This means your shopping behavior on Amazon follows you across the internet through advertising networks, which can feel intrusive and extends Amazon's commercial use of your data beyond its own platform.
Zelle
· Zelle Privacy Policy
This provision means your browsing activity on zelle.com, including pages you visit and interactions you have, can follow you to other websites in the form of targeted advertisements.
This provision directly affects how your personal information is used for advertising and whether it is shared with third parties you have no direct relationship with.
The clause establishes the operational framework for cross-context behavioral advertising practices and specifies the mechanism through which users can restrict participation in these advertising programs. The availability of opt-out controls creates a procedural pathway for users to modify their data usage within the advertising program.
Cross-device behavioral advertising means your online activity on aa.com can follow you to unrelated third-party websites, and when combined with your personal identity data, creates a detailed profile of your interests and travel intentions.
This type of cross-device tracking creates a detailed behavioral profile that goes beyond account activity and may be used to infer patterns about your financial behavior, location, and interests.
Hulu
· Hulu Privacy Policy
This cross-platform data combination means your activity on one Disney service directly informs how you are treated on others, and third-party data may be added to your profile without a direct relationship, expanding the scope of profiling beyond what any single service interaction would suggest.
PayPal
· PayPal Privacy Statement
This provision discloses that transaction and experience data from three distinct PayPal-affiliated services is combined into a unified profile for personalization purposes, which may aggregate data from contexts in which users had different expectations about data use.
This provision establishes the legal and operational basis for Google combining personal data across Search, YouTube, Gmail, Maps, and advertising networks into unified user profiles, which underpins the targeting capabilities of YouTube Ads and Google's broader advertising ecosystem.
A profile built from data across Disney+, Hulu, ESPN+, parks visits, merchandise purchases, and third-party sources could be significantly more detailed than any single service's data, potentially revealing sensitive information about your household and lifestyle.
This cross-service data combination means the ads you see on YouTube are informed by activity far beyond YouTube itself, including your location history, search behavior, and app activity across your devices.
This provision authorizes cross-site behavioral tracking through third-party cookies, a data practice that engages both GDPR consent requirements and CCPA opt-out rights, and that the policy links to marketing and content personalization purposes.
Acorns
· Acorns Terms of Service
This provision establishes the legal framework and account holder eligibility requirements for minor investment accounts. By requiring guardian representation and authority attestation, the clause creates contractual conditions for account formation and defines the legal relationship between Acorns, the guardian, and the minor beneficiary.
This provision addresses a material concern for enterprise customers deploying proprietary data in AI workflows; the agreement states that customer content processed through Bedrock does not contribute to foundation model training, which is operationally significant for customers with confidentiality obligations around their data.
Asana
· Asana Terms of Service
Most people using Asana for work are on an employer-controlled account, meaning their work data belongs to the organization, not to them personally, and can be accessed by administrators.
This carve-out means that if you are an end user of a business that uses Anyscale's infrastructure, your data rights must be exercised with that business directly, not with Anyscale. Anyscale will not process your rights requests for data it holds on behalf of its customers.
This provision establishes a structural boundary between Anyscale's own data processing and the data processing it performs as a service provider to enterprise customers. Individuals whose data is processed by an Anyscale customer through the Platform Services must direct privacy inquiries to that customer, not to Anyscale.
Groq
· Groq Privacy Policy
Enterprise and developer customers may assume this privacy policy covers their API usage, but their data processing rights and obligations are actually set out in separate contractual documents that must be independently reviewed.
Miro
· Miro Terms of Service
The CDPA establishes Miro's obligations as a data processor under GDPR and similar frameworks, defining the legal basis and conditions under which customer personal data is processed. Enterprise customers are required to assess the CDPA to satisfy their own controller-level compliance obligations.
Miro
· Miro Privacy Policy
The existence of a separate DPA means that individual and free-tier users may have fewer contractual data protections than enterprise customers who have negotiated or accepted a formal DPA.
This provision establishes that end users of applications built on Supabase are not covered by this privacy notice, placing the primary disclosure obligation on the Supabase customer (the application operator) rather than Supabase itself. This has direct implications for enterprise customers who must maintain their own adequate privacy disclosures and ensure their DPA with Supabase is GDPR Article 28 compliant.
This provision establishes that the consumer-facing privacy protections in this policy do not apply to data processed under enterprise agreements, meaning individual users in organizational deployments may have different and separately negotiated data protections.
Your service usage patterns, device information, and network data are collected and can be used for internal marketing purposes in addition to service delivery, which means your data informs how Comcast targets you with offers and upgrades.
This allocation of responsibility clarifies the operational structure of data collection under the agreement: customers act as the party responsible for legal compliance with consent and disclosure requirements, while Mixpanel processes data on their behalf. This framework establishes the contractual boundary between Mixpanel's role as a data processor and the customer's role as the entity accountable to end users.
The provision establishes procedural mechanisms for users to exercise data access and correction rights, while carving out exceptions for data T-Mobile determines necessary for operational, security, or legal purposes. The retention exceptions define the boundary of deletion obligations T-Mobile recognizes under the policy.
This section establishes the data ownership framework applicable to user-submitted content and platform data, and its interaction with the Privacy Notice (referenced as a binding policy) determines how personal financial data, transaction records, and user-generated content may be used by Block.
This clause establishes the breach notification pipeline from Google as processor to the advertiser as controller. The advertiser remains responsible for evaluating the breach and determining whether and when to notify supervisory authorities and data subjects under GDPR Articles 33 and 34.
OpenAI
· OpenAI Privacy Policy
The policy identifies conversation content, uploaded files, images, and audio as data categories collected, which means that any personal, professional, or sensitive information submitted during a ChatGPT session is captured and subject to the uses described in this policy.
The scope of data collection includes not just text conversations but also uploaded files, images, and documents, as well as location information and behavioral usage data, meaning interactions with Gemini generate a broad data profile.
The policy discloses collection of message content alongside device identifiers and usage patterns, which together create a detailed profile of user behavior and communication that may be used for service improvement, analytics, or other stated purposes.