This opt-out is the primary mechanism Mixpanel offers to end users of third-party products, but it operates by setting a browser or device opt-out flag, which means it may not be persistent across devices, browsers, or app reinstalls.
This is the primary consumer self-help mechanism — without actively opting out, Mixpanel collects your behavioral data across any app or website using its SDK, even if you have never heard of Mixpanel.
This provision acknowledges the applicability of GDPR and UK GDPR to EU and UK residents interacting with twilio.com, including the legal basis for processing and rights to object to certain uses of personal data.
EU and UK users have stronger and more broadly applicable data rights than US users in most cases, including the right to object to processing and to receive a copy of their data in a portable format.
The policy confirms that EU and UK users have GDPR rights enforceable by local supervisory authorities, including the right to lodge complaints without needing to take legal action directly against Duolingo.
GDPR and UK GDPR rights are legally enforceable and Coinbase must respond to requests within defined timeframes, making these provisions more than contractual commitments for EU and UK users.
GDPR provides some of the strongest personal data protections in the world, and EU and UK Minecraft players can exercise these rights against Microsoft as the data controller.
Hulu
· Hulu Privacy Policy
GDPR grants EU and UK users substantially stronger data rights than US users, including the right to object to profiling and to request erasure; these rights are directly enforceable against Disney's EU/UK operations.
This is a significant new legal right for EU-based customers — they can now demand their data be moved to another provider or deleted entirely, which strengthens their negotiating position with Salesforce.
EU users have legally enforceable rights to control their personal data, and CoreWeave must respond to these requests within GDPR-mandated timeframes.
RunPod
· RunPod Privacy Policy
GDPR provides EU/EEA/UK users with some of the strongest data protection rights globally, and RunPod's GPU cloud model — involving third-party host operators — creates specific risks around cross-border data transfers that GDPR strictly regulates.
EU users have legally enforceable data rights against RapidAPI, including the right to object to processing based on legitimate interests — which RapidAPI uses for marketing and analytics — and to request data portability.
EU and UK users have significantly stronger legal protections than users in other jurisdictions, including formal rights to appeal content removal and account suspension decisions.
Fly.io
· Fly.io Privacy Policy
These rights are legally enforceable and Fly.io is obligated to respond to valid requests, typically within 30 days, giving EU users meaningful control over their personal data.
Lime
· Lime Privacy Policy
These GDPR-based rights give European users strong legal tools to control their data, including the ability to object to processing based on legitimate interest and to demand deletion of their information from Lime's systems.
Fiverr
· Fiverr Privacy Policy
GDPR gives European users legally enforceable rights over their personal data, and Fiverr must comply or face significant regulatory penalties.
GDPR rights are among the strongest consumer data protections in the world — exercising them can force Duolingo to delete your data, stop certain processing, or provide a full copy of everything it holds about you.
GDPR grants EU and UK users enforceable rights including the right to have all their personal data deleted, which Calendly must honor within one month of request.
These rights are legally enforceable under GDPR and UK GDPR, and Zendesk is bound to respond within statutory timeframes; failure to honor them can be reported to the Irish DPC (for EU) or the ICO (for UK).
EU and UK users have legally enforceable rights under GDPR that go beyond what US users receive, including the right to object to legitimate interest processing and to data portability — and Eventbrite must identify a specific lawful basis for each processing activity.
The DPF is currently the primary legal mechanism Datadog asserts for US-bound transfers of EU and UK personal data, but the framework's long-term legal stability has been subject to political and legal uncertainty, and organizations relying solely on DPF should monitor its status.
EU, UK, and Swiss users' personal data is transferred to the United States under the DPF; if the DPF is ever invalidated by courts (as prior mechanisms were), alternative transfer protections would need to be evaluated.
EU, UK, and Swiss users can rely on DPF protections for their data transferred to Substack in the US, but the DPF's political and legal stability has been contested, and any future invalidation would affect data transfer legality.
This provision is the stated legal basis for Mixpanel's cross-border transfer of EU, UK, and Swiss personal data to the U.S.; if Mixpanel's certification lapses or the framework is invalidated, the lawfulness of these transfers could be affected.
EU, UK, and Swiss users have a formal mechanism to raise privacy disputes through VeraSafe's dispute resolution process and ultimately through binding arbitration if PlanetScale and VeraSafe cannot resolve a complaint, providing a meaningful enforcement pathway not available in many commercial privacy policies.
EU, UK, and Swiss users' personal data is transferred to and processed in the United States under this framework — and US national security law can override your privacy rights in certain circumstances.
This certification means EU, UK, and Swiss users have specific legal protections and recourse options, including the ability to escalate complaints to EU authorities or a U.S.-based arbitration panel if Anyscale does not resolve their data concerns.
Asana
· Asana Privacy Statement
The legal mechanism used for international data transfers affects the protections your data receives when it moves to US servers. If the framework is challenged or invalidated, the basis for your data transfer could be affected.
Reliance on the DPF for international data transfers is legally valid but subject to potential invalidation (as occurred with Privacy Shield in 2020), which would create compliance gaps for EU/UK/Swiss users whose data is transferred to the US.
Parents who set up Family Sharing are on the hook for any purchases their children make through their Apple IDs unless Ask to Buy is enabled, which means a child's accidental or intentional app or in-app purchase is the financial responsibility of the family organizer.