The agreement incorporates the Privacy Policy by reference and states that use of the platform constitutes consent to data collection practices including device information, log data, usage data, and third-party sourced information; the specific categories and third-party sources are governed by the separate Privacy Policy document.
By agreeing to the Services Agreement, users also accept the data collection and processing practices described in the separate Privacy Statement, which covers all Microsoft consumer services including Copilot.
This provision establishes the data collection permissions applicable to platform users, including developers and API providers, covering usage telemetry, account identifiers, and API transaction metadata, which is relevant to data protection compliance obligations for business users.
Non-enterprise Sourcegraph.com users are subject to broader data collection than enterprise users: their User Prompts, LLM Prompts, and Responses are collected for product improvement purposes, whereas Enterprise Cody users have their Customer Content used only to provide the service.
The policy states that Shopify collects purchase, identity, and behavioral data from buyers across all merchant storefronts on its platform, meaning a single consumer's data may be aggregated across multiple independent merchant transactions.
The policy authorizes Pinecone to obtain personal data about individuals from data providers and marketing partners, meaning individuals may have personal data held by Pinecone without having directly interacted with the company.
Visa
· Visa Privacy Notice
Receiving data from external sources like data brokers means Visa's profile of you may go beyond what you directly provided, incorporating inferred demographics and interests from third parties you may not have interacted with intentionally.
Figma
· Figma Privacy Policy
The scope of data collection determines what information Figma retains about you and your work, including potentially sensitive professional design assets.
Medium
· Medium Privacy Policy
This provision establishes the categories of personal data Medium collects across both direct user input and automated technical collection, which determines the scope of data subject rights requests under GDPR and CCPA and informs the data mapping obligations of any organization assessing Medium as a data processor or service.
The policy authorizes collection of a broad range of personal information including identifiers, commercial records, and electronic network activity, which may be used for advertising, analytics, and personalization purposes.
The breadth of data collected, spanning identifying information, payment details, and behavioral usage data, means monday.com builds a detailed profile of each user over time.
Writer
· Writer Privacy Policy
The breadth of data collected, particularly User Content (what you write and submit) and usage data, means Writer has access to potentially sensitive business information beyond basic account details.
The policy states that content created or uploaded within Atlassian products, including messages and files, is collected as personal information, meaning material you create in Jira or Confluence may be processed under this policy.
Brex
· Brex Privacy Policy
This provision establishes the full scope of personal data Brex processes, which spans both standard digital identifiers and sensitive financial account details, creating compliance obligations under CCPA, GLBA, and GDPR depending on the user's jurisdiction and the nature of the data.
Stripe
· Stripe Privacy Policy
The policy's collection scope covers individuals who interact with Stripe only indirectly through merchant checkouts, meaning many consumers may not be aware that Stripe is collecting their device and behavioral data during purchases.
This provision establishes the full scope of personal data collection, including voice and audio data which may be subject to additional state-level protections (such as Illinois BIPA or Washington's My Health MY Data Act depending on data type) and GDPR requirements for processing biometric or sensitive personal data categories.
Miro
· Miro Privacy Policy
This provision defines the full scope of personal data Miro processes, which is material for enterprise data governance assessments because board content may include sensitive business information alongside standard account metadata.
Fly.io
· Fly.io Privacy Policy
Understanding what data is collected helps users assess their privacy exposure and decide what information they are comfortable providing to a cloud infrastructure provider.
GitHub
· GitHub Privacy Statement
The breadth of collection covers both identity-linked data (name, email, payment) and behavioral data (usage patterns, device fingerprint), meaning GitHub builds a detailed profile of both who you are and how you use the service.
The policy authorizes collection of a broad range of professional and behavioral identifiers, including payment information and clickstream data, which are used for service delivery, marketing, and analytics purposes.
The breadth of data categories collected, including learning performance, streaks, device identifiers, and IP addresses, means Duolingo builds a detailed profile of each user's activity and behavior over time.
This provision establishes the three primary collection channels and authorizes ingestion of data from external third-party sources in addition to direct user input and behavioral data, which has implications for data mapping and consent chain documentation.
Midjourney
· Midjourney Data Retention & Privacy FAQ
The policy discloses a broad set of data categories collected across account, device, behavioral, and content dimensions, including the content of prompts and uploaded images, which may contain personal or sensitive information.
The collection of email address, phone number, date of birth, payment method, and a unique persistent identifier means Discord holds a detailed profile linked to your real identity across your use of the service.
The breadth of data collected means Poshmark has a detailed picture of your identity, financial habits, interests, and device, which is used for personalization, advertising, and sharing with third parties as described elsewhere in the policy.
The combination of account registration data, payment information, and detailed usage logs creates a comprehensive profile of each direct Google Cloud user, which may be used for service improvement and other stated purposes.
This provision determines which legal entity is responsible for your personal data and which legal framework and dispute resolution mechanisms apply, which affects which rights you can exercise, which supervisory authority oversees your data, and which legal system governs any disputes.
Auth0
· Auth0 Privacy Policy
Many users encounter Okta or Auth0 without realizing it, as it powers login for thousands of enterprise apps. Those users cannot rely on this policy for their data rights; they must look to their employer's or the application's own privacy terms.
Many people use Claude-powered tools without knowing Anthropic is the underlying engine; this clause means those users have no direct privacy rights against Anthropic and must look to their operator for data protections, which may vary widely.
The exceptions to deletion requests mirror categories recognized under CCPA/CPRA but are stated broadly, particularly the 'overriding interest' and 'unresolved account issue' carve-outs, which could be applied to retain data beyond what applicable law strictly permits.