International data transfers mean personal financial and identity data may be processed in countries with different privacy laws, and the adequacy of protection depends on the specific mechanisms used and whether they remain legally valid under current rulings.
The policy identifies Standard Contractual Clauses as the primary transfer mechanism for EEA personal data, which requires Datadog to conduct transfer impact assessments where required and to maintain compliant SCC documentation; APEC CBPR participation provides a separate framework for Asia-Pacific transfers.
For EU and UK users, data transfers to the US require legally valid safeguards under GDPR, and the policy's reliance on consent as a transfer mechanism may not satisfy GDPR requirements in all circumstances.
Netflix
· Netflix Privacy Statement
The clause establishes a mechanism for users to identify which Netflix entity controls their personal data, which is operationally significant for data protection compliance in jurisdictions that require data controller identification.
Data transferred internationally may be subject to different legal protections. The use of SCCs is a recognized GDPR transfer mechanism, but transfers to the US remain subject to ongoing legal scrutiny following the Schrems II ruling and evolving EU-US data privacy framework developments.
Miro
· Miro Privacy Policy
This provision establishes the legal mechanism for cross-border data transfers, which is a material compliance consideration for EU and UK enterprise customers following Schrems II and the EU-US Data Privacy Framework.
The provision sets the operational framework for Discord's data handling infrastructure by anchoring jurisdiction to U.S. law and establishing that data residency extends beyond the user's home country. This allocation of legal governance determines which regulatory standards and enforcement mechanisms apply to user information.
Fiverr
· Fiverr Privacy Policy
For EU and UK users, international data transfers carry legal significance because your data may leave a jurisdiction with strong privacy protections and be processed under different legal regimes, with Fiverr relying on Standard Contractual Clauses as the primary safeguard.
Ledger
· Ledger Privacy Policy
Data transferred outside the EEA may be subject to less protective legal regimes, and compliance with post-Schrems II transfer requirements depends on whether Ledger has implemented the 2021 updated SCCs and conducted transfer impact assessments.
Medium
· Medium Privacy Policy
The policy's disclosure of cross-border data transfers without specifying the legal mechanism used for EEA transfers, such as Standard Contractual Clauses or an adequacy decision, creates a compliance documentation gap relevant to GDPR Chapter V requirements enforced by EU supervisory authorities.
The policy states that personal data of non-US users is processed in the United States, which does not have a general federal privacy law equivalent to GDPR, and that transfers are protected through standard contractual clauses and other approved mechanisms, though the adequacy of those mechanisms is subject to ongoing regulatory and legal developments.
Twitch
· Twitch Privacy Notice
International data transfers can mean your personal information is processed in countries with different levels of legal privacy protection than your home country, which is particularly significant for EU and UK users.
Adyen
· Adyen Privacy Policy
The clause establishes the procedural framework and legal mechanism by which Adyen manages cross-border data transfers in compliance with EEA data protection requirements, ensuring transfers are accompanied by contractual protections rather than executed unilaterally.
Loom
· Loom Privacy Policy
This provision establishes the operational framework for cross-border data processing and specifies the contractual mechanisms used to comply with international data protection requirements. It documents the company's reliance on approved transfer mechanisms for processing personal information subject to EU, UK, and Swiss data protection law.
Egnyte
· Egnyte Privacy Policy
The provision establishes the operational framework for cross-border data processing and specifies the contractual mechanism—Standard Contractual Clauses—that the company relies upon to maintain legal compliance when personal information flows to jurisdictions with varying regulatory requirements.
EU, UK, and Swiss users have strong data protection rights, and the legal mechanisms Dropbox relies on to transfer data to the US have been subject to legal challenge; if those mechanisms were invalidated, data transfer practices would need to change.
If you are in the EU, UK, or Switzerland, your data is transferred to the U.S. under Standard Contractual Clauses, a mechanism whose adequacy has been subject to ongoing legal scrutiny, and you may have fewer legal protections in the destination country.
Auth0
· Auth0 Privacy Policy
The provision establishes the operational framework for Auth0's global data transfer practices and specifies the contractual mechanisms used to comply with international data protection requirements. This addresses the legal requirements governing cross-border personal data movement under frameworks like GDPR and similar regulations.
Slack
· Slack Privacy Policy
The provision establishes the geographic framework for data handling and identifies the legal mechanisms Slack uses to manage international data transfers. This is operationally significant because it defines where user data is processed and what contractual safeguards apply when that processing occurs across borders.
This provision establishes the operational framework for cross-border data flows, defining how Salesforce manages compliance obligations under GDPR Article 46 and similar international data protection regimes when transferring data to jurisdictions without formal adequacy determinations.
The clause establishes the operational framework for Thomson Reuters's global data handling practices and specifies the legal mechanisms the company relies upon to conduct cross-border data transfers. This determines which regulatory standards and contractual protections apply to personal information as it moves between jurisdictions.
Cohere
· Cohere Privacy Policy
The provision establishes the operational framework for Cohere's global data infrastructure and specifies the legal basis for international transfers. For EEA/UK/Switzerland users, the Standard Contractual Clauses serve as the contractual mechanism enabling lawful cross-border data flows where adequacy decisions do not exist.
International data transfer provisions are operationally significant because they define how personal data moves across regulatory boundaries and what protections apply during transit and storage. The provision establishes compliance mechanisms for jurisdictions like the EU, which restrict transfers to countries without adequate data protection safeguards.
For EU users in particular, relying on use of the service as consent to international data transfer may not satisfy GDPR's requirements for a valid transfer mechanism, as consent alone is generally not considered an adequate legal basis for routine international transfers under GDPR guidance.
23andMe
· 23andMe Privacy Statement
International data transfers are operationally significant because genetic and health data is subject to varying regulatory requirements across jurisdictions. The provision defines how 23andMe complies with data localization rules, adequacy determinations, and standard contractual clauses that govern cross-border data movement.
Transfers of personal data from the EU or UK to countries without an adequacy decision require a legal transfer mechanism. The adequacy and implementation of that mechanism determines whether the transfer is lawful and what additional safeguards may be required.
GOAT
· GOAT Privacy Policy
International data transfer provisions are operationally significant because they establish compliance mechanisms for cross-border data flows, which are subject to varying regulatory requirements across jurisdictions, particularly in the EU and other regions with restrictive data transfer laws. The provision determines what legal instruments GOAT relies on to legitimize such transfers.
EU and UK users' data is processed under US law once transferred, and the adequacy of Standard Contractual Clauses as a transfer mechanism is subject to ongoing regulatory and legal scrutiny.
Writer
· Writer Privacy Policy
This provision discloses cross-border data transfers to the United States but does not specify which transfer mechanism (such as standard contractual clauses or the EU-U.S. Data Privacy Framework) applies, which may require evaluation under current GDPR transfer adequacy requirements.
The clause defines the policy's operational coverage across the entity's full service portfolio and establishes that information handling practices—including any international transfers—fall within the policy's stated framework. This scope statement provides the baseline for understanding what data practices the policy governs.