Pinterest's policy states it collects financial information including payment card data when transactions occur on the platform, which means sensitive financial data is processed by Pinterest in addition to behavioral and identity data.
Collection of precise or approximate device location alongside browsing and search history enables behavioral profiling; under CPRA, geolocation data and certain device data may qualify as sensitive personal information subject to use limitation rights.
Twilio
· Twilio Privacy Notice
The notice authorizes collection of both directly provided contact information and passively gathered behavioral data, which together can build a detailed profile of a visitor's interests and identity.
This is some of the most sensitive personal and financial data that exists, and its collection creates significant obligations for Public and meaningful risks for users if it is mishandled or exposed.
Collection of Social Security numbers and government-issued ID numbers alongside financial account numbers represents a concentration of data that, if improperly disclosed, could enable identity theft or financial fraud; users should understand the breadth of sensitive identifiers collected.
Webull
· Webull Privacy Policy
The collection of Social Security numbers, government IDs, and financial account details creates significant privacy and security exposure if that data is mishandled, breached, or shared beyond necessary operational purposes.
Acorns
· Acorns Privacy Policy
This level of data collection is expected for a regulated financial services provider but represents significant exposure if data is breached or misused, as it includes identity documents and financial credentials sufficient to enable identity theft or account fraud.
This is an exceptionally sensitive data category, and the breadth of collection creates significant obligations for Intuit around security, retention, and lawful use, as well as heightened risk for consumers if data is breached or misused.
Social Security numbers and financial account details are among the most sensitive categories of personal data; their collection by an insurer creates material data breach and identity theft risk, and consumers should understand the scope of what they are providing.
Cursor
· Cursor Privacy Policy
The policy states that personal data included in Inputs will be collected and may be reproduced in Suggestions, which is relevant for users who include third-party personal data, credentials, API keys, or sensitive business information in their coding sessions.
Loom
· Loom Privacy Policy
Video recordings can contain sensitive personal, business, or confidential information; understanding what data is retained and for how long is essential for both individual users and enterprise customers.
This provision establishes that wallet addresses are treated as personal data subject to the policy's terms, while simultaneously acknowledging that on-chain activity is publicly accessible by the nature of blockchain infrastructure, which creates a practical boundary on the scope of privacy rights OpenSea can fulfill with respect to transaction data that exists on public ledgers.
Combining offline airport interactions with online behavioral data and third-party information creates a comprehensive profile that is more revealing than any single data source, and is used both to serve you and for commercial personalization purposes.
Behavioral tracking of communication interactions is used to build user profiles and inferences, which can feed into targeted advertising and personalization in ways users may not expect from a job platform.
Airbnb
· Airbnb Privacy Policy
Messages sent through Airbnb's messaging system are not private in the way direct email or text messages are; Airbnb retains and may analyze their content, which users may not expect when communicating with hosts or guests.
Uber
· Uber Privacy Notice
This provision establishes that communications between riders and drivers facilitated through the Uber platform are subject to collection and retention by Uber, including content of messages, which creates implications under electronic communications privacy frameworks and may be material to users who use in-app communications for sensitive interactions.
Signal
· Signal Privacy Policy
Even though Signal stores minimal data and cannot access message content, it can still be compelled to share the technical metadata it does hold (such as account registration information and technical tokens) in response to legal process.
This provision governs how enterprise customers' proprietary business information submitted through or in connection with the platform is treated, which is operationally significant for organizations deploying the service in contexts involving trade secrets, client data, or sensitive business information.
Connecting a social account to ZipRecruiter grants the platform access to information well beyond your basic profile, including your social connections and activity feeds, which may exceed what you intend to share for job searching purposes.
Connecting wearables or other health apps creates a more detailed health data profile within MyFitnessPal, which is then subject to the same data use and sharing practices described in this policy.
This provision links service use to affirmative acceptance of privacy terms without requiring separate, explicit opt-in. It establishes the operational basis by which Cash App's data practices become binding on users through their continued engagement with the platform.
The provision establishes a procedural mechanism for users to exercise data subject rights mandated under applicable privacy legislation, with the scope and availability of such rights determined by the legal requirements applicable to the user's jurisdiction.
Netflix
· Netflix Privacy Statement
This provision creates a procedural mechanism through which users may initiate communications about privacy practices and submit formal data subject access requests, which are typically required under data protection regulations such as GDPR and CCPA. The designation of a specific contact and department establishes Netflix's administrative framework for responding to privacy-related inquiries.
Stripe
· Stripe Privacy Policy
This clause operationalizes compliance with data subject rights frameworks in jurisdictions with privacy regulations (such as GDPR, CCPA, and similar regimes). It establishes Stripe's recognition of legally-mandated individual rights and creates procedural pathways for consumers to exercise control over their data.
The policy discloses that data subject rights are available and exercisable via a stated portal; the availability and scope of these rights depends on jurisdiction, with EU/EEA and California users having the most clearly defined legal entitlements.
The existence of a separate Consumer Health Data Privacy Policy signals that Headspace collects health-related data in contexts not fully protected by HIPAA, such as mood tracking or meditation usage, and that additional state-level rights may apply to this data depending on your location.
Hinge
· Hinge Privacy Policy
The provision creates a tiered privacy framework in which certain jurisdictions receive enhanced data protections through a separate governing document. This bifurcated structure means privacy obligations and data handling practices differ based on user location, requiring Hinge to maintain and apply multiple privacy standards simultaneously.
Plaid
· Plaid Terms of Use
This provision establishes the primary operational mechanism through which consumers can exercise data rights, including revocation of financial account access and deletion requests, under both Plaid's stated terms and applicable regulatory frameworks including CCPA and GDPR.
Visa
· Visa Privacy Notice
This provision operationalizes Visa's compliance obligations under applicable privacy regulations by explicitly acknowledging jurisdiction-specific consumer privacy rights and establishing a procedural mechanism for their exercise. The clause creates an institutional framework whereby Visa maintains a documented request process and commits to non-discrimination in honoring valid privacy rights requests.
This provision operationalizes T-Mobile's obligations under privacy laws in jurisdictions that establish consumer data access, deletion, and correction rights. The clause establishes the procedural mechanism through which consumers initiate requests and clarifies that the scope of available rights depends on applicable state or regional law.