The 'without undue delay' notification standard aligns with GDPR Article 33's 72-hour supervisory authority notification requirement, but the DPA does not specify a fixed notification deadline to customers. The non-admission clause is standard but means breach notification alone cannot be used as evidence of liability in subsequent disputes.
The policy discloses collection of a broad range of identifiers and behavioral data in addition to account information, which is relevant for users assessing their data footprint with the service.
This provision establishes the scope of data collection across Minecraft services. The integration of Microsoft account data means that Minecraft-specific data collection is linked to Microsoft's broader account ecosystem, which may include cross-service data associations depending on account configuration.
This provision documents the scope of personal data categories Zendesk collects as a controller, including inferred profile data, which engages CCPA/CPRA disclosure requirements and GDPR Article 13 transparency obligations.
The scope of data collected includes both identifiers and the substantive content of user interactions, meaning OpenAI retains records of what users type, upload, and discuss across its services.
The policy states that a broad range of personal identifiers may be collected, and the phrase 'may include, but is not limited to' means the listed categories are not exhaustive.
Fly.io
· Fly.io Privacy Policy
The provision defines the scope of first-party data collection practices and identifies the categories of information the service collects to operate the platform and process transactions, establishing the baseline for what personal data Fly.io maintains.
The provision defines the scope and mechanism of data collection that forms the operational foundation for Patreon's service delivery, user account management, and payment processing functions. This establishes the baseline data inputs that feed into subsequent data handling, retention, and sharing practices outlined elsewhere in the privacy policy.
Knowing exactly what categories of data are collected helps you assess the scope of your privacy exposure and whether the collection is proportionate to the service provided.
Egnyte
· Egnyte Privacy Policy
Understanding what data Egnyte collects helps you assess what personal information is being stored and potentially used for marketing, product analytics, or shared with third-party services.
This provision establishes the categories of personal data Smartsheet collects, which determines the scope of applicable data subject rights, retention obligations, and third-party sharing disclosures required under GDPR, CCPA, and other frameworks.
Microsoft
· Microsoft Privacy Statement (Legacy)
The statement describes a broad range of collected data categories including identifiers, device and configuration data, browsing and search history, location data, voice and audio recordings, and content and communications, which affects users across all Microsoft products and services.
The provision defines the scope of data collection authorized under the Apple Privacy Policy and specifies which data categories require affirmative consent versus those collected through standard service operations. This establishes the baseline data flows across Apple's ecosystem and clarifies permission requirements for sensitive data categories.
The breadth of collection sources means that even data you did not actively provide to Microsoft may be held and used, including data obtained from third parties, which many users may not anticipate.
Because Apple products are tightly integrated, data collected across your iPhone, Apple Watch, iCloud, App Store, and other services can be associated together, creating a detailed profile that spans your health, finances, location habits, and device usage.
Writer
· Writer Privacy Policy
This provision establishes the categories of personal information Writer collects directly, which forms the basis for applicable GDPR, CCPA, and CPRA data subject rights obligations and data mapping requirements for enterprise compliance teams.
This provision defines the scope of personal data collection that Atlassian performs at account creation and during service operation. It establishes the legal basis for processing basic identifying and authentication information necessary for account administration and user communication.
Authentication logs are sensitive because they reveal patterns of behavior, work hours, device usage, and application access, and this data is collected automatically every time you log in using Duo.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision defines the operational basis for Microsoft's data acquisition practices and establishes the multiple collection mechanisms through which user information flows into Microsoft systems during service use and account management.
Auth0
· Auth0 Privacy Policy
The breadth of data collected, spanning identifiers, behavioral signals, and inferred profiles, means Okta is building a fairly detailed picture of users who visit its websites or use its marketing properties, which is used for targeted advertising and product development.
Rumble
· Rumble Privacy Policy
This provision establishes the foundational scope of data collection across Rumble's platform, covering both voluntarily provided data and behaviorally generated data such as viewing history and search queries, which are categories relevant to targeted advertising and data sharing disclosures elsewhere in the policy.
Cohere
· Cohere Privacy Policy
This provision defines the scope of personal data collection and establishes that content submitted through the service is collected alongside standard account identifiers, which is relevant to understanding what data Cohere holds about you.
The clause establishes the scope of personal data collection by identifying both the mechanism (voluntary user provision) and the categories of information the entity is authorized to collect during service use and interactions.
Stripe
· Stripe Privacy Policy
The clause establishes the scope of data collection activities authorized under the agreement, defining what information Stripe may process to operate payment processing services and maintain account records.
Fiverr
· Fiverr Privacy Policy
The breadth of data collected, spanning identity, financial, behavioral, and device-level information, means Fiverr holds a detailed profile of each user that extends well beyond what is needed to process a transaction.
Ledger
· Ledger Privacy Policy
For cryptocurrency hardware wallet users, the combination of identity data and purchase records effectively signals asset ownership, creating a risk profile that goes beyond typical retail data collection.
Upwork
· Upwork Privacy Policy
The breadth of data collected, including financial and payment data alongside identity and communications information, means Upwork holds sensitive personal information that could cause harm if improperly disclosed or breached.
Udemy
· Udemy Privacy Policy
This provision establishes the categories of personal data subject to Udemy's processing activities and defines the informational scope of downstream data uses including advertising, analytics, and service improvement disclosed elsewhere in the policy.
This provision establishes two distinct personal data sharing flows: transaction-related sharing of name and email with Content Providers governed by each Provider's independent privacy policy, and transmission of device-level SIM identifiers to mobile carriers for billing eligibility. Under this clause, the data protection standards applicable to shared information vary by recipient and are not uniformly governed by Google's Privacy Policy.
This provision authorizes Skillshare to share student personal data with individual Teachers, who are third parties operating on the platform, as a condition of enrollment, which has implications for how that data is controlled and protected beyond Skillshare's own systems.