The provision establishes a mechanism for disclosing state-specific privacy rights and obligations that operate alongside the primary privacy policy. This structure acknowledges differential legal requirements across multiple state privacy statutes, including the California Consumer Privacy Act and similar state-level frameworks.
This provision authorizes collection and advertising use of telecommunications network data, including call records and browsing activity at the network layer, which is subject to FCC CPNI obligations as well as general consumer privacy frameworks. The combination of network-layer data collection with advertising product development is operationally distinct from data practices of non-carrier companies.
Cohere
· Cohere Enterprise Data Commitments
This provision directly addresses a common concern for enterprise customers deploying AI: whether proprietary business data submitted as prompts or documents could be incorporated into shared model training. The document states this requires explicit opt-in rather than an opt-out.
The clause establishes the baseline data-sharing practice as permissible sharing with nonaffiliates for marketing, with opt-out as the mechanism through which customers can restrict this activity rather than requiring prior consent.
This provision means your activity across a wide range of third-party digital and physical environments can be linked back to your Meta profile and used to target you with advertising, even if you never consciously shared that activity with Meta.
This provision states that Pinterest's advertising data collection is not limited to activity on its own platform; it extends to third-party sites and apps that have embedded Pinterest partner tools, meaning your browsing behavior elsewhere on the internet may inform the ads you see on Pinterest.
This provision establishes that Meta's data collection extends beyond its own products to include off-platform browsing, purchase, and behavioral data sourced from third parties, which is incorporated into user profiles used for advertising and personalization across Meta's services.
This provision operationalizes Eventbrite's obligation to provide users with a method to exercise opt-out rights under applicable privacy regulations. The specified mechanism—accessible link, toggle submission, and Privacy Center processing—establishes the procedural pathway through which the company processes and honors opt-out elections.
The clause operationalizes CCPA/CPRA compliance requirements by creating a documented mechanism for California residents to control data sale and sharing practices. It establishes a specific processing timeline and creates a special protection category for minors under 16.
Calm
· Calm Privacy Policy
The provision establishes Calm's operational practices regarding targeted advertising and specifies the mechanism by which California residents can exercise opt-out rights under state privacy statutes. It clarifies that certain data handling practices fall within the scope of regulated activities under privacy laws and designates a specific process for consumer objection.
The terms establish that Admin Users can enable prompt logging, chat logging, and model training for all Authorized Users in their organization; individual Authorized Users may not have independent visibility into or control over these configurations.
This provision delegates data handling configuration, including prompt logging and model training enablement, to organizational Admin Users rather than to individual Authorized Users. The data handling posture of Authorized Users, including whether their prompts are logged or used for model training, is determined by Admin User settings rather than individual consent.
Oura
· Oura Privacy Policy
This provision establishes that Oura's privacy obligations cease to directly govern user health data once it is shared with a Data Recipient, shifting data controller responsibility to the receiving entity. Compliance teams evaluating employer wellness deployments or research partnerships should assess whether the consent mechanism presented to users meets applicable standards for valid, freely given consent, particularly under GDPR Article 9 in employment contexts.
Parents who set up or accept the Terms for a child's Epic Games Account take on full financial responsibility for all transactions, including unauthorized or unexpected purchases made by the child, which can create significant financial exposure in games with in-app purchase mechanics.
The parental consent requirement creates a gatekeeping mechanism that aligns the service with legal obligations under the Children's Online Privacy Protection Act (COPPA). This provision establishes the operational structure through which the service differentiates access based on age and obtains documented authorization from account holders legally responsible for minors.
Parental controls are opt-in rather than default, meaning children may access unrestricted content and their data may be collected under standard adult data practices unless a parent actively configures these settings.
This provision establishes the consent basis under which Google shares location, payment, and device data with a broad set of third parties. The non-exhaustive list of recipients and the absence of specific data retention or enumeration language may require evaluation under GDPR and equivalent national data protection frameworks in non-US jurisdictions.
The operational significance is that opt-out effectiveness is contingent on per-device and per-browser implementation rather than account-level settings, which means the burden of compliance maintenance falls on the user across multiple access points. Cookie clearing events trigger the need to re-execute opt-out procedures, creating an ongoing procedural requirement tied to browser behavior.
Roblox
· Roblox Privacy and Cookie Policy
The collection of persistent identifiers enables core platform operations including device connectivity, user recognition across sessions, and advertising delivery. This data collection supports both infrastructure maintenance and commercial functions within the service.
Roblox
· Roblox Privacy Policy
This provision invokes the COPPA internal operations exception to justify collecting persistent identifiers from children without separate verifiable parental consent. The scope of permitted uses, including contextual advertising frequency capping, may warrant evaluation against FTC guidance on what constitutes permissible internal operations under COPPA.
Google Ads
· Google Ads Advertising Policies Overview
This provision restricts advertiser use of sensitive data categories for audience targeting, establishing platform-level limitations on targeting functionality that interact with data protection law prohibitions on processing sensitive personal data.
Your face and voice are among the most sensitive categories of personal data and may qualify as biometric data under Illinois, Texas, or Washington state law, triggering specific consent, retention, and deletion obligations.
Pika
· Pika Acceptable Use Policy
This provision places the obligation to obtain express consent and hold all necessary rights directly on the user, covering privacy, publicity, and intellectual property laws, which creates significant personal legal exposure for users who upload images of others without following these steps.
Shein
· Shein Terms and Conditions
Loading a third-party advertising tracker on a privacy disclosure page may constitute data sharing before a user has had the opportunity to read or respond to the privacy notice, which engages notice-before-collection principles under multiple privacy frameworks.
This provision effectively overrides a user's deletion request for content embedded in a public character, which may conflict with data deletion rights under GDPR and US state privacy laws and creates a situation where personal information embedded in a character persona persists without the user's ongoing consent.
Lyft
· Lyft Privacy Policy
Continuous and background location tracking creates a detailed record of your physical movements, which the policy permits sharing with advertising and business partners beyond the core purpose of providing a ride.
Precise location and driving behavior data can reveal sensitive patterns about your daily life, routine, and movements, and this data is shared with affiliates and third parties.
Precise location data is among the most sensitive personal data types because it can reveal home and work addresses, religious or medical visits, and daily routines, and this data is shared with advertising partners.
Your real home neighborhood is tied to your account by design, and this data is used for advertising, meaning your physical location is part of Nextdoor's ad-targeting infrastructure.
Ford
· Ford Privacy Policy
This provision discloses collection of precise geolocation as a sensitive personal information category, which under CPRA and similar state laws may require specific consent mechanisms, disclosure obligations, and opt-out or opt-in rights distinct from general personal information.