Glean
· Glean Privacy Policy
This provision establishes Glean's security obligations and specifies the notification procedures that govern breach response. It allocates responsibility between Glean (notification to business customers) and customers (notification to end users), with both obligations tied to applicable regulatory requirements.
Miro
· Miro Privacy Policy
This provision establishes Miro's security obligations and establishes the notification framework governing breach response. The clause creates dual accountability—to affected users and to regulatory authorities—while explicitly disclaiming absolute security guarantees, which shapes the baseline protection standard under the agreement.
OpenAI
· OpenAI Data Processing Addendum
The breach notification commitment triggers the operator's own regulatory notification obligations under GDPR (72-hour notification to supervisory authority), UK GDPR, and state breach notification laws. The timeliness and scope of OpenAI's notification to the operator directly affects whether the operator can meet its own deadlines.
This clause establishes Perplexity's security obligations under GDPR Article 32 and its breach notification obligation under GDPR Article 33; the 'without undue delay' standard for processor-to-controller notification is intended to enable the controller to meet its own 72-hour supervisory authority reporting obligation.
This provision establishes OpenSea's affirmative security obligations while establishing a baseline limitation on liability exposure by acknowledging technological constraints inherent to information systems. The dual-statement structure allocates responsibility for security implementation while defining the scope of the company's security commitment.
Given that OpenSea holds sensitive financial data including wallet addresses and NFT transaction histories, the security disclaimer means users bear residual risk from potential data breaches.
This clause establishes Google's contractual security obligation for advertiser personal data processed through Google Ads services. The obligation mirrors the GDPR Article 32 requirement for appropriate technical and organizational measures, and the specific measures implemented may be documented in a security annex or exhibit to the agreement.
Pinecone
· Pinecone Data Processing Addendum
This clause permits Pinecone to alter its technical and organizational security measures unilaterally, subject only to a non-material-diminishment constraint. Business customers relying on specific security configurations for their own compliance frameworks may not receive advance notice of changes to individual security controls.
This provision establishes the categories and maximum retention period for security-related metadata. The retention of IP addresses for up to 12 months is the data category disclosed as subject to potential law enforcement disclosure under section 8.3.
The provision establishes the scope of BAM's data handling authority across the corporate group and identifies the Privacy Policy as the governing instrument for information practices. This framing establishes contractual notice that data collection and sharing occur as documented.
This provision establishes OpenAI's security obligations while defining the scope of liability protection through a qualified security commitment. The disclaimer regarding inherent limitations of digital security infrastructure establishes baseline expectations for reasonable rather than absolute protection measures.
Webull
· Webull Privacy Policy
This provision establishes Webull's security obligations while defining the scope of those obligations and the limits of the company's liability for security failures. The disclaimer of absolute security protections is significant because it informs the baseline expectation for the adequacy of the company's protective measures under the policy.
Acorns
· Acorns Privacy Policy
This provision establishes Acorns' security practices and contemporaneously limits the scope of security assurances provided, allocating risk exposure related to inherent limitations of internet and electronic storage technologies.
Visa
· Visa Privacy Notice
The provision establishes Visa's security obligations while simultaneously disclaiming absolute security guarantees. This operational framework defines the standard of protection Visa commits to (reasonable measures) rather than an absolute or fault-free security standard.
Venmo
· Venmo Privacy Policy
The policy's standard security disclaimer limits Venmo's stated security assurance to 'reasonable measures' while disclaiming liability for breaches that may occur despite those measures.
This provision establishes the security standard the entity commits to maintain while explicitly defining the limits of that commitment. The acknowledgment of inherent security limitations in internet-based systems establishes the operational reality under which the service functions and creates a procedural obligation for the company to respond to reported security concerns.
This provision requires advance written authorization for any security testing activity, which is operationally significant for organizations with security research, compliance testing, or bug bounty program obligations that involve Vercel-hosted infrastructure.
The explicit prohibition on circumventing AI safety filters is operationally significant because it targets jailbreaking and prompt injection techniques commonly used to extract prohibited outputs, and violations could result in account termination.
This provision establishes operational boundaries on permissible use by restricting activities that could degrade system integrity, create security risks, or undermine safety mechanisms. The restriction applies across Mistral AI's own infrastructure, its products, and third-party systems.
Twilio
· Twilio Privacy Notice
This provision establishes Segment as an active data processor on twilio.com with a 90-day cookie window and domain-wide scope. The 'alwaysLoadSegment: true' parameter in the consent wrapper configuration warrants review to determine whether Segment's core library loads prior to or independent of visitor consent, which has direct implications for GDPR and ePrivacy compliance.
This provision establishes that Segment is used to track page views, user interactions, and potentially identified user data on twilio.com, with cookies persisting for up to 90 days, and that the scope of tracking is conditioned on TrustArc consent state.
Twilio
· Twilio Privacy Notice
The provision establishes the operational scope of data collection activities within Twilio's CDP offering. This defines what data inputs and processing activities are permitted under the service agreement and shapes the data handling practices applicable to customers using Segment functionality.
This provision establishes the operational mechanism through which Segment collects behavioral data from users' interactions with the service. The mandatory loading parameter ('alwaysLoadSegment: true') indicates the tracking operates as a default configuration rather than an opt-in mechanism.
This provision establishes the operational permission for self-hosted model deployment, which is operationally distinct from API-only access arrangements and carries different data governance, audit, and compliance obligations for the deploying organization.
Self-hosting rights distinguish this license from API-only AI service agreements and create a distinct set of obligations for deployers who control the model infrastructure directly.
Stash
· Stash Privacy Policy
Selfie photographs used for identity verification may involve facial recognition or biometric processing, which in states like Illinois is subject to specific legal requirements including consent and data handling obligations under the Biometric Information Privacy Act.
The commission and fee terms applicable to sellers are set by a separately referenced Seller Policy that Whatnot may update, meaning the financial terms of seller participation are subject to change outside of the Terms of Service document itself. Sellers should monitor the Seller Policy for changes affecting commission rates.
The fee structure is incorporated by reference to a separate Seller Policy document rather than spelled out in the Terms, meaning the specific rates you agree to are not directly visible in this document and may change without separate explicit consent.
Fee rates can change between when you list an item and when it sells; sellers should review the current fee schedule before listing to understand their net proceeds.
eBay
· eBay User Agreement
This provision establishes the fee structure as a material term of the seller-platform relationship and clarifies the allocation of financial obligations between eBay and sellers. The clause also creates a mechanism for fee adjustments and specifies conditions under which fees may be credited, affecting the predictability and ongoing cost of platform access.