The provision sets the operational framework for Discord's data handling infrastructure by anchoring jurisdiction to U.S. law and establishing that data residency extends beyond the user's home country. This allocation of legal governance determines which regulatory standards and enforcement mechanisms apply to user information.
If you are in the EU, UK, or Switzerland, your data is transferred to the U.S. under Standard Contractual Clauses, a mechanism whose adequacy has been subject to ongoing legal scrutiny, and you may have fewer legal protections in the destination country.
Cohere
· Cohere Privacy Policy
The provision establishes the operational framework for Cohere's global data infrastructure and specifies the legal basis for international transfers. For EEA/UK/Switzerland users, the Standard Contractual Clauses serve as the contractual mechanism enabling lawful cross-border data flows where adequacy decisions do not exist.
Egnyte
· Egnyte Privacy Policy
The provision establishes the operational framework for cross-border data processing and specifies the contractual mechanism—Standard Contractual Clauses—that the company relies upon to maintain legal compliance when personal information flows to jurisdictions with varying regulatory requirements.
EU, UK, and Swiss users have strong data protection rights, and the legal mechanisms Dropbox relies on to transfer data to the US have been subject to legal challenge; if those mechanisms were invalidated, data transfer practices would need to change.
For EU users in particular, relying on use of the service as consent to international data transfer may not satisfy GDPR's requirements for a valid transfer mechanism, as consent alone is generally not considered an adequate legal basis for routine international transfers under GDPR guidance.
This provision addresses cross-border data transfers, which for EU and UK users require specific transfer mechanisms under GDPR and UK GDPR; the policy's reference to 'appropriate safeguards' without specifying the mechanism (such as standard contractual clauses or adequacy decisions) leaves the specific legal basis for transfers unspecified in the publicly available policy text.
International data transfer provisions are operationally significant because they define how personal data moves across regulatory boundaries and what protections apply during transit and storage. The provision establishes compliance mechanisms for jurisdictions like the EU, which restrict transfers to countries without adequate data protection safeguards.
23andMe
· 23andMe Privacy Statement
International data transfers are operationally significant because genetic and health data is subject to varying regulatory requirements across jurisdictions. The provision defines how 23andMe complies with data localization rules, adequacy determinations, and standard contractual clauses that govern cross-border data movement.
GOAT
· GOAT Privacy Policy
International data transfer provisions are operationally significant because they establish compliance mechanisms for cross-border data flows, which are subject to varying regulatory requirements across jurisdictions, particularly in the EU and other regions with restrictive data transfer laws. The provision determines what legal instruments GOAT relies on to legitimize such transfers.
Grindr
· Grindr Privacy Policy
The provision discloses the jurisdictional scope of data transfers and establishes notice that the legal and regulatory framework governing data protection in receiving jurisdictions may not be equivalent to the user's home jurisdiction. This is operationally significant because it identifies where personal information is processed and alerts users to potential variation in statutory privacy standards.
The provision establishes that data processing occurs across multiple jurisdictions, which affects the applicable regulatory framework governing that data. Users' personal data may be subject to the privacy and security laws of the destination country rather than the laws of their country of residence.
The policy states that by using the service, users consent to data transfer to the US, which for EU and UK users intersects with GDPR requirements for lawful international data transfer mechanisms that go beyond consent alone.
The policy states that personal data of non-US users is processed in the United States, which does not have a general federal privacy law equivalent to GDPR, and that transfers are protected through standard contractual clauses and other approved mechanisms, though the adequacy of those mechanisms is subject to ongoing regulatory and legal developments.
Ledger
· Ledger Privacy Policy
Data transferred outside the EEA may be subject to less protective legal regimes, and compliance with post-Schrems II transfer requirements depends on whether Ledger has implemented the 2021 updated SCCs and conducted transfer impact assessments.
EU and UK users' data is processed under US law once transferred, and the adequacy of Standard Contractual Clauses as a transfer mechanism is subject to ongoing regulatory and legal scrutiny.
For EU and UK users, transferring data to the US requires specific legal safeguards under GDPR and UK GDPR, and asserting broad consent as the transfer mechanism may not meet the required legal standard in all cases.
Fiverr
· Fiverr Privacy Policy
For EU and UK users, international data transfers carry legal significance because your data may leave a jurisdiction with strong privacy protections and be processed under different legal regimes, with Fiverr relying on Standard Contractual Clauses as the primary safeguard.
Medium
· Medium Privacy Policy
The policy's disclosure of cross-border data transfers without specifying the legal mechanism used for EEA transfers, such as Standard Contractual Clauses or an adequacy decision, creates a compliance documentation gap relevant to GDPR Chapter V requirements enforced by EU supervisory authorities.
Writer
· Writer Privacy Policy
This provision discloses cross-border data transfers to the United States but does not specify which transfer mechanism (such as standard contractual clauses or the EU-U.S. Data Privacy Framework) applies, which may require evaluation under current GDPR transfer adequacy requirements.
The clause establishes the jurisdictional framework for data processing and identifies the legal regime (U.S. law) that governs personal data handling, which has operational significance for users accessing the service from outside the United States.
The policy states that data may be transferred internationally and that standard contractual clauses or equivalent mechanisms are used, but does not specify which mechanisms apply to which transfer routes, which is relevant for EU and UK users assessing GDPR transfer compliance.
Twitch
· Twitch Privacy Notice
International data transfers can mean your personal information is processed in countries with different levels of legal privacy protection than your home country, which is particularly significant for EU and UK users.
EU, UK, and Swiss users have their data transferred to the US, a jurisdiction that historically has not met the EU's adequacy standard without specific frameworks; the policy's reference to both DPF and contractual protections suggests a layered approach, but the adequacy of those protections depends on which mechanism is applied and whether it remains legally valid.
For EU, UK, and Swiss users, your data crossing borders to the US triggers specific legal protections. Salesforce's use of the DPF and SCCs is meant to provide those protections, but the legal landscape for transatlantic data transfers has been subject to ongoing legal challenges.
EA
· EA Privacy and Cookie Policy
EU, UK, and Swiss users' data is processed in the US under the DPF framework, which provides specific rights including access to a free dispute resolution mechanism and, as a last resort, binding arbitration.
Egnyte
· Egnyte Privacy Policy
The legal mechanism used for international data transfers affects whether your data is protected under EU standards when it is processed in the United States, and the DPF's long-term legal stability has been subject to ongoing political and legal scrutiny.
The incorporation of SCC Module 4 by reference upon DPA acceptance provides a recognized GDPR transfer mechanism, but fixes French law as the governing law and French courts as the dispute forum, which affects where and under what legal framework customers in non-adequate third countries (such as the US, absent an adequacy decision) must pursue remedies.
Okta
· Okta Privacy Policy
The provision operationalizes the company's global data handling framework by specifying the legal mechanisms used to authorize cross-border transfers and establish baseline protection standards in jurisdictions outside the user's country of residence.
Zoom
· Zoom Privacy Statement
The provision describes Zoom's compliance framework for international data transfers under EU data protection regulations. Standard Contractual Clauses and adequacy decisions are the contractual and regulatory mechanisms that permit cross-border data flows when the destination country is not deemed to have equivalent data protection.