This provision clarifies the operational data governance structure by specifying that Supabase functions as a data processor for Customer Data rather than as a data controller. This allocation of responsibility means that the customer using Supabase's platform—not Supabase itself—bears primary responsibility for data protection obligations and privacy disclosures related to that Customer Data, with Supabase's obligations defined in a separate data processing addendum.
This provision clarifies the scope of Anthropic's stated privacy obligations by distinguishing between direct-consumer relationships (where Anthropic acts as controller) and B2B relationships (where Anthropic acts as processor). The distinction determines which entity's privacy documentation applies and which party bears primary responsibility for data subject rights and compliance obligations.
This provision establishes the operational framework for third-party data sharing and cross-platform advertising infrastructure. It defines the scope of personal information transfer and the technologies these providers may employ to fulfill advertising and analytics functions.
Auth0
· Auth0 Terms of Service
The incorporation by reference mechanism establishes the DPA as the operative framework governing Auth0's data processing obligations and practices, rather than relying solely on data handling terms within the primary Terms of Service document.
The incorporation of the DPA establishes the contractual framework governing how Shopify handles personal data subject to GDPR regulations. This creates binding obligations regarding data processing activities, including roles, responsibilities, and compliance standards that apply to merchants processing EU personal data through Shopify's platform.
The clause establishes the operational framework for data flows required under the payment processing model. Card scheme participation requires data sharing with multiple entities in the payment network, which is a foundational requirement for transaction processing and network-level regulatory compliance.
Data processor designation establishes the legal framework for how Mixpanel handles personal data, clarifying liability allocation and compliance obligations under data protection regulations. This designation typically triggers specific contractual requirements regarding data security, sub-processor management, and data subject rights.
This clause delineates the scope of Anthropic's Privacy Policy by carving out a category of service relationships where Anthropic's obligations are defined by separate data processing agreements with the commercial customer rather than by this public policy. This operational distinction affects which privacy framework applies depending on the service relationship structure.
Twilio
· Twilio Terms of Service
The clause establishes the operational scope of Twilio's data processing authority and clarifies the division of responsibility between the service provider and customer regarding data quality. This authorization is bounded by reference to a separate Data Protection Addendum, which specifies additional data handling requirements.
Okta
· Okta Terms of Service
This clause establishes a hierarchy of governing documents for data processing obligations, ensuring that data protection requirements are specified in the Data Processing Addendum rather than the general terms. The conflict resolution mechanism prioritizes the Data Processing Addendum, which typically contains detailed processor obligations, data subject rights, and compliance requirements.
Fiverr
· Fiverr Privacy Policy
The clause establishes a broad authorization for data use once personal information undergoes de-identification or aggregation, effectively exempting such processed data from standard privacy constraints and enabling unrestricted commercial deployment of derived datasets.
GitHub
· GitHub Privacy Statement
This clause establishes a carve-out from privacy protections for data in de-identified or aggregated form, permitting internal research operations and product development to proceed without the notice and consent requirements that apply to personal data handling.
The clause establishes that data rendered non-identifiable through aggregation or anonymization falls outside the scope of personal data restrictions, enabling the entity to repurpose derived datasets for service development, analytics, and third-party sharing without user consent requirements.
Groq
· Groq Privacy Policy
The clause establishes that de-identified data falls outside the scope of the privacy policy's restrictions, creating a separate category of information that the company may use and share without limitations. This provision defines the operational boundary between personal data subject to privacy controls and aggregated or anonymized data subject to no contractual restrictions.
This clause establishes a broad authorization for unrestricted use of data once it has been de-identified or aggregated, creating a category of data exempt from the privacy policy's standard limitations. The provision commits the entity to maintain de-identified data without attempting to re-identify it, establishing the procedural boundary for this data class.
This dual-role structure allocates data protection responsibilities between Monday.com and its customers under applicable data protection regulations. The designation clarifies that customer-uploaded data processing obligations flow through a dedicated Data Processing Agreement rather than the privacy policy alone, establishing the contractual framework for processor liability and compliance requirements.
The dual-role structure establishes different legal responsibilities and compliance obligations depending on the data category. As a processor, Mixpanel operates under customer instructions and data protection agreements; as a controller, Mixpanel determines purposes and means of processing and bears direct regulatory accountability.
The dual role designation determines Shopify's legal responsibilities and the scope of its independent decision-making authority regarding personal data. When operating as a controller, Shopify maintains independent authority over data handling decisions; when operating as a processor, Shopify's data processing activities are governed by Merchant directives, establishing a chain of responsibility between Merchant and Shopify for customer data.
The clause delineates ZipRecruiter's operational role in data processing arrangements where clients retain primary control over personal data. This allocation affects the routing of data subject rights requests and establishes that ZipRecruiter's responsibility is limited to processing under client direction rather than independent data stewardship.
This provision delineates Amplitude's legal responsibilities under data protection frameworks by specifying when Amplitude bears primary accountability for data handling decisions versus when it operates under customer instructions. The classification determines which party holds primary obligations under applicable data protection regulations and customer contractual requirements.
The dual-role structure defines HubSpot's legal responsibilities and regulatory obligations under data protection frameworks. When operating as a controller, HubSpot bears primary responsibility for processing decisions; when operating as a processor, responsibility for lawfulness and data subject rights transfers to the customer as controller, while HubSpot assumes data handling obligations specified in processing agreements.
Slack
· Slack Privacy Policy
The processor/controller distinction defines legal obligations and accountability structures under data protection frameworks. As a processor of Customer Data, Slack operates under customer instructions; as a controller of Other Information, Slack independently determines processing purposes and means, creating different compliance obligations and data handling requirements for each category.
Stripe
· Stripe Privacy Policy
The dual-role framework establishes Stripe's legal responsibilities under data protection regulations. As a data controller, Stripe determines processing purposes and means; as a processor, Stripe processes data on behalf of other controllers. This distinction determines which entity bears primary compliance obligations and liability for data handling practices.
The dual role designation establishes different data governance responsibilities depending on the product used. When DocuSign acts as controller rather than solely as processor, it assumes independent obligations regarding data retention, use, and compliance with data protection regulations, which affects the scope of accountability between DocuSign and its customers.
Communications you send through online banking — including secure messages and transaction notes — may be reviewed by the bank, and this consent is a condition of using the service.
Gusto
· Gusto Privacy Policy
This provision defines the operational responsibility structure for personal data handling, allocating data controller authority to the employer-customer while positioning Gusto as a processor bound by customer instructions. This framework establishes the contractual basis for how personal information flows through the platform and which entity bears primary liability for data governance decisions.
Gusto
· Gusto Privacy Policy
This allocation of roles establishes the contractual and legal framework for data handling responsibilities. It clarifies that employers, not Gusto, bear primary responsibility for determining how employee data is used and for compliance with data protection obligations.
Cohere
· Cohere Privacy Policy
This provision allocates data protection responsibilities by designating the customer as the party responsible for lawful basis, compliance obligations, and end-user disclosures, while Cohere assumes processor liability for handling personal information according to customer directions. This allocation determines which party bears primary responsibility for regulatory compliance and data subject rights under frameworks like GDPR.
This carve-out creates a distinct regulatory framework for enterprise customer data, separating it from the general privacy terms that apply to other users. It clarifies that PlanetScale's obligations for enterprise data processing are determined contractually between the company and each enterprise customer rather than under the standard Privacy Policy.
Figma
· Figma Privacy Policy
This clause creates a hierarchical governance structure in which enterprise data processing agreements take precedence over the standard Privacy Policy, enabling customized data handling arrangements for organizational customers without requiring simultaneous modification of the public policy document.