Chegg
· Chegg Privacy Policy
FERPA provides federal protections for student education records, and Chegg's role as a processor of such data creates obligations around data use, disclosure, and breach notification that affect students at participating institutions.
Affirm
· Affirm Privacy Policy
GLBA opt-out rights are narrower than many consumers expect: they apply to sharing with non-affiliated third parties for marketing but do not cover sharing for joint marketing arrangements or operational service providers.
These rights allow you to take control of your personal data, but they are jurisdiction-dependent, meaning users outside the EU and California may have more limited enforceable rights under this policy.
Waze
· Waze Privacy Policy
These rights give you meaningful control over your personal data, but you must actively exercise them by contacting Waze, as they are not automatic.
Fiverr
· Fiverr Privacy Policy
These rights are legally enforceable and give users meaningful control over their data — but only if users know to invoke them, which requires actively contacting Fiverr.
Roblox
· Roblox Privacy and Cookie Policy
EU and UK users have stronger legal rights over their personal data than users in most other jurisdictions, and Roblox is obligated to respond to these requests.
EU and UK users have legally enforceable data rights under GDPR and UK GDPR, but the policy's implementation of these rights depends on the adequacy of Paramount+'s response mechanisms and the lawfulness of its legal bases for processing.
Waze
· Waze Privacy Policy
This provision formally acknowledges the GDPR and UK GDPR rights framework for European and UK users, establishing an avenue for data subjects to exercise statutory rights directly against Waze.
This provision identifies the legal entity responsible for your personal data based on your location and states the privacy rights available to you, which determines who you contact to exercise rights and what legal framework applies to your data.
These are legally enforceable rights under GDPR and UK GDPR, and Midjourney's acknowledgment of them is meaningful — but users must proactively exercise them through the account portal.
Chegg
· Chegg Privacy Policy
These are legally enforceable rights under EU and UK law; Chegg must have a lawful basis for processing your data and must honor valid rights requests, typically within 30 days.
GDPR provides some of the strongest data protection rights globally, and EU and UK Peloton users can exercise these rights to control health and fitness data collected through their equipment and app.
GOAT
· GOAT Privacy Policy
These rights provide EU and UK users with substantially more control over their personal data than users in most other jurisdictions, including the ability to compel deletion or restriction of processing in specific circumstances.
These rights are meaningful and exercisable, but they are only as effective as the mechanism provided — users must know these rights exist and where to go to exercise them, and Microsoft must respond within legally mandated timeframes.
Adobe
· Adobe Terms of Use
EU and UK businesses using Adobe services to handle customer personal data must operate under the DPA framework; failure to comply with GDPR data processor obligations can result in significant regulatory fines.
Notion
· Notion Privacy Policy
These are legally enforceable rights under GDPR — Notion must respond to valid requests within 30 days and cannot charge a fee for most requests, giving EU/UK users meaningful control over their personal data.
These rights are legally enforceable under GDPR and equivalent laws, meaning ClickUp must respond within one month of your request — failure to do so can be reported to your national data protection authority.
GDPR gives EU users meaningful control over their personal data, including the right to have it deleted entirely, which is a stronger protection than most US users receive by default.
These rights are legally enforceable and Databricks must respond within GDPR's one-month timeframe — failure to respond or improper denial of requests can be escalated to a national data protection authority for investigation.
Slack
· Slack Privacy Policy
EU and UK users have legally enforceable rights over their personal data held by Slack, including the right to have it deleted and the right to receive a copy in a portable format.
These rights give EU users meaningful control over their personal data and create enforceable obligations on Hugging Face to respond to such requests.
Ledger
· Ledger Privacy Policy
These rights give EU users meaningful control over their personal data — including the ability to request deletion of the identity-to-crypto-address profiles Ledger builds — and Ledger is legally required to respond.
OpenAI
· OpenAI EU Terms of Use
GDPR data subject rights are legally mandated protections that exist independently of what the contract states; the document's disclosure of these rights and the mechanism for exercising them is operationally significant for users who wish to manage their personal data.
These rights give EU users meaningful control over their personal data held by Tabnine, including code snippets and usage telemetry, but exercising them requires proactively contacting the company.
These GDPR rights are legally enforceable and Amplitude is required to respond within one month — failure to do so can be reported to your national data protection authority.
Cohere
· Cohere Privacy Policy
These are legally enforceable rights — Cohere must respond to your requests within one month under GDPR, and you can escalate to your national data protection authority if they don't comply.
OpenAI
· OpenAI Privacy Policy
These rights are legally enforceable under GDPR and the UK GDPR, meaning EEA and UK users can compel OpenAI to respond to access, deletion, and portability requests within regulatory timeframes.
Unity
· Unity Privacy Policy
These rights give EU and UK users meaningful legal tools to control their data held by Unity, including the ability to object to profiling for advertising purposes, which can stop Unity from building or using a behavioral ad profile on you.
Garmin
· Garmin Privacy Statement
GDPR rights are among the strongest data protection rights globally and are legally enforceable; identifying Garmin Ltd. in Switzerland as the data controller clarifies which entity is legally accountable for data collected outside the U.S.
These are among the strongest privacy rights in the world — GDPR gives EU/UK residents meaningful, enforceable control over their personal data, and Mixpanel must respond to these requests within one month.