This provision places the full burden of regulatory compliance for AI-generated content, data protection, and sector-specific rules on the customer, meaning organizations deploying Bedrock in regulated industries must independently ensure compliance rather than relying on AWS's own compliance certifications.
This clause allocates regulatory compliance responsibility to the customer rather than the service provider. The provision operates to clarify that Segment provides tools and infrastructure without guaranteeing that customer deployment of those tools will satisfy applicable legal obligations, creating a clear boundary between platform functionality and customer's independent compliance obligations.
This provision places the full burden of End User compliance, including consent collection, on the commercial Customer rather than Mistral AI, meaning that if an End User violates the terms or applicable law, the Customer is the liable party.
This program uses network-level behavioral data, including browsing history and app activity, for commercial advertising purposes without requiring you to affirmatively consent before enrollment.
The provision establishes the operational scope of data collection and use for Verizon's advertising personalization programs. It clarifies that network-level usage data constitutes authorized information sources for both service personalization and advertising targeting purposes.
This provision authorizes Verizon to use network-level behavioral data, including browsing and app usage activity, as a telecommunications carrier to deliver targeted advertising. As a common carrier, Verizon's use of CPNI-adjacent network data for advertising purposes engages FCC regulatory authority in addition to general consumer privacy frameworks.
The clause establishes the operational scope and purpose of the Custom Experience Plus program, specifying which data categories Verizon collects and processes for advertising personalization and business analytics, and defining the program's value proposition to both individual users and business customers.
This provision establishes a default opt-in enrollment for a program that uses network-level data, including URLs visited and app usage, for advertising profiling. Under FCC CPNI rules, telecommunications carriers have historically been subject to restrictions on using certain network usage data for marketing without affirmative customer consent, and this default enrollment structure may require evaluation against those requirements.
This program uses sensitive browsing and app activity data for advertising without requiring you to affirmatively opt in, meaning your data is being used for ad personalization unless you take action to stop it.
OpenAI
· GPT-4o System Card (PDF)
This risk assessment establishes the documented baseline for GPT-4o's cybersecurity capabilities and limitations as determined through OpenAI's internal evaluation framework. The Medium risk classification indicates the model's assessed capacity to provide assistance with malicious coding activities, which informs the operational scope of the model's deployment and monitoring protocols.
OpenAI
· OpenAI Usage Policies
This provision applies to all users and operators and covers generation of offensive cyber tools, though the document implicitly acknowledges a distinction between prohibited offensive tool creation and permitted defensive security research — a distinction that may not always be clear in practice.
This prohibition applies to all users and API operators, and covers both direct creation of malicious software and providing technical assistance that enables cyberattacks causing significant harm.
This provision sets the operational standard for T-Mobile's security obligations by defining what protections are in place while establishing the notification requirement that governs T-Mobile's procedural response to security incidents affecting user data.
This clause establishes a data sourcing mechanism that supplements Cash App's first-party data collection with third-party derived data. The operational significance is that user profiles maintained by the company may contain information originated and inferred by external parties rather than collected directly from user activity.
Because Thomson Reuters operates as a data broker, individuals may have personal information collected, profiled, and sold without ever interacting directly with the company, making awareness of opt-out rights critical.
The policy states that profiles maintained about Cash App users may be enriched with externally sourced inferred characteristics and advertising segments from data brokers, which goes beyond transactional data collection and engages CCPA/CPRA rights to know about third-party data sources and opt out of their use.
Lyft
· Lyft Terms of Service
The provision creates the operational basis for data collection and establishes that data handling practices are documented separately in the Privacy Policy rather than within the Terms of Service itself, requiring users to reference multiple documents.
The provision establishes that privacy practices are documented in a separate policy rather than in the terms themselves, requiring users to review multiple documents to understand the full scope of data practices. This structure means material information about data handling is located outside the primary terms document.
This provision establishes the data collection and usage framework that enables the Google Maps Platform service delivery model. By defining the scope of permissible data collection and retention, the clause clarifies the operational basis for service provision and product improvement activities across Google's product ecosystem.
BeReal
· BeReal Terms of Service
BeReal's core product involves capturing dual-camera photos at random moments, which means the app regularly collects images of your face and surroundings, and the terms govern how that sensitive data is used and shared.
The clause establishes the scope of data collection activities and clarifies Duo's role in the data processing relationship. This designation as data processor rather than controller determines the legal framework and responsibility allocation for how collected data is handled and protected.
Lyft
· Lyft Terms of Service
This provision establishes data flows between two entities (Google and Lyft) during service operation, with location data available to both parties for service improvement and operations purposes. The clause allocates responsibility for data practices to Google's terms, creating a multi-entity data governance structure rather than solely Lyft-controlled practices.
SoFi
· SoFi Terms of Service
The provision establishes the operational scope of data handling and establishes consent through terms acceptance as the legal mechanism governing information disclosure to multiple categories of recipients. This framework determines which entities gain access to user data and the authorized purposes for that access.
Viewing history and location data are considered sensitive personal information under several state privacy laws, and the sharing of this data with third-party partners for advertising purposes may constitute a data sale under CCPA, giving California residents opt-out rights.
The collection of precise location data and trip details, combined with use for purposes described in a separate Privacy Notice incorporated by reference, means the full scope of data use is not entirely contained within these terms and requires review of an additional document.
Square
· Square Terms of Service
This provision operationalizes Square's data governance framework by incorporating the Privacy Notice as the governing document for all personal data handling. The clause establishes acknowledgment of data practices as a condition of service use, creating the contractual basis for Square's data collection and processing activities.
The provision establishes the operational framework under which Verizon processes personal and usage data. This determines what customer information the carrier collects as a standard business practice and the permissible uses and disclosures of that information.
The combination of first-party data with commercially purchased data profiles, including income level and risk scores from data brokers, creates a comprehensive behavioral and financial profile that goes beyond what users knowingly share with DraftKings directly.
RunPod
· RunPod Privacy Policy
The clause defines the scope of direct data collection practices for the service, specifying that workload-related technical data and usage metrics constitute collectible information within the terms of service operation.
This provision is operationally significant because it establishes the legal and procedural basis for data handling in a service designed for users under 13, where parental authorization is required. The provision structures compliance with children's privacy regulations, including requirements around parental notification, data minimization, and restricted use of collected information.