The policy authorizes disclosure of user information in response to government requests and legal process, including on a good-faith basis, which means data may be shared without a court order in some circumstances as WhatsApp interprets applicable law.
Ledger
· Ledger Privacy Policy
Legitimate interest as a legal basis permits data processing without requiring explicit user consent, provided the organization's interests do not override privacy protections. This basis enables Ledger to conduct certain processing activities—such as fraud prevention, service improvement, or analytics—through a balancing test rather than through affirmative opt-in mechanisms.
Oura
· Oura Privacy Policy
This provision applies the legitimate interest basis to processing that includes health-adjacent data (service improvement involving sleep and readiness data), which EU supervisory authorities may scrutinize given the sensitivity of the underlying data and the availability of consent as an alternative basis. The policy does not provide a publicly disclosed legitimate interest assessment.
Klarna
· Klarna Privacy Policy
Using legitimate interest rather than consent as a legal basis means Klarna does not need to ask your permission for certain profiling and marketing activities, though you retain the right to object, which may not be prominently communicated in the user experience.
Visa
· Visa Privacy Notice
This clause establishes the legal basis under which Visa processes personal data without requiring separate opt-in consent. It permits data processing for operational security, fraud prevention, and business analytics as core institutional functions of payment network administration.
Oura
· Oura Privacy Policy
Legitimate interest as a lawful basis for marketing-related processing means Oura may use your data for these purposes without a separate consent prompt, though you have the right to object to this processing under GDPR.
Legitimate interests is a flexible legal basis that does not require your consent but is subject to a balancing test. Individuals in the EU and UK have the right to object to processing based on legitimate interests.
Adobe
· Adobe Privacy Policy
This is a broad assertion that allows Adobe to process your data for marketing and sharing purposes by default, without your explicit consent, in jurisdictions where this basis is available. Users who wish to stop this processing must actively exercise their right to object.
This clause establishes the legal foundation for data processing activities that do not require explicit user consent under GDPR. It permits the entity to conduct processing for operational and business purposes while maintaining that data subjects retain the ability to object where their rights outweigh the stated interests.
Legitimate interests is a flexible but contestable lawful basis; individuals in the EU and UK have the right to object to processing conducted on this basis, and Palantir must stop if it cannot demonstrate compelling grounds that override those interests.
Legitimate interests is a flexible legal basis that does not require user consent, but under GDPR users have the right to object to processing based on legitimate interests, which Calendly must honor.
Legitimate interests is a flexible but contested legal basis under GDPR; individuals have the right to object to processing on this basis, and Checkout.com must stop unless it can demonstrate compelling grounds that override the individual's interests.
Klarna
· Klarna Privacy Policy
Legitimate interests is one of several legal bases that permits data processing without explicit user consent. This authorization enables Klarna to conduct certain processing activities—such as fraud prevention, analytics, or service optimization—based on institutional determinations of proportionality rather than affirmative user permission.
Stripe
· Stripe Privacy Policy
Reliance on legitimate interests as a processing basis under GDPR requires a balancing test against data subject rights and interests; the policy directs users to the Privacy Center for specifics, meaning the legal basis documentation is distributed across multiple documents rather than consolidated in this policy.
This provision establishes the institutional framework for personal data processing activities that do not require explicit consent. By relying on legitimate interests as a legal basis, Databricks can conduct specified processing operations according to GDPR Article 6(1)(f) standards, subject to balancing tests between organizational and individual interests.
The policy invokes legitimate interests as a processing basis for a broad range of purposes including business operations and scientific research, without specifying the balancing test or safeguards applied; under GDPR this basis requires documented proportionality analysis and may be challenged where it overrides user interests.
Adyen
· Adyen Privacy Policy
Legitimate interests is a flexible legal basis that does not require your consent, meaning Adyen can process your data for analytics and product improvement without asking you, though you have the right to object to such processing.
Relying on legitimate interests rather than consent means Telegram does not need to ask your permission to collect and process data, though you have the right to object to such processing under GDPR.
Adobe
· Adobe Privacy Policy
This clause establishes the legal framework under which Adobe processes content data without explicit user consent, relying instead on a balancing test between Adobe's business interests and user privacy expectations. The provision operationalizes a mechanism for users to challenge specific processing activities while preserving Adobe's ability to continue processing where business or legal necessity applies.
Legitimate interests is a flexible legal basis that does not require user consent, and its application to marketing and corporate transaction purposes may be subject to challenge under GDPR if the balancing test does not adequately weigh user privacy interests against Skillshare's business interests.
The legitimate interests basis expands the permissible scope of data processing beyond consent-dependent activities, enabling the entity to conduct processing necessary for service operation, fraud prevention, security, analytics, and business development without obtaining affirmative consent. This provision establishes the procedural framework through which the entity assesses and implements data uses that fall outside explicit consent requirements.
The terms disclaim all warranties on AI-generated outputs and service availability, which places reliance risk entirely on users and is particularly significant for users who use AI outputs in professional, medical, legal, or financial contexts.
This provision caps potential developer recovery at 12 months of fees paid, which may be a modest amount for developers on free-tier or low-spend plans. It limits financial recourse in the event of service failures, data incidents, or other breaches regardless of the magnitude of harm experienced.
The liability cap defines the maximum financial exposure Duolingo assumes under the service agreement and restricts the categories of compensable harm to direct damages only. This structure allocates risk by excluding indirect and consequential losses from recovery, which are often the largest components of claimed damages in service disruption scenarios.
For free users, the maximum compensation Mistral AI could owe is 50 euros regardless of the harm caused. This provision significantly limits users' ability to recover financially in the event of a serious failure, though applicable consumer protection laws in some jurisdictions may limit how enforceable such a cap is.
Fitbit
· Fitbit Terms of Service
For a platform that collects sensitive health and biometric data, a maximum liability of one hundred dollars is a very low ceiling if a data breach or service failure causes real harm.
Cohere
· Cohere SaaS Agreement
Liability caps create predictable cost structures for service providers and define the outer boundary of financial exposure in the event of service failures or breaches. This affects risk allocation between the parties and the economic basis upon which the agreement operates.
This provision significantly limits the financial recourse available to developers who suffer business losses due to API failures, outages, or data incidents, even if those losses are substantially larger than the capped amount.
For businesses with high transaction volumes but relatively low fee rates, the cap may be significantly lower than the actual financial loss caused by a platform outage or processing error.
The liability cap restricts the range of damages Revolut may be required to pay in breach scenarios to direct losses caused by contractual violations, while excluding entire categories of loss from recovery. This allocation establishes the financial scope of Revolut's exposure under the agreement and defines which loss categories fall outside the liability framework.