Figma
· Figma Privacy Policy
EU users have strong legally enforceable rights over their personal data, and the lawfulness of Figma transferring their data to the US depends on whether adequate transfer safeguards are in place.
Bumble
· Bumble Terms and Conditions
This provision authorizes access to Facebook friend information and location data at account creation, and the complete scope of accessed data is defined by reference to a separate Privacy Policy document rather than specified in the Terms themselves. This cross-document dependency means the full data access scope may not be apparent to users reading only the Terms.
This provision identifies specific protected characteristics that Google states its AI systems should not disadvantage, which is relevant for consumers who interact with AI-powered Google products in consequential contexts such as search, advertising, or automated decision-making.
This commitment describes how Microsoft states it addresses algorithmic bias in AI systems, which is relevant to consumers and regulated entities concerned about discriminatory AI outputs in areas such as hiring, lending, healthcare, or content moderation.
This provision states a commitment to non-discrimination in high-stakes AI applications including medical treatment, loan decisions, and employment; these are areas where discriminatory AI outcomes may engage civil rights law, fair lending law, and equal employment law, depending on how Microsoft AI is used by customers.
Parents who set up Family Sharing are on the hook for any purchases their children make through their Apple IDs unless Ask to Buy is enabled, which means a child's accidental or intentional app or in-app purchase is the financial responsibility of the family organizer.
Federal credit reporting law overrides your general privacy rights for credit report data, meaning your right to delete information from your TransUnion credit file is more limited than your right to delete other types of personal data.
Users who use the feedback rating buttons may not realize this causes their entire conversation to be stored separately as feedback data, which may be subject to different use and retention terms than standard conversation data.
Chegg
· Chegg Privacy Policy
FERPA compliance provisions are operationally significant because they define the legal boundaries for handling sensitive student data and establish requirements for data security, access controls, and disclosure practices. These provisions also clarify Chegg's obligations when functioning as a contractor or service provider to schools rather than as a direct service to individual students.
SoFi
· SoFi Privacy Notice
As a financial services entity offering banking, lending, and investment products, the scope of data collection authorized across these product lines engages both GLBA nonpublic personal information requirements and CCPA personal information categories, creating distinct obligations for each data type and product context.
Uber
· Uber Privacy Notice
Financial account data and tax information are sensitive categories of personal data whose exposure creates direct financial risk; the notice authorizes Uber to retain and use this data for both payment processing and tax compliance, and to share it with financial services partners and tax authorities.
Collection of payment card numbers and financial transaction data by Google is operationally significant for compliance teams assessing PCI DSS obligations, data security requirements, and financial data disclosure requirements applicable to Google Pay and related services.
Affirm
· Affirm Privacy Policy
GLBA opt-out rights are narrower than many consumers expect: they apply to sharing with non-affiliated third parties for marketing but do not cover sharing for joint marketing arrangements or operational service providers.
Stripe
· Stripe Privacy Policy
This provision permits Stripe to share personal and financial data across its broader merchant ecosystem for fraud prevention purposes, which implicates data minimization and purpose limitation requirements under GDPR and equivalent frameworks, and may affect individuals' transaction outcomes across multiple unrelated merchants.
Apple
· Apple App Store Review Guidelines
This provision conditions App Store distribution of gambling apps on jurisdiction-specific licensing compliance and geo-restriction, which are requirements under most gambling regulatory frameworks globally.
Detailed gameplay behavioral data enables profiling of individual users over time and can be combined with device identifiers and advertising data to build comprehensive user profiles used for targeted advertising and product decisions.
The policy states that gameplay interactions, purchase history, device identifiers, and IP addresses are collected, which together can form a detailed behavioral profile of each user.
EA
· EA Privacy and Cookie Policy
Gameplay recordings and statistics can be made publicly visible beyond the game itself, including at live events; players in competitive modes should understand their gameplay may be broadcast in contexts beyond their direct game session.
Steam
· Steam Privacy Policy
Game statistics and device identifiers are persistent data that build a detailed profile of your gaming behavior over time, and this data may be shared with third-party developers as described elsewhere in the policy.
Garmin
· Garmin Privacy Statement
Default public or semi-public visibility of fitness data including GPS routes, pace, and workout frequency can reveal sensitive information about your physical location habits and daily routines to anyone who accesses your Garmin Connect profile.
These rights allow you to take control of your personal data, but they are jurisdiction-dependent, meaning users outside the EU and California may have more limited enforceable rights under this policy.
Waze
· Waze Privacy Policy
This clause operationalizes Waze's compliance obligations under GDPR and UK data protection law by explicitly confirming the availability of statutory data subject rights and establishing that the privacy policy describes the mechanisms for exercising them. The provision ties policy controls to legal entitlements rather than discretionary permissions.
Fiverr
· Fiverr Privacy Policy
The provision operationalizes statutory data subject rights under GDPR and CCPA by specifying a procedural mechanism through which users may submit requests. The clause establishes Fiverr's obligation to respond to requests initiated through the designated contact method.
This provision establishes the legal bases Sourcegraph relies on under GDPR, which determines what rights you have and under what circumstances you can object to or request deletion of your data.
Roblox
· Roblox Privacy and Cookie Policy
The appointment of Article 27 representatives and an Article 37 DPO reflects compliance with GDPR requirements for non-EU controllers processing EU personal data. The policy's multi-jurisdictional structure, including separate addenda for US states, Brazil, and Korea, creates a layered compliance framework where the addenda govern over the main policy in case of conflict.
Roblox
· Roblox Privacy and Cookie Policy
The clause operationalizes Roblox's obligation to maintain data protection standards during cross-border transfers while specifying reliance on legal transfer mechanisms (such as Standard Contractual Clauses or adequacy decisions) to comply with jurisdictional requirements governing international data flows.
The provision establishes that Paramount+ recognizes jurisdiction-specific data subject rights that operate independently of the privacy policy terms. This framing indicates the company acknowledges legal obligations imposed by regional data protection regulations rather than rights granted contractually by the service.
Waze
· Waze Privacy Policy
This provision formally acknowledges the GDPR and UK GDPR rights framework for European and UK users, establishing an avenue for data subjects to exercise statutory rights directly against Waze.
This provision identifies the legal entity responsible for your personal data based on your location and states the privacy rights available to you, which determines who you contact to exercise rights and what legal framework applies to your data.
The clause operationalizes legal obligations imposed by GDPR and UK data protection statutes rather than contractual obligations. It confirms the entity's recognition of statutory data subject rights and establishes procedural mechanisms through which individuals may exercise those rights against the entity's processing activities.