Intuit
· Intuit Privacy Statement
Tracking technologies collect behavioral data continuously across browsing sessions, and the involvement of third-party advertising partners means this data flows to external companies who may combine it with other data sources.
This provision establishes the framework under which Shopify deploys tracking technologies across its platform and merchant storefronts. The clause creates an operational structure where cookie usage practices are documented separately in a referenced policy document, with opt-out procedures available for certain cookie categories.
Medium
· Medium Privacy Policy
Cookies and tracking technologies enable Medium and its partners to build a profile of your browsing habits, which can be used for advertising and analytics purposes both on and off the Medium platform.
The provision establishes Thomson Reuters' operational framework for data collection through tracking technologies and specifies the mechanisms available to users for controlling such collection. This determines the baseline data collection practices applicable to platform use unless users exercise available control mechanisms.
Tracking technologies enable the collection of behavioral data that can be linked to your health app usage and used to build advertising profiles, extending data use beyond what you actively input into the app.
The provision establishes the operational framework for data collection infrastructure that supports the platform's analytics, service personalization, and advertising operations. This tracking mechanism generates usage-level data that informs both first-party service optimization and third-party advertising partnerships.
Noom
· Noom Privacy Policy
Tracking technologies allow Noom and advertising partners to build profiles of user behavior that extend beyond the Noom platform, including users who have entered sensitive health information.
Affirm
· Affirm Privacy Policy
Third-party tracking on Affirm's platform means your browsing and purchase behavior may be shared with advertising networks, which can follow you across other websites.
Ford
· Ford Privacy Policy
Cross-site tracking for targeted advertising is subject to opt-out rights under CPRA and is the type of data sharing that California residents can stop by using the Do Not Sell or Share mechanism or enabling Global Privacy Control.
This provision establishes that the AWS website engages in behavioral tracking for advertising purposes, including the use of pixel tags and web beacons in addition to cookies. This is operationally distinct from functional or analytical cookies and has specific consent implications under GDPR's ePrivacy requirements and CCPA's cross-context behavioral advertising provisions.
This provision establishes the operational basis for Threads' ad-supported business model. It clarifies the distinction between using data to target ads and the separate practice of selling personal information, which the clause excludes.
Your authentication behavior data, including login patterns, device types, and application access, may contribute to training AI models, which raises data minimization and purpose limitation questions under privacy frameworks like GDPR.
Intuit
· Intuit Privacy Statement
The provision establishes a broad operational basis for data processing activities beyond service delivery, enabling product development and research functions. The carve-out for de-identified data removes restrictions on downstream uses of that category of information.
Slack
· Slack Privacy Policy
The policy's authorization to use data for AI model training is relevant for users and enterprise customers who want to understand whether their interaction data or content contributes to AI development, which is an increasingly material privacy consideration.
The policy states that automated systems may be used to process personal data for fraud detection purposes, which involves algorithmic processing of transaction, behavioral, and identity data that may affect access to services.
Visa
· Visa Privacy Notice
Fraud prevention is a legitimate and important use of payment data, but the authorization to share information with government authorities 'as permitted by law' is broader than strict legal compulsion and may cover voluntary disclosures.
Using financial account data to inform marketing by Mercury's partners goes beyond core service delivery and means your banking behavior may influence commercial outreach you receive.
The use of sensitive tax data for product development and research means your financial profile contributes to Intuit's AI and analytics capabilities, which may extend the use of your data in ways not directly visible to you.
The clause establishes the operational scope of data use beyond service delivery, permitting HubSpot to process user information for internal product development and analytics functions. This authorization supports the entity's ability to refine service offerings and tailor user experiences based on usage patterns.
The policy authorizes use of user personal data for scientific research and business analysis purposes, which is a notable purpose given Hugging Face's role as an AI and machine learning platform where user data could inform model development or research outputs.
The inclusion of product development and tailored content as stated purposes means usage data collected through Google Cloud may inform broader Google product decisions and, in some contexts, advertising personalization.
Stripe
· Stripe Privacy Policy
This authorization establishes Stripe's ability to leverage aggregated or de-identified customer data to improve service offerings and conduct marketing activities, which constitutes a standard operational use of customer information within the payment processing industry.
This clause establishes the operational scope and data inputs for LinkedIn's advertising targeting infrastructure. It specifies that the company aggregates data from multiple sources—both first-party (member activity, profile data) and third-party (advertising partners, vendors, publishers)—to execute and measure ad campaigns across owned and partner properties.
Canva
· Canva Terms of Use
The agreement authorizes use of de-identified data derived from user content without restriction, which may include data derived from proprietary designs or business content uploaded to the platform; the effectiveness of de-identification and the risk of re-identification are not addressed in the document.
Intuit
· Intuit Privacy Statement
Using sensitive financial and tax data to train AI models raises questions about data minimization, consent, and the long-term retention of user data beyond the immediate service transaction, especially as AI governance regulations develop globally.
Klarna
· Klarna Privacy Policy
This provision establishes a broad operational basis for using customer data in AI/ML development activities beyond the primary service delivery function. The clause operationalizes data use for model improvement across multiple risk and personalization dimensions, which expands the institutional purposes for which personal data is processed under the agreement.
The policy explicitly identifies machine learning training as a context in which personal data is collected and used, which has implications for how users' submitted content and behavioral data may be processed beyond the immediate service interaction.
Twilio
· Twilio Privacy Notice
This data collection mechanism enables Twilio to build operational analytics about service utilization and user behavior patterns. The analytics data supports product improvement, performance monitoring, and service optimization activities across Twilio's platform.
The provision establishes the operational framework for data collection infrastructure across the Calendly service and partner networks. This authorization enables Calendly to collect behavioral data directly and permits partner entities to conduct cross-site tracking activities using the user's device.
This provision establishes that behavioral and device data is collected through automated tracking technologies not only by Equifax but also by third-party service providers and advertising partners, creating data flows that may qualify as sales or shares under CPRA and that engage GDPR's consent requirements for non-essential cookies.