with government entities, creating a carve-out from the standard Usage Policy based on Anthropic's assessment of risk mitigation adequacy.
Hinge
· Hinge Privacy Policy
Government-issued ID contains highly sensitive identity information including your full legal name, date of birth, address, and ID number, and submitting a copy to a third-party app creates risks if that data is not adequately secured or if it is retained longer than necessary.
Uber
· Uber Privacy Notice
Government-issued identification numbers constitute sensitive personal information under CPRA and personal data subject to heightened protection under GDPR, and their collection and retention creates obligations regarding secure storage, access controls, and defined retention periods that should be documented in compliance programs.
The policy identifies government-issued identification and signatures as potentially sensitive personal information and states that consent will be obtained where legally required, but does not specify in detail how consent is obtained or how long this data is retained.
Meta
· Llama Community License Agreement
This clause establishes the foundational scope of what licensees are permitted to do with Llama 3, including commercial use and derivative works creation, but the rights granted are conditioned on full compliance with all other terms, including the Acceptable Use Policy.
This greater-of methodology ensures that Coinbase collects the maximum of two fee calculations for each transaction, which establishes the operative pricing structure for all transactions on the platform. The mechanism creates a floor below which fees will not fall and prevents scenarios where either fee type alone would result in lower charges.
The gross-up obligation means that in jurisdictions with withholding tax requirements, the Customer's actual cost of using the Services will exceed the listed fee; the obligation compounds because it applies to any taxes on the gross-up payment itself.
This provision bars advertising of both hacking-derived products and the technical tools enabling unauthorized access, applying the restriction to the product category itself rather than only to deceptive claims about such products. Advertisers in cybersecurity, data services, and technology sectors must assess whether advertised products could be classified within these prohibited categories.
The harm documentation requirement creates an affirmative pre-deployment obligation that functions as a form of AI impact assessment, which aligns with emerging regulatory requirements for AI governance documentation under frameworks such as the EU AI Act.
Amazon
· AWS Acceptable Use Policy
This provision operates as a baseline conduct requirement that shapes the scope of permitted service usage. AWS retains enforcement discretion to determine whether specific content violates these categories and to take corrective action, including service suspension, based on policy violations.
This clause defines content restrictions that establish the operational boundaries of the service. The provision functions as a use limitation that Mistral AI enforces through its content moderation and compliance mechanisms.
Uber
· Uber Privacy Notice
The collection of demographic and accessibility data enables targeted service features and informs the company's marketing practices. This establishes the operational basis for feature provisioning and audience segmentation activities.
This provision discloses collection of sensitive data categories including financial account numbers and health information. Health information collected in the context of wellness apps or services may engage HIPAA or FTC health breach notification requirements depending on the specific service context.
Health data is among the most sensitive categories of personal information because its misuse can affect insurance eligibility, employment decisions, and personal relationships. The policy's stated protections are meaningful, but users should understand they depend on Apple's consent mechanisms and contractual commitments to developers.
Shopify
· Shopify Acceptable Use Policy
This provision establishes Shopify's operational boundaries for product categories permitted on its platform, functioning as a categorical exclusion mechanism tied to regulatory compliance status and substantiation of product claims. The restriction directly constrains the product inventory merchants may list and operate through the Services.
The policy reserves the right to share attendee health and safety data, which may include names, contact details, seat locations, and entry and exit times, with government authorities, which represents a significant disclosure to state actors that consumers may not anticipate when purchasing tickets.
Calm
· Calm Privacy Policy
The clause establishes a conditional data collection mechanism that requires user permission as a prerequisite, while simultaneously narrowing the scope of permissible processing by prohibiting health inferences and limiting use to the original purpose. This operational constraint affects how Calm can process and utilize the health app data it receives.
Calm
· Calm Privacy Policy
Sleep data from health apps is sensitive personal information; while Calm states it limits use of this data to its original purpose, users should understand what they are consenting to when granting health app access.
Noom
· Noom Terms of Service
This disclaimer establishes the operational scope of Noom's service model and allocates responsibility for medical decision-making to users and their healthcare providers. It defines the legal boundaries of the service by specifying what Noom does not provide and what users must independently verify.
Strava
· Strava Privacy Policy
This commitment offers meaningful protection for sensitive health metrics like heart rate and VO2max collected from wearables, but the carve-out for 'specific purposes described in this Policy' means AI training and service improvement uses may still apply.
Noom
· Noom Terms of Service
This disclaimer limits Noom's liability for health outcomes resulting from following its program, even though users share sensitive health data and receive coaching that influences health behaviors.
Fitbit
· Fitbit Privacy Policy
This clause establishes the operational framework for secondary use of health data within Fitbit's research ecosystem. It conditions data sharing on affirmative opt-in to specific research programs rather than applying automatically to all users.
OpenAI
· OpenAI API Data Usage Policies
This provision establishes that OpenAI offers BAA execution as a contractual mechanism for healthcare sector customers subject to HIPAA, which is a prerequisite for lawful processing of protected health information through OpenAI services.
HIPAA provides meaningful federal protections for clinical health data, including restrictions on how it can be used and shared, and gives patients specific rights including access, amendment, and accounting of disclosures that go beyond general privacy law.
Windsurf
· Windsurf Security & Data Handling
Healthcare organizations using Windsurf should be aware that a BAA is described as available for 'significant implementations' rather than as a standard offering, meaning smaller healthcare customers may need to specifically request and negotiate one.
Noom
· Noom Privacy Policy
Many users assume that a health and wellness app is subject to HIPAA protections; this disclaimer clarifies that Noom's data practices are governed by its own privacy policy and applicable consumer privacy laws, not HIPAA's stricter health data standards.