This provision establishes the mechanism by which consumers can exercise their statutory opt-out rights under CCPA/CPRA and analogous state laws, and discloses that opting out may affect the personalized experience consumers receive.
Yelp
· Yelp Privacy Policy
The clause operationalizes statutory obligations under state privacy laws (CCPA/CPRA) by establishing specific procedural channels through which consumers can exercise opt-out rights. The non-discrimination requirement establishes that exercise of these rights does not alter service availability, pricing, or quality of service.
Stash
· Stash Privacy Policy
Several US states have enacted or are implementing universal opt-out signal requirements that go beyond the legacy Do Not Track standard; Stash's policy of not responding to browser-level signals may require re-evaluation as these requirements expand.
Several state privacy laws now require businesses to honor browser-based opt-out signals such as the Global Privacy Control; State Farm's stated non-support for these signals may create compliance exposure in states where honoring such signals is legally required.
Businesses cannot assess Amplitude's data protection obligations from the ToS alone; the DPA is the operative document for GDPR and privacy law compliance, and it must be reviewed separately.
Pinecone
· Pinecone Data Processing Addendum
This clause reserves Pinecone's right to modify the DPA unilaterally, which may affect the data protection commitments business customers rely upon for their own regulatory compliance. The modification procedure in Section 15 governs how and when changes take effect.
Uber
· Uber Privacy Notice
The notice provides access and deletion rights but includes a broad retention carve-out for legal, safety, and business purposes, which may significantly limit the practical scope of deletion rights depending on how broadly Uber applies these categories.
Lyft
· Lyft Privacy Policy
Drivers' personal identifying information including real-time location is shared with riders and third-party vendors, which creates specific privacy and safety considerations for drivers as a distinct user group whose data is more broadly disclosed than riders' data.
Uber
· Uber Privacy Notice
This provision establishes the operational mechanisms through which users can exercise data subject access and deletion rights, establishing Uber's procedural obligations to facilitate these requests and maintain accessible data retrieval systems.
Adyen
· Adyen Privacy Policy
If Adyen is acting as a processor for a merchant, you may need to go to that merchant, not Adyen, to exercise rights like deletion or access, which adds a step and could delay or complicate your request.
Egnyte
· Egnyte Privacy Policy
This distinction determines who you must contact to exercise privacy rights over your data and which policies govern your information depending on context.
Workday
· Workday Privacy Statement
If you are an employee using Workday at work, your employer, not Workday, is typically the controller of your HR data, which means you may need to direct privacy requests to your employer rather than to Workday directly.
This provision determines which legal obligations, data subject rights workflows, and contractual requirements apply depending on the data processing context. Organizations deploying Amplitude's SDK must assess their own controller responsibilities for end-user personal data processed through the platform, and should ensure a Data Processing Agreement with Amplitude is in place to govern the processor relationship.
This distinction determines who is legally responsible for protecting your data and who you can contact to exercise rights like deletion or access, which may not be obvious when visiting a Squarespace-powered site.
This distinction determines who is legally accountable for cardholder data rights requests: if a cardholder wants to exercise GDPR rights over their payment data, they may need to contact the merchant rather than Checkout.com directly for certain processing activities.
This distinction determines who is legally responsible for your data and who you should contact with privacy requests, depending on how you encountered Amplitude.
Stripe
· Stripe Privacy Policy
The designation of Stripe's role as controller or processor determines the scope of Stripe's obligations and legal responsibilities under data protection regulations, particularly GDPR and similar frameworks. This distinction affects how Stripe handles data subject rights requests, consent requirements, and breach notification obligations.
The distinction between controller and processor determines who is ultimately responsible for your data rights; if you are an employee or end user of a business that uses Synthesia, your data rights may need to be exercised through that business rather than directly with Synthesia.
eBay
· eBay Privacy Notice
The inclusion of a dedicated AI section in eBay's privacy notice indicates that user data may be used to train, test, or inform AI systems, which has implications for automated decision-making and profiling rights under GDPR.
This provision establishes the legal framework governing EEA and UK user data, including the reliance on standard contractual clauses for international transfers. The adequacy of these safeguards and the validity of the legitimate interest basis for AI training and advertising processing are subject to evaluation by EU supervisory authorities and the UK ICO.
GDPR rights are among the strongest consumer data protections globally, and Grammarly's policy acknowledges them for EEA and UK users, meaning those users have enforceable legal recourse if their data is mishandled.
This provision establishes GDPR-based rights for EEA and UK users and requires OpenSea to identify the lawful basis for each category of processing, which creates obligations around consent management, legitimate interests assessments, and response procedures for data subject requests.
The policy acknowledges GDPR and UK GDPR rights for EEA and UK users but does not specify the lawful basis for processing under GDPR Article 6, which may be material for users or regulators assessing the adequacy of OpenRouter's data processing compliance.
Suno
· Suno Privacy Policy
EEA users can object to processing carried out under legitimate interests, including potentially Suno's use of their Content and prompts for AI model training, which gives these users more control over their data than users in most other jurisdictions.
The geographic designation signals that Comcast has structured its privacy obligations to account for regional regulatory frameworks in these jurisdictions, including GDPR and equivalent data protection regimes. This framing indicates differentiated privacy obligations may apply depending on user location.
The provision operationalizes compliance obligations in jurisdictions with distinct privacy law regimes, establishing separate notice terms and data subject rights applicable to those geographic regions rather than applying uniform global terms.
This provision establishes that Supabase maintains a separate GDPR-aligned disclosure framework for European users, including lawful bases documentation and data subject rights procedures, which are operationally significant for enterprise customers and individual users exercising GDPR rights.
Pika
· Pika Privacy Policy
If you are in the EU or UK, you have strong legally enforceable data rights under GDPR, including the right to have your data deleted and to complain to a supervisory authority if you are unsatisfied with Pika's response.
Gusto
· Gusto Privacy Policy
Employees have limited direct control over data their employer submits to Gusto, and they must navigate both Gusto's and their employer's privacy frameworks to understand their full rights.
Uber
· Uber Privacy Notice
This provision authorizes the sharing of trip-level location data with employers when rides are taken on a business account, which may not be immediately apparent to employees and raises workplace privacy considerations.