Precise geolocation is among the most sensitive categories of personal data and is classified as sensitive personal information under California law, triggering heightened consumer rights and restrictions on its use and sharing.
Precise location data is among the most sensitive personal information a carrier can collect, revealing where you live, work, worship, receive medical care, and travel. Prior FCC enforcement actions against major carriers, including T-Mobile, involved unauthorized sale of this exact data type to third-party aggregators.
Grindr
· Grindr Privacy Policy
Precise geolocation data can reveal where you live, work, worship, receive medical care, and whom you associate with. For users of an LGBTQ+ platform, location data combined with identity data creates specific safety risks.
Grindr
· Grindr Terms of Service
Precise geolocation on an LGBTQ+ platform can be used to infer or expose a user's presence in sensitive locations such as health clinics, community centers, or private residences, creating safety and outing risks beyond typical location data concerns.
Precise GPS-level location data is among the most sensitive categories of personal information because it can reveal where you live, work, worship, or seek medical care, and this policy authorizes sharing it with a broad set of third parties beyond what is necessary for basic service delivery.
Garmin
· Garmin Privacy Statement
Precise location data over time can reveal sensitive information about a person's daily routines, home and work addresses, medical appointments, religious attendance, and other private behaviors, making it one of the most sensitive data categories in consumer technology.
This provision authorizes collection of multiple categories of precise location data, including GPS coordinates and cell tower proximity, and its combination with other data types enables detailed location profiling. Under CPRA, precise geolocation is classified as sensitive personal information subject to opt-out rights.
Prescription data is among the most sensitive categories of personal information; the policy's separate treatment of this data category signals distinct handling obligations, but the applicable protections depend on whether Instacart qualifies as a HIPAA-covered entity or business associate in this context.
TikTok
· TikTok Privacy Policy
This provision states that content collection can occur before a user makes a final decision to share or store content, meaning data about content a user chose not to publish may still be retained and processed by TikTok.
The provision creates a distinct data processing framework for preview services, authorizing Microsoft to apply alternative privacy protections and data collection practices that differ from standard commercial service terms, with governance determined by preview-specific notices rather than the primary privacy policy.
For any user submitting data to the Cohere API, the Privacy Policy governs what Cohere does with that data, including whether it is used to train or improve models, which is a material consideration for enterprise customers handling sensitive data.
These requirements directly affect how apps handle personal data belonging to millions of consumers, and non-compliance can result in app rejection or removal.
Redfin
· Redfin Privacy Policy
This provision creates a contractual linkage between the Privacy Notice and the Terms of Use, meaning that privacy disputes do not operate under a standalone privacy framework but instead fall under the dispute resolution and damages limitation procedures established in the Terms of Use. This integration affects which procedural rules, arbitration requirements, and liability caps apply to privacy-related claims.
Cursor
· Cursor Data Use & Privacy Overview
This provision establishes the full scope of data use when Privacy Mode is disabled, authorizing collection and use of codebase data, prompts, and editor actions for AI model training and disclosure to third-party model providers.
The Privacy Policy incorporated by reference governs the collection of identifiers, usage data, location-related data, and behavioral data associated with Threads use, and determines the legal basis for data processing asserted by Meta.
Google
· Google Analytics Terms of Service
This provision establishes a direct contractual obligation on account holders as data controllers to maintain adequate privacy disclosures, creating compliance dependencies with GDPR consent requirements, CCPA notice obligations, and FTC guidance on deceptive practices. Failure to post an adequate privacy policy constitutes a breach of the agreement and may independently trigger regulatory scrutiny.
As a major telecommunications carrier, Verizon has access to particularly sensitive data including precise location information and communications metadata, making the privacy policy one of the most consequential linked documents for consumers.
By reference incorporation, this provision creates a unified contractual framework where privacy practices become enforceable agreement terms rather than unilateral company policy. This mechanism ensures privacy obligations are subject to the same dispute resolution, liability, and modification procedures as other agreement provisions.
This provision operationalizes the separation between service terms and privacy practices by referencing external privacy documentation. It establishes that Azure data handling is subject to Microsoft's Privacy Statement rather than being solely defined within the Azure Terms themselves.
This provision operationalizes Anthropic's compliance obligations under child protection frameworks by establishing specific categorical prohibitions and affirmative safeguard requirements for products with minor user populations. The clause creates enforceable standards for product design, content filtering, and legal compliance across Anthropic's service offerings.
The explicit prohibition on child exploitation material and grooming reflects mandatory legal obligations under federal law and directly implicates the platform's CSAM reporting duties to the National Center for Missing and Exploited Children.
Google Ads
· Google Ads Advertising Policies Overview
This provision establishes data collection conduct standards that apply at the ad interaction level, complementing Google's broader privacy policies and creating a platform-level enforcement mechanism for deceptive data collection practices independent of applicable privacy law.
Meta
· Meta Platform Policy
This provision establishes a floor of prohibited developer behaviors, particularly around sensitive data categories including health, financial, and precise location data, which receive additional protections requiring adequate consent and disclosure beyond what may be required for less sensitive data.
Meta
· Llama API Terms of Service
This provision establishes an absolute contractual prohibition on commercialization of platform-sourced data through sale, licensing, or brokerage channels, which constitutes a significant restriction on permissible business models for applications built on Meta's platform.
Google
· Google Analytics Terms of Service
This provision establishes a contractual prohibition on transmitting personally identifiable information through the Google Analytics service, which has direct implications for analytics implementations that may inadvertently include PII in URL parameters, custom dimensions, or event parameters. The parenthetical reference to data that could identify individuals 'in combination with other information held by Google' is operationally significant because it encompasses data that may not appear identifiable in isolation.
Cursor
· Cursor Terms of Service
This provision places contractual responsibility on users to ensure they do not input regulated data types such as medical records or financial account information into Cursor, which is significant for enterprise users and developers working with sensitive data.
This provision establishes affirmative age-targeting obligations that advertisers must operationalize through audience configuration settings, and creates compliance exposure under COPPA and equivalent frameworks if campaigns are found to have reached users below the specified age thresholds.
This provision establishes age-based targeting restrictions that require advertisers to configure audience parameters in compliance with both Pinterest's policy thresholds and jurisdiction-specific legal minimums, creating a layered compliance obligation.
This provision addresses AI-enabled privacy violations, including the use of generative AI to build surveillance or data harvesting tools targeting individuals without their knowledge.
This provision establishes the publisher, rather than Google, as the party responsible for obtaining and managing end-user consent for ad-related data collection on their properties. Failure to implement a compliant consent mechanism creates potential regulatory exposure for the publisher under GDPR and the EU ePrivacy Directive, independent of Google's own consent infrastructure.