Location data collection establishes a mechanism for Pinterest to correlate user behavior with geographic information, enabling both operational service delivery and targeted advertising based on geographic signals. This data collection occurs through multiple technical pathways with different precision levels.
This provision establishes the scope and conditions under which WhatsApp processes location information, clarifying that collection occurs only upon user activation of location features rather than continuous background collection. It identifies the service settings and device-level controls available to users to manage location data practices.
TikTok
· TikTok Privacy Policy
The provision establishes multiple mechanisms for location data collection operating on different technical bases—network-derived approximate location occurs automatically, while precise location collection requires user enablement through device settings. This operational structure allows the service to maintain location data availability across different user configurations.
The provision establishes TikTok Ads' operational authority to collect location data across three distinct pathways—automatic collection from network identifiers, device-based collection when enabled, and user-initiated location tagging—enabling location-based targeting and analytics capabilities. The authorization applies unless users affirmatively disable location services through their device settings.
This provision establishes that the platform collects precise geographic coordinates in addition to approximate location data, which constitutes sensitive personal information under CCPA and may require distinct handling under GDPR and applicable state privacy laws.
Location data collection is operationally necessary for the service to function for location-dependent queries. This provision establishes the institutional basis for accessing location signals as part of the standard service delivery mechanism.
Zillow
· Zillow Privacy Notice
Precise location data is among the most sensitive personal data categories and can reveal daily routines, home address, and patterns of movement; its sharing with third-party providers extends its exposure beyond Zillow.
Oura
· Oura Privacy Policy
This provision establishes that precise location data may be collected via GPS and Wi-Fi triangulation for activity tracking purposes, conditioned on device-level consent. The policy notes that disabling location access may reduce service functionality, which compliance teams should evaluate in the context of whether this creates an effective barrier to consent withdrawal.
This provision authorizes collection of precise location data as both a functional and advertising-related data practice, which implicates heightened sensitivity classifications under CPRA and requires documented lawful basis under GDPR.
Precise real-time location data is one of the most sensitive categories of personal information because it can reveal where you live, work, worship, seek medical care, and who you associate with. The fact that this data may be shared with partners and licensees extends its reach beyond Apple.
Location data is among the most sensitive categories of personal information because it can reveal where you live, work, worship, receive medical care, and more — and the policy authorizes its use for ad targeting.
TikTok
· TikTok Privacy Policy
Approximate location is collected by default from IP address and device settings, while precise location collection requires enabling location services; the policy states location services can be disabled in device settings at any time, giving users a direct control mechanism.
Oura
· Oura Privacy Policy
Precise location data combined with detailed health and biometric data creates a particularly sensitive data profile; users should be aware they can disable location tracking without losing core Oura functionality, though some features may be affected.
The provision establishes a dual-layer location collection framework where estimated location collection occurs independently of user consent to precise location sharing, creating continuous location data capture at varying granularity levels throughout service use.
Cohere
· Cohere Enterprise Data Commitments
Logical isolation is a key data security commitment for enterprise customers, particularly those in regulated industries. The document states this separation applies to customer data within Cohere's shared infrastructure.
Target
· Target Privacy Policy
This provision establishes that Target Circle program participation results in personal information sharing with named third-party loyalty partners whose own data practices are governed by their independent privacy policies rather than Target's, creating data flows that consumers should evaluate in the context of multi-brand loyalty ecosystems.
Loyalty program participation generates a persistent, linked dataset combining retail purchase history, prescription information, and behavioral data, which the policy authorizes for use in personalized advertising and communications. The combination of pharmacy and retail data within the loyalty program context creates specific data minimization and use limitation considerations.
The provision establishes the data ownership framework that governs how Luma AI may utilize operational data generated through the service. This allocation of intellectual property rights determines Luma's authority to develop new features, analytical products, and service improvements based on accumulated usage patterns and data insights without separate compensation or consent mechanisms.
Using personal data to train AI models is an emerging area of regulatory scrutiny; data used in model training may be retained and influence system behavior in ways that are difficult to audit or reverse, and this use may require a distinct legal basis in some jurisdictions.
This provision establishes the operational scope of automated content management on the platform. It specifies that algorithmic systems operate on user-derived training data, which means user information flows into machine learning infrastructure as part of core platform functionality.
TikTok
· TikTok Privacy Policy
This clause establishes the operational basis for TikTok's use of user-generated data and behavioral signals as inputs for artificial intelligence and machine learning development. The authorization covers both the collection mechanism (monitoring activity, scanning content) and the application of that data (model training, algorithm testing, technology improvement).
This provision prohibits using Vercel's infrastructure for malware distribution or cyberattacks, which is a standard AUP requirement; however, given the account-holder liability for end-user conduct, it means developers must ensure their applications cannot be weaponized by third parties for these purposes.
GitHub
· GitHub Acceptable Use Policies
This provision prohibits not only direct malware hosting but also the use of GitHub repositories or infrastructure as attack support systems, which has particular relevance for security researchers whose dual-use tools or proof-of-concept exploit code may be assessed under this restriction.
Shopify
· Shopify Acceptable Use Policy
This clause establishes operational constraints on permitted use by restricting activities that would compromise system integrity or availability. The provision supports Shopify's ability to maintain service infrastructure and protect other users from security threats.
This provision discloses collection of device-level data including the full list of installed applications and network connection information, not limited to apps installed through Google Play, for security analysis purposes. Under this clause, some level of application inventory analysis continues even when users disable certain protection features in device settings.
Apple
· Apple App Store Review Guidelines
This provision establishes a mandatory operational requirement for app developers to implement account deletion functionality as a standard feature. It ensures that account lifecycle management includes a user-initiated deletion mechanism, addressing scenarios where continued app access is unavailable.
This provision establishes a mandatory disclosure obligation that Associates must implement on their sites. The required disclosure language aligns with FTC Endorsement Guides requirements for material connection disclosure, and failure to include it creates both a policy violation under these terms and potential independent regulatory exposure under FTC enforcement authority.
The arbitration clause and class action waiver require business customers to resolve all disputes individually through a private arbitration process rather than through court proceedings, which affects how and where claims can be pursued.
This provision requires disputes to proceed through individual arbitration under JAMS Streamlined Arbitration Rules, which determines the procedural forum and precludes consolidated or class proceedings. The terms include a 30-day written opt-out window from the date of first acceptance, making this a time-sensitive provision for newly onboarded users and organizations.
Twilio
· Twilio Terms of Service
This provision requires disputes to proceed through individual arbitration rather than litigation, and prohibits customers from participating in class action lawsuits against Twilio, which affects how legal claims can be pursued.