Users who delete their accounts expecting full erasure of their content may find that posts persist on other AT Protocol applications, which has direct implications for data subject rights under GDPR and CCPA.
DeepL
· DeepL Privacy Policy
Voice translation involves the real-time capture and processing of spoken audio, which may include sensitive or personally identifiable speech; the policy's no-storage claim is significant for users concerned about audio surveillance or transcript retention.
Midjourney
· Midjourney Data Retention & Privacy FAQ
The policy states that generated images are public by default, meaning any image you produce, along with the prompts associated with it, may be visible to other platform users unless you take affirmative steps to upgrade your subscription and enable Stealth Mode.
The assertion of unlimited use rights for de-identified data depends on whether the de-identification meets applicable legal standards, and re-identification risk from health and pharmacy data is a recognized technical and regulatory concern.
Gusto
· Gusto Privacy Policy
There is no opt-out described for this use, and the exclusion of de-identified data from the privacy notice means consumers have no stated rights over how this derived data is used.
This clause removes all policy-based protections from a broadly defined category of data derived from your personal information, creating a potential pathway to unrestricted commercial use of data about your behavior and preferences once it is technically de-identified.
The right to use de-identified data derived from personal information 'for any purpose' and share it with third parties 'for any reason' is broad, and the practical privacy protections depend on the robustness of the de-identification process, which is not described in detail.
Groq
· Groq Privacy Policy
This clause creates a broad exception that could allow Groq to commercially exploit aggregated or de-identified information derived from your activity, including sharing it with third parties, without those uses being constrained by the rest of the policy's privacy commitments.
The provision authorizes unrestricted use and sharing of de-identified data derived from personal information, but does not describe the technical standards or organizational safeguards applied to achieve de-identification, which is relevant to whether the data remains outside the scope of privacy regulations.
The agreement establishes separate legal entities and data controllers depending on user geography, which determines which legal framework governs data rights, which entity is legally responsible for data protection obligations, and which dispute resolution provisions apply.
Affirm
· Affirm Privacy Policy
Device identifiers and geolocation data can be used for behavioral tracking and advertising targeting purposes beyond the basic function of processing a loan.
Device identifiers and phone numbers are persistent identifiers that can be used to track users across services and sessions even when cookies are cleared, making them a foundational element of cross-device advertising profiles.
The collection of IP addresses, device identifiers, and behavioral logs enables Discord and its partners to associate activity across sessions and devices, which is relevant to advertising targeting, security enforcement, and analytics use cases described elsewhere in the policy.
Acorns
· Acorns Privacy Policy
This provision establishes automated collection of behavioral, device, and location data through tracking technologies in addition to user-provided financial data, creating a dataset that may be used for advertising and analytics purposes as described elsewhere in the policy.
Google collects a broad set of device-level data including all installed applications, not just those from Google Play, for security analysis purposes, and some data collection continues even after a user opts out of certain protections.
Location and device data can reveal sensitive information about your daily habits, movements, and financial activity patterns, and this data is used in profiling and fraud detection processes.
Spotify
· Spotify Terms and Conditions
This provision authorizes Spotify and its named business partners to use device hardware resources, including processor, bandwidth, and storage, beyond what is strictly necessary to play audio, which may have implications for device performance and data usage.
Suno
· Suno Acceptable Use Policy
This configuration determines whether advertising identifiers and behavioral analytics are collected from your device before you interact with any consent prompt, and the default-granted posture for non-EU users means tracking begins without an explicit opt-in.
Users may assume that direct messages on a professional networking platform are private, but the policy discloses that message content is collected as personal data, which has implications for how confidentially users can communicate.
This provision establishes that direct message content is accessible to Substack personnel under defined operational circumstances and is subject to automated scanning, which is a material disclosure for users who may treat the direct messaging feature as a confidential communication channel. The terms also state that recipients may retain messages regardless of sender deletion requests, which affects the practical scope of any erasure rights asserted.
The policy states that by placing an order, users acknowledge and agree that merchants may contact them directly using the personal information DoorDash provides, and that DoorDash disclaims responsibility for those merchant-initiated communications.
This provision establishes that a significant category of OpenAI-powered interactions, those occurring through third-party API applications, falls outside the protections described in this policy, and users must separately evaluate each operator's privacy practices.
This provision establishes a broad discretionary disclosure basis that extends beyond law enforcement requests and legal obligations, authorizing disclosure based on the company's own assessment of injury or interference with a wide range of parties including partners and the general public.
23andMe
· 23andMe Privacy Statement
This provision operationalizes user control over a specific category of data processing—the matching and display of genetic information across the service's user base. The mechanism distinguishes between passive data collection and active matching/sharing functionality, with the latter contingent on affirmative user election.
Documents signed through DocuSign frequently contain sensitive personal, financial, legal, or medical information, and this clause confirms that content is collected and processed by DocuSign as part of its service.
Without the clause text, consumers and compliance teams cannot confirm what rights they hold, what data SimpliSafe may collect or share, or what dispute resolution mechanisms apply to their agreement.
Hulu
· Hulu Privacy Policy
The California Privacy Rights Act gives California residents enforceable rights to stop their data from being used for cross-context behavioral advertising, and this clause describes how to exercise those rights.
Roblox
· Roblox Privacy Policy
CPRA grants California residents a statutory right to opt out of the sale and sharing of personal information for cross-context behavioral advertising; this provision establishes the mechanism by which that right can be exercised on the Roblox platform.
Noom
· Noom Privacy Policy
This provision operationalizes California privacy law requirements by establishing the procedural mechanism through which users can exercise statutory data control rights. It delineates the scope of permissible data sharing absent an affirmative opt-out election by the user.
Slack
· Slack Privacy Policy
The CCPA opt-out right is a legally enforceable protection for California residents that limits how Slack can use personal data for commercial purposes beyond service delivery, including potential use for targeted advertising.