These are among the strongest privacy rights in the world — GDPR gives EU/UK residents meaningful, enforceable control over their personal data, and Mixpanel must respond to these requests within one month.
Twilio
· Twilio Privacy Notice
GDPR gives EU and UK residents powerful, enforceable rights over their personal data — including the right to have it deleted entirely and to take it elsewhere, backed by regulatory enforcement with fines up to 4% of global annual turnover.
EU and UK users have legally enforceable rights under GDPR including access, deletion, and objection to processing, and these representatives are the formal point of contact for exercising those rights.
Twilio
· Twilio Privacy Notice
The notice asserts legitimate interests as one lawful basis for processing, which is subject to data subject objection rights under GDPR; EU and UK residents can formally object to certain types of processing, including marketing, at any time.
Relying on 'legitimate interests' as a catch-all legal basis is frequently challenged by European regulators, and the policy does not specify which basis applies to which processing activity, making it difficult to exercise your rights or challenge processing you disagree with.
Figma
· Figma Privacy Policy
EU, UK, and Swiss users have meaningful legal rights over their personal data under GDPR, including the ability to request deletion or a copy of their data, and Figma is required to respond to such requests within regulatory timeframes.
The 'legitimate interests' basis is the most expansive and least protective of the three, and here it covers 'scientific research' and 'business operations' without clear limits — meaning your data could be used to train AI models or for commercial analysis without your specific consent.
OpenAI
· OpenAI Privacy Policy
EU users have stronger legal protections than users in other regions, including the ability to challenge how OpenAI uses their data and to escalate complaints to national data protection authorities.
EU users' personal data is transferred to the United States under SCCs, which have faced regulatory scrutiny, and the adequacy of those protections depends on Datadog's technical and organizational safeguards.
Waze
· Waze Privacy Policy
The policy formally acknowledges GDPR and UK GDPR data subject rights for EEA and UK users, providing a basis for individuals to request access to, correction of, deletion of, or objection to processing of their personal data held by Waze.
Replit
· Replit Privacy Policy
This provision discloses GDPR and UK GDPR rights for EEA and UK users, which are legally enforceable; the practical availability of these rights depends on whether Replit has established adequate data transfer mechanisms and appointed a representative in the EU or UK as required by GDPR for non-EU controllers.
These rights are enforceable under GDPR and UK GDPR, and Smartsheet's acknowledgment of them means EEA and UK users have formal legal mechanisms to challenge or limit data processing, including the right to file complaints with national regulators.
EEA and UK users have legally enforceable rights to control their data, and Shopify is required to respond to these requests within one month.
Square
· Square Privacy Notice
GDPR provides some of the strongest personal data protections in the world, and EU and UK users have enforceable rights against Square that go beyond what is available to users in most other jurisdictions.
EEA and UK users have strong legal rights under GDPR that give them significant control over their personal data held by Dropbox, including the right to demand deletion or a copy of all their information.
Writer
· Writer Privacy Policy
EEA and UK users have some of the strongest data privacy rights in the world, including the right to have their data erased and to file a formal regulatory complaint — these rights are directly enforceable against Writer.
European users have significantly stronger legal protections than users in other regions, including the right to lodge a complaint with their national data protection authority.
Visa
· Visa Privacy Notice
These rights are legally enforceable under GDPR and EU national implementing laws, meaning Visa must respond to valid requests within defined timeframes and cannot simply decline without a lawful basis.
StockX
· StockX Privacy Policy
GDPR rights are among the strongest data protection entitlements in the world and EU/UK users who exercise them can obtain meaningful visibility into and control over their personal data held by StockX.
These rights are legally binding on Activision for EU and UK users and provide meaningful tools to challenge, limit, or delete the personal data Activision holds, including data used for advertising profiling.
Airbnb
· Airbnb Privacy Policy
GDPR rights are among the strongest personal data protections globally, and EU and UK Airbnb users can exercise these rights against Airbnb Ireland UC or Airbnb UK Limited as the designated data controllers, with regulatory escalation available to national data protection authorities.
These rights, enforceable under GDPR, give EU and UK users meaningful control over their personal data held by WhatsApp, including the ability to object to data processing for purposes beyond core service delivery.
GDPR rights are among the strongest data protection rights in the world, and EU/UK Peloton users can enforce these rights directly against Peloton through their national data protection authority.
These are strong legal rights under EU law, but their practical scope is limited by the fact that Uniswap cannot alter or delete data stored on a public blockchain.
Square
· Square Privacy Notice
EU users have stronger legal protections than users in many other jurisdictions, including the right to full data erasure and the right to object to profiling — Square is legally obligated to respond to these requests within one month.
Medium
· Medium Privacy Policy
These rights are legally enforceable under GDPR and give EU users meaningful control over their personal data held by Medium, including the ability to request full deletion of their account data.
EU users have stronger legal protections than US users and can escalate complaints to national regulators (like the Irish DPC or German DPAs) who have authority to impose significant fines on Perplexity.
EU users have enforceable rights under GDPR with regulatory backing from national data protection authorities, giving them stronger practical recourse than users in many other jurisdictions.
Yelp
· Yelp Privacy Policy
European residents have stronger legal protections than most other users, including the right to have their data erased and the right to object to processing based on legitimate interests.
Lime
· Lime Privacy Policy
These are enforceable legal rights backed by significant penalties — EU users can require Lime to stop processing their data entirely in certain circumstances.