This provision establishes Pinterest's data collection scope beyond registered users, enabling the platform to build profiles and behavioral records on non-account holders for purposes including analytics, advertising targeting, and service optimization across its network.
The clause establishes the scope of data collection activities across both user-initiated submissions and automatic collection mechanisms. This operational scope determines what categories of personal, financial, and behavioral data the service captures throughout the user engagement lifecycle, from account setup through service use and customer interactions.
This provision defines the scope of data collection that Google performs during service operation, establishing which categories of information the company gathers as a standard part of providing and maintaining Gemini Apps. The scope encompasses both content-level data and technical metadata necessary for service delivery and analytics.
AT&T
· AT&T Terms of Service
This clause establishes the scope of data collection practices tied to account creation and identifies the Privacy Policy as the governing document for how collected information is processed and disclosed. The provision creates a contractual basis for data practices that would otherwise require separate authorization.
The data controller/processor distinction determines which party bears primary legal responsibility for data protection compliance, liability exposure, and regulatory obligations under frameworks like GDPR and similar regimes. This allocation affects contract enforcement mechanisms, audit rights, and the scope of permissible data handling activities.
The clause specifies the operational mechanism for account wind-down and data retention obligations post-termination. It defines the scope of data subject to deletion and the timeframe within which deletion occurs, which affects both user data persistence and OpenAI's ongoing storage obligations.
Meta
· Llama API Terms of Service
This provision creates a time-sensitive operational obligation that applies upon platform access termination or user request, requiring developers to have implemented data mapping and deletion workflows capable of identifying and purging all Meta platform-sourced data across their systems and sub-processors.
Meta
· Meta Platform Policy
This clause creates an operational obligation for Meta to process data deletion requests within defined parameters, establishing the conditions under which user data must be removed from Meta's systems and the exceptions to that obligation.
This clause clarifies the legal relationship between Datadog and its customers regarding data handling obligations, designating Datadog as a processor rather than controller. The allocation establishes that customers retain controller obligations, including obtaining lawful bases for data transfer and ensuring compliance with applicable data protection regulations.
The provision establishes operational requirements for how Microsoft structures AI training practices, including documentation and consent alignment mechanisms. These requirements define the institutional framework Microsoft applies to govern data inputs and traceability across its AI systems.
AWS
· AWS Customer Agreement
The clause creates a framework for data residency control and establishes AWS's data access limitations and non-disclosure obligations as operational requirements. It specifies the conditions under which AWS may deviate from customer region selections, creating a clear procedure for compliance-driven data transfers.
Box
· Box Terms of Service
Organizations subject to GDPR, CCPA, or other data protection laws need to ensure they have executed a Data Processing Agreement with Box, as the standard terms alone may not satisfy regulatory requirements for data processor relationships.
Slack
· Slack Terms of Service
The incorporation of the DPA by reference creates binding obligations for both parties regarding personal data processing, particularly in relation to GDPR and other data protection regulations. This establishes the operational and legal framework under which customer data is processed and defines controller-processor responsibilities.
Cohere
· Cohere SaaS Agreement
The DPA structure is the primary mechanism through which GDPR, CCPA, and other data protection obligations are operationalized in the agreement; enterprise customers processing personal data through the API must ensure the DPA is executed and that its terms are consistent with their privacy compliance obligations.
OpenAI
· OpenAI API Data Usage Policies
A signed DPA is the primary contractual instrument establishing GDPR Article 28 compliance and CCPA service provider status; without it, enterprise customers may lack documented legal basis for processing personal data through OpenAI services.
Slack
· Slack Terms of Service
The incorporation of a DPA addresses regulatory requirements under data protection regimes such as GDPR and similar frameworks that require explicit contractual terms governing the processing of personal data. This establishes the legal framework for how customer data and end-user data are handled throughout the service relationship.
The privacy and data protection obligations that matter most for GDPR and CCPA compliance are in a separate document that is incorporated by reference but not reproduced here, meaning organizations must actively obtain and review the DPA to understand their full data protection obligations.
The DPA is a critical companion document for GDPR and CCPA compliance, but it is incorporated by reference rather than appended to the main agreement. Enterprise customers must review the DPA separately to understand their data protection obligations and Perplexity's commitments as a data processor.
The provision clarifies the operational framework for data handling compliance by designating a separate DPA as the governing instrument for regulated data processing and allocating the compliance obligation for pre-transfer authorization to the customer organization.
Asana
· Asana Privacy Statement
The DPA is the primary contractual document establishing Asana's data protection obligations to enterprise customers. Without a signed DPA, an organization may lack the contractual protections required by GDPR and similar regulations.
The DPA governs GDPR and CCPA compliance for personal data processed through HubSpot, and its terms and obligations are legally binding even though they are in a separate document that many customers may not have read.
This provision establishes that EU and UK data protection obligations are addressed in a separate contractual instrument rather than within the ToS itself, creating a multi-document compliance framework that requires users to locate, review, and execute the DPA separately.
The incorporation by reference establishes a separate contractual framework governing data processing obligations, liability allocation, and compliance responsibilities under European data protection law. This mechanism ensures that data processing activities are subject to statutorily-mandated terms rather than remaining within the general service agreement, affecting the regulatory compliance posture of both parties.
This clause establishes customer responsibility for the legal and procedural requirements of data processing under the Maps Platform. By allocating consent and disclosure obligations to the customer rather than Google, the provision defines the customer as the entity accountable for end-user privacy compliance in the deployment of Maps APIs.
Cohere
· Cohere SaaS Agreement
Data processing terms are operationally significant because they define the scope of information flows within the service architecture and establish the legal basis for Cohere's handling of customer inputs. This affects compliance obligations, data residency requirements, and the permissible uses of processed information.
The clause allocates data governance responsibilities between Shopify and merchants: Shopify's processing obligations are defined in a separate addendum, while merchants bear primary responsibility for upstream data rights and compliance with applicable privacy laws. This structure clarifies that merchants act as data controllers for customer information they provide.
As a payment processor handling card data, Checkout.com's data practices directly affect how sensitive financial information belonging to end customers is stored, processed, and protected.
The terms establish that personal data processing is governed by a separately incorporated DPA, which is the operative compliance instrument for GDPR and CCPA obligations; customers must review and understand the DPA to meet their legal data processing obligations.
Stripe
· Stripe Terms of Service
The clause establishes the operational framework for data handling by defining the scope of Stripe's authorized data processing activities and establishing privacy governance through referenced policies. It also allocates responsibility to the user to obtain necessary consents from their own customers for payment data processing.
For any organization processing personal data of EU residents or other protected individuals on GCP, the DPA establishes the legal framework for that processing and determines whether Google acts as a processor under your instruction or in another capacity.