Uber
· Uber Privacy Notice
The provision establishes Uber's operational authority to process categories of sensitive personal data—biometric identifiers, health information, and inferred demographic attributes—that are subject to heightened regulatory requirements under data protection frameworks. This authorization enables Uber to deploy biometric authentication and inference capabilities within its service delivery.
Biometric data such as facial scans or fingerprints is highly sensitive because, unlike passwords or account numbers, it cannot be changed if compromised, making its collection and protection particularly significant.
Special category data receives heightened regulatory protections under data protection frameworks like GDPR. This clause establishes the operational basis for Revolut to collect and process these sensitive data categories, requiring the company to maintain documented lawful bases for each processing activity and implement appropriate safeguards.
The clause establishes X's operational authority to process sensitive biometric and government ID data upon user election. This data category triggers heightened regulatory requirements under biometric privacy statutes and government ID protection frameworks in multiple jurisdictions.
Airbnb
· Airbnb Privacy Policy
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised; its collection is regulated by specific laws in several US states and under GDPR.
TikTok
· TikTok Privacy Policy
The clause establishes TikTok's operational authority to process biometric data categories regulated under US law. The provision ties collection activities to compliance with jurisdiction-specific permission requirements, creating a conditional authorization framework rather than blanket collection authority.
Biometric collection establishes a data processing mechanism tied to Coinbase's identity verification and legal compliance framework. This data category receives different regulatory treatment than standard personal information under biometric privacy statutes in certain jurisdictions.
Tinder
· Tinder Privacy Policy
The clause establishes a framework under which biometric collection occurs only upon user election to engage particular identity verification features, rather than as a default practice. This structure creates a distinction between the standard service and features requiring biometric data submission.
Biometric data such as facial recognition scans or fingerprints is among the most sensitive categories of personal information and is subject to strict state-level legal protections in Illinois, Texas, and Washington, among others. The policy discloses this collection but does not specify the retention schedule, the third-party processors involved, or the precise consent mechanism employed.
Webull
· Webull Privacy Policy
This clause establishes the operational basis for biometric data collection as part of Webull's identity verification and fraud prevention infrastructure. The authorization defines the scope of biometric processing that occurs during account verification and ongoing service use.
Biometric data is among the most sensitive personal information because it cannot be changed if compromised. Several states have strict laws governing how companies may collect, store, and share biometric identifiers.
Uber
· Uber Privacy Notice
This provision authorizes collection of biometric identifiers, a category of sensitive personal data subject to specific statutory requirements in Illinois, Texas, Washington, and other jurisdictions, with distinct consent, retention, and destruction obligations that may exceed what a general privacy policy disclosure satisfies.
The collection of biometric data including facial scans is subject to specific state laws such as Illinois BIPA, which impose written consent, retention schedule, and prohibition-on-sale requirements that go beyond a general privacy notice disclosure.
The clause establishes X's authority to process biometric data across multiple operational purposes while conditioning certain collection activities on either user choice or legal authorization. The consent requirement for biometric processing creates a compliance obligation that varies based on applicable jurisdictional law.
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised, making the circumstances and scope of its collection particularly important to understand.
This provision discloses collection of biometric identifiers, which are among the most sensitive personal data categories under CCPA/CPRA and state biometric privacy laws. The scope of collection across the Samsung device ecosystem creates obligations regarding consent, retention schedules, and data sharing restrictions that vary by jurisdiction.
Gusto
· Gusto Privacy Policy
Biometric data collection has distinct regulatory requirements under laws like BIPA (Biometric Information Privacy Act) in certain jurisdictions. The provision's operational significance lies in establishing the lawful basis and scope for processing this category of sensitive personal information within Gusto's service delivery model.
Adobe
· Adobe Privacy Policy
Biometric data like faceprints is sensitive and largely irreplaceable if misused. Users in states like Illinois have strong legal protections for this data that may exceed what this policy describes, and the carve-out 'unless otherwise specified in the Software or Services' creates some ambiguity about data deletion timelines.
Bumble
· Bumble Privacy Policy
The clause authorizes the collection and processing of biometric data through facial recognition technology for identity verification purposes, while establishing an alternative verification pathway. This defines the operational mechanisms and user choice structure for identity verification on the platform.
The provision designates a separate privacy framework to address biometric data practices distinct from the main Terms of Use, establishing procedural requirements for how facial biometric information is processed across specific service features.
The clause establishes the operational framework under which biometric collection occurs as part of the identity verification and fraud prevention processes. It specifies retention limitations tied to transaction completion and legal requirements, and delegates collection to designated service providers.
Runway
· Runway Privacy Policy
Biometric identifiers such as face scans and voiceprints are among the most sensitive personal data categories and are subject to specific consent, retention, and destruction requirements under laws such as Illinois BIPA and Texas CUBI. The policy does not disclose a specific biometric data retention schedule, which is a material requirement under several of these statutes.
Lyft
· Lyft Privacy Policy
Biometric identifiers are unique and permanent; their collection and potential misuse carry significant privacy risks, and laws like Illinois BIPA impose strict requirements including written consent and data retention schedules before any biometric data may be collected.
Stripe
· Stripe Privacy Policy
This provision establishes that biometric data collection is within scope of Stripe's data practices for identity verification purposes, which engages state biometric privacy statutes and GDPR special category data provisions requiring explicit consent.
Gemini
· Gemini Privacy Policy
The provision establishes biometric data as a distinct category of information that Gemini processes, which carries regulatory significance under biometric privacy frameworks and may require specific consent mechanisms or handling procedures depending on jurisdiction.
PayPal
· PayPal Privacy Statement
The provision identifies a broad list of use cases for biometric data collection beyond basic login, including cryptocurrency transfers and lifting account limitations, which means biometric data may be collected across multiple account interactions rather than a single enrollment event.
The clause establishes Walmart's operational authority to capture and process biometric data during customer interactions at physical locations. This authorization extends biometric data collection beyond traditional transaction records to include physiological identifiers used for security and loss prevention functions.
Target
· Target Privacy Policy
Biometric data is among the most sensitive categories of personal information. Unlike a password, it cannot be changed if compromised, and several states impose strict legal requirements on its collection, use, and storage.
This provision establishes operational parameters for biometric data handling by specifying both the collection mechanism (vendor-supported identity verification) and a mandatory destruction timeline (90-day maximum retention), which addresses jurisdictional requirements for biometric information handling.
The provision establishes biometric data as a permissible category of personal information within Cash App's identity verification framework. This designation affects how the service processes, stores, and potentially shares facial and biometric information under the terms of the privacy policy.