OpenAI
· OpenAI Data Processing Addendum
This provision grants operators an audit right, which is required under GDPR Article 28(3)(h). The practical value of this right depends on what 'reasonable notice' means and whether OpenAI's standard practice is to provide documentation rather than physical inspections, which is common among large cloud providers.
Inferred data creates profiles beyond what you directly provide, meaning Mercury may hold conclusions about your business or personal characteristics that are derived from behavioral signals rather than information you explicitly gave them.
This provision authorizes transfer of user personal data, including conversation content, to unknown third-party entities in the event of a corporate transaction, potentially under different privacy terms.
A corporate acquisition could result in your personal data being transferred to a new company with different privacy practices, and the notice commitment, while helpful, may not provide a meaningful opportunity to prevent the transfer.
Replit
· Replit Privacy Policy
This provision authorizes transfer of personal information to a new entity in the event of a business transaction; the notice requirement provides some procedural protection, but the practical ability for users to opt out of the transfer is not specified.
Fiverr
· Fiverr Privacy Policy
A business transfer could result in your personal data being controlled by a different company with different privacy practices, without requiring your affirmative consent to the transfer.
A corporate transaction could result in your data moving to a company with different privacy practices, values, or business models, and the notification commitment, while present, does not give you a right to prevent the transfer.
This provision reserves the right to transfer personal data to a successor entity in a business transaction without requiring individual user consent, which is a standard commercial clause but has implications for users whose data may be processed by a new entity under different privacy practices.
Figma
· Figma Privacy Policy
In the event of a corporate acquisition or merger, your Figma account data, design files, and personal information could be transferred to a new company whose privacy practices may differ from Figma's.
The policy reserves the right to transfer all collected personal data to an acquirer in the event of a merger, acquisition, or insolvency proceeding, without requiring individual user consent or providing an opt-out mechanism for this specific transfer.
This clause means your personal data could end up with a completely different company under different privacy practices, and unlike some other disclosures, this transfer may occur without your specific consent at the time it happens.
These rights are legally enforceable under the CPRA and Washington state law, meaning Starbucks is obligated to respond to qualifying requests, and consumers who exercise these rights cannot be penalized or given worse service as a result.
Zelle
· Zelle Privacy Policy
This provision provides California-specific rights for business contacts, reflecting the CPRA's extension of certain rights to B2B personal information, and establishes a manual email-based process for exercising those rights.
Udemy
· Udemy Privacy Policy
These rights, backed by California law, give California residents meaningful control over their personal data at Udemy and cannot be waived by the privacy policy terms.
This provides California residents with specific, actionable rights over their personal data, backed by California law, with a direct submission mechanism provided in the policy.
Zillow
· Zillow Privacy Notice
These rights give California consumers meaningful control over their personal data, including the ability to stop Zillow from sharing home search and contact data with advertisers and partners.
These are legally enforceable rights under California law, meaning Mercury is required to honor them within defined response timelines, giving California-based business owners meaningful control over their data.
Affirm
· Affirm Privacy Policy
These rights give California residents meaningful control over their financial and behavioral data at Affirm, including the ability to stop data sharing for marketing purposes.
These rights give California users meaningful control over how Whatnot uses their personal data, including the ability to stop data sharing for advertising purposes and to have their data deleted.
These rights are legally enforceable under California law and give California residents meaningful control over their personal data, including the ability to stop Samsung from sharing their information with advertising partners.
Noom
· Noom Privacy Policy
These rights give California residents meaningful control over their health and personal data held by Noom, including the ability to demand deletion or stop data sharing with advertisers.
Calm
· Calm Privacy Policy
California's CPRA requires companies to disclose when they offer financial incentives in exchange for personal data and to explain the value of that data; this notice fulfills that requirement and gives users the right to opt out.
T-Mobile
· T-Mobile Terms and Conditions
California residents have stronger privacy protections than most other US states, including enforceable rights to access and delete personal data that do not depend on T-Mobile's agreement — these are statutory rights.
This provision gives California residents a specific legal right to find out whether and how their personal data has been shared for marketing purposes, which can help them understand the scope of data sharing connected to their Starbucks account.
This provision discloses a California-specific right to request information about third-party direct marketing data disclosures, exercisable once per year by email, which is a limited but actionable data transparency right for California residents.
Webull
· Webull Privacy Policy
These rights are legally enforceable under California law and give California-based investors meaningful control over their financial and personal data held by Webull.
California's CCPA and CPRA provide some of the strongest consumer data rights in the US, and TurboTax users in California can meaningfully restrict how their sensitive tax data is used beyond the core filing service.
These rights are legally enforceable under California law and include a non-discrimination guarantee, meaning Squarespace cannot penalize you for exercising them, which is a meaningful consumer protection.
California residents have legally enforceable data rights under CCPA that go beyond what users in other US states may have, including the right to know exactly which categories of personal data are collected and shared.
These rights are enforceable under California law and give California residents meaningful control over their personal data held by Calendly, including the ability to stop data sharing with advertising partners.