This provision authorizes collection of granular location data through multiple signal types simultaneously, which is material for advertising targeting, product personalization, and data profiling; the use of GPS alongside Wi-Fi and nearby device sensors can enable precise location inference.
The provision establishes a tiered authorization framework for location data collection: precise location requires affirmative user consent for designated features, while other location collection methods (Wi-Fi, Bluetooth, cell tower, IP-based inference) operate under the general data collection authorization. This structure defines the scope of location-related data available to Apple's services.
This provision establishes that the platform collects precise geographic coordinates in addition to approximate location data, which constitutes sensitive personal information under CCPA and may require distinct handling under GDPR and applicable state privacy laws.
This provision establishes that location data, including precise GPS location where device permissions allow, is collected and available for use in advertising targeting, personalization, and other purposes described in the policy. Location data combined with behavioral and identity data can enable granular profiling.
Venmo
· Venmo Privacy Policy
The policy authorizes collection of both precise device geolocation and IP-derived approximate location, creating a location history associated with the user's financial activity and identity.
Airbnb
· Airbnb Privacy Policy
The clause establishes the operational basis for location data collection across the platform, specifying collection methods and authorized uses. This enables service functionality such as property discovery and safety features while conditioning collection on requisite legal consent.
Chase
· Chase Privacy Notice
Real-time location data is among the most sensitive categories of personal information, and its collection for marketing offers goes beyond what is strictly necessary to deliver core banking services.
Oura
· Oura Privacy Policy
This provision establishes that precise location data may be collected via GPS and Wi-Fi triangulation for activity tracking purposes, conditioned on device-level consent. The policy notes that disabling location access may reduce service functionality, which compliance teams should evaluate in the context of whether this creates an effective barrier to consent withdrawal.
Location data is among the most sensitive categories of personal information because it can reveal where you live, work, worship, receive medical care, and more — and the policy authorizes its use for ad targeting.
Precise real-time location data is one of the most sensitive categories of personal information because it can reveal where you live, work, worship, seek medical care, and who you associate with. The fact that this data may be shared with partners and licensees extends its reach beyond Apple.
This provision authorizes collection of precise location data as both a functional and advertising-related data practice, which implicates heightened sensitivity classifications under CPRA and requires documented lawful basis under GDPR.
TikTok
· TikTok Privacy Policy
Approximate location is collected by default from IP address and device settings, while precise location collection requires enabling location services; the policy states location services can be disabled in device settings at any time, giving users a direct control mechanism.
Oura
· Oura Privacy Policy
Precise location data combined with detailed health and biometric data creates a particularly sensitive data profile; users should be aware they can disable location tracking without losing core Oura functionality, though some features may be affected.
The provision establishes a dual-layer location collection framework where estimated location collection occurs independently of user consent to precise location sharing, creating continuous location data capture at varying granularity levels throughout service use.
Cohere
· Cohere Enterprise Data Commitments
Logical isolation is a key data security commitment for enterprise customers, particularly those in regulated industries. The document states this separation applies to customer data within Cohere's shared infrastructure.
Target
· Target Privacy Policy
This provision establishes that Target Circle program participation results in personal information sharing with named third-party loyalty partners whose own data practices are governed by their independent privacy policies rather than Target's, creating data flows that consumers should evaluate in the context of multi-brand loyalty ecosystems.
Loyalty program participation generates a persistent, linked dataset combining retail purchase history, prescription information, and behavioral data, which the policy authorizes for use in personalized advertising and communications. The combination of pharmacy and retail data within the loyalty program context creates specific data minimization and use limitation considerations.
The provision establishes the data ownership framework that governs how Luma AI may utilize operational data generated through the service. This allocation of intellectual property rights determines Luma's authority to develop new features, analytical products, and service improvements based on accumulated usage patterns and data insights without separate compensation or consent mechanisms.
Using personal data to train AI models is an emerging area of regulatory scrutiny; data used in model training may be retained and influence system behavior in ways that are difficult to audit or reverse, and this use may require a distinct legal basis in some jurisdictions.
TikTok
· TikTok Privacy Policy
This clause establishes the operational basis for TikTok's use of user-generated data and behavioral signals as inputs for artificial intelligence and machine learning development. The authorization covers both the collection mechanism (monitoring activity, scanning content) and the application of that data (model training, algorithm testing, technology improvement).
This provision establishes the operational scope of automated content management on the platform. It specifies that algorithmic systems operate on user-derived training data, which means user information flows into machine learning infrastructure as part of core platform functionality.
This provision prohibits using Vercel's infrastructure for malware distribution or cyberattacks, which is a standard AUP requirement; however, given the account-holder liability for end-user conduct, it means developers must ensure their applications cannot be weaponized by third parties for these purposes.
GitHub
· GitHub Acceptable Use Policies
This provision prohibits not only direct malware hosting but also the use of GitHub repositories or infrastructure as attack support systems, which has particular relevance for security researchers whose dual-use tools or proof-of-concept exploit code may be assessed under this restriction.
Shopify
· Shopify Acceptable Use Policy
This clause establishes operational constraints on permitted use by restricting activities that would compromise system integrity or availability. The provision supports Shopify's ability to maintain service infrastructure and protect other users from security threats.
This provision discloses collection of device-level data including the full list of installed applications and network connection information, not limited to apps installed through Google Play, for security analysis purposes. Under this clause, some level of application inventory analysis continues even when users disable certain protection features in device settings.
Apple
· Apple App Store Review Guidelines
This provision establishes a mandatory operational requirement for app developers to implement account deletion functionality as a standard feature. It ensures that account lifecycle management includes a user-initiated deletion mechanism, addressing scenarios where continued app access is unavailable.
This provision establishes a mandatory disclosure obligation that Associates must implement on their sites. The required disclosure language aligns with FTC Endorsement Guides requirements for material connection disclosure, and failure to include it creates both a policy violation under these terms and potential independent regulatory exposure under FTC enforcement authority.
This provision requires users to pursue claims individually through arbitration, which means disputes cannot be aggregated into class actions. The clause also waives the right to a jury trial for covered disputes. Enforceability of class action waivers may be limited in certain jurisdictions, including California under some consumer protection contexts and EU member states under consumer rights directives.
This provision requires disputes to proceed through individual arbitration under JAMS Streamlined Arbitration Rules, which determines the procedural forum and precludes consolidated or class proceedings. The terms include a 30-day written opt-out window from the date of first acceptance, making this a time-sensitive provision for newly onboarded users and organizations.
This provision requires disputes to proceed through individual arbitration rather than court litigation, and establishes JAMS Streamlined Arbitration Rules as the governing procedure with venue fixed in San Francisco County. Under this clause, users waive participation in class or collective actions, meaning disputes must be pursued individually through the arbitration process.