Rumble
· Rumble Privacy Policy
This provision establishes the procedural mechanism through which users may exercise deletion rights, which is a required operational disclosure under CCPA and CPRA for covered businesses, and creates compliance obligations regarding response timelines and verification procedures.
Ring
· Ring Privacy Notice
The ability to delete your Ring account data, including stored videos, is a fundamental privacy right under laws like GDPR and CCPA, and Ring's stated commitment to user control implies these mechanisms should be available.
Cohere
· Cohere Enterprise Data Commitments
The right to request data deletion is a core data governance right for enterprise customers and aligns with regulatory requirements under GDPR and CCPA. The document's recognition of this right indicates a process is available, though the specific mechanism and timeline are not fully detailed in the commitments page.
The clause operationalizes data deletion rights by defining the boundaries of those rights through enumerated retention exceptions. This establishes the conditions under which Spotify's obligation to delete data upon user request does not apply, creating a framework for balancing deletion requests against institutional, legal, and protective obligations.
Third-party disclosure provisions determine which external entities receive user personal information and under what conditions, a material consideration for enterprise customers whose employees or end-users interact with CoreWeave's platform.
The DPA governs how personal data submitted through the API is processed; because it is incorporated by reference rather than reproduced in the main terms, customers must review it separately to understand their data processing rights and obligations.
Miro
· Miro Terms of Service
For business customers under GDPR or other data protection laws, the DPA is the operative legal instrument defining Miro's obligations as a data processor, and the subprocessors list determines which third parties may access the personal data you upload to Miro.
The DPA is the operative document for GDPR and CCPA compliance purposes, and its terms govern data controller and processor obligations, sub-processor authorization, and cross-border transfer mechanisms for personal data processed through Atlassian products.
The specific obligations, data subject rights, sub-processor disclosures, and security measures that protect your personal data under GDPR are governed by the DPA, which is not reproduced in the main terms and requires separate review.
The terms explicitly state that customer prompts and content submitted through Bedrock inference are not used to train Amazon foundation models by default, which is a material data handling commitment relevant to customers submitting proprietary or sensitive data.
AWS
· AWS Customer Agreement
This provision establishes both the data ownership framework (customer retains content ownership) and the permitted scope of AWS's access to customer content (limited to service provision and maintenance). For customers processing personal data on AWS, this provision works in conjunction with the separately available Data Processing Addendum, which governs GDPR and equivalent regulatory obligations.
Developers and businesses using LangSmith's tracing and evaluation features may transmit sensitive data, personal information, or proprietary business logic to LangChain's infrastructure, and the terms governing how that data is processed are material to compliance with GDPR, CCPA, and industry-specific regulations.
Vercel
· Vercel Terms of Service
For businesses and developers who deploy applications handling personal data, the quality and scope of these data protection commitments directly affects GDPR and CCPA compliance obligations and the adequacy of Vercel as a data processor.
Merchants who do not have adequate privacy notices or data processing agreements in place with Adyen may face GDPR compliance exposure if their customers' payment data is processed without proper legal basis.
Incorporating data protection obligations by reference to a separate DPA means customers must actively identify and review an additional document to understand how their users' authentication data is processed, stored, and protected, which is critical for GDPR and CCPA compliance.
Incorporating the privacy policy by reference means changes to that document affect your rights under this agreement, and the acknowledgment that transmissions are never fully secure may affect any expectation of confidentiality for data transmitted through Cloudflare's network.
The breadth and scale of D&B's data processing means that a significant proportion of business professionals worldwide may have data held about them in the D&B Data Cloud, often without having a direct relationship with or awareness of D&B.
This clause establishes the foundational processor-controller relationship required by GDPR Article 28, and its scope directly determines whether Perplexity's AI processing activities remain within the customer's instructed purposes or constitute independent controller activity.
Chegg
· Chegg Privacy Policy
The absence of specific retention periods means Chegg may hold your personal data indefinitely under broad justifications, limiting users' ability to predict when their data will be deleted.
Open-ended retention language tied to broad purposes like service improvement and AI training means personal data, including conversation history, could be retained for extended and indeterminate periods.
ADP
· ADP Privacy Statement
Without specific retention timelines for each data category, it is difficult for individuals or employers to predict when their data will be deleted, which affects the practical ability to enforce deletion rights.
BeReal
· BeReal Privacy Policy
The absence of specific retention timelines for categories of data such as dual-camera imagery and location data makes it difficult for users to know exactly how long their most sensitive information is held.
Miro
· Miro Privacy Policy
If Miro retains your data for extended periods after account closure or inactivity, your information may remain in Miro systems longer than you would expect. Users who close accounts should consider submitting a deletion request to ensure timely removal.
Open-ended retention language tied to business necessity can mean data is kept for extended periods; users who close their accounts should confirm deletion of sensitive data including avatar likeness and voice recordings.
The absence of specific retention periods for individual personal information categories, particularly health and pharmacy data, creates compliance considerations under CCPA/CPRA's data minimization requirements and HIPAA's record retention standards. Retention periods that are not bounded by specific timelines may face scrutiny under CPRA's proportionality standard.
The absence of specific retention periods for individual data categories, particularly voice recordings and voice models, creates potential tension with GDPR's data minimization and storage limitation principles, which require that retention periods be specified or determinable.
This provision establishes a principles-based rather than fixed-period retention framework, which may require evaluation under GDPR data minimization and storage limitation principles where specific retention schedules are expected by supervisory authorities.
The retention period is not precisely defined, which means your health and fitness data could be held for an extended and uncertain duration even after you stop using or delete your account.
Retention periods determine how long your personal data exists in CoreWeave's systems, affecting both your privacy and the company's obligation to delete data upon request.
Fly.io
· Fly.io Privacy Policy
Open-ended retention language means your personal data may be held indefinitely unless you actively request deletion, and the criteria for determining retention length are not defined with precision.