Fastly
· Fastly Terms of Service
This provision creates a multi-document framework for data governance by incorporating privacy obligations by reference rather than specifying them within the main service agreement. It establishes that actual data processing requirements are defined in separate, potentially negotiated documents (the Privacy Policy and DPA) rather than solely in the Terms.
AWS
· AWS Customer Agreement
The Data Processing Addendum is a separate document that must be actively executed by customers who process personal data subject to GDPR or similar frameworks; it is not automatically incorporated into the main agreement.
Vercel
· Vercel Terms of Service
The incorporation by reference mechanism makes privacy obligations enforceable as part of the contractual agreement, while the DPA requirement establishes a conditional obligation for certain jurisdictions to formalize data processor roles and responsibilities under regulatory frameworks.
This clause allocates data protection compliance responsibilities to the customer rather than Google, establishing the customer as the party responsible for ensuring lawful processing and user transparency. The incorporation of the Data Processing Addendum creates a separate contractual framework governing the specifics of data handling obligations.
The clause creates a binding framework for how personal data is handled during service delivery by making a separate data protection document an enforceable part of the primary service agreement. This establishes specific compliance requirements and allocates data processing responsibilities between the parties.
Auth0
· Auth0 Terms of Service
Auth0 handles login credentials, authentication tokens, and user identity information for the end users of its customers' applications, making the data processing terms central to GDPR, CCPA, and other privacy law compliance for those businesses.
Fastly
· Fastly Terms of Service
Customers handling personal data subject to GDPR, UK GDPR, or CCPA need a Data Processing Addendum to meet their legal obligations, but this document indicates it is not automatically part of the agreement and must be separately requested.
Neon
· Neon Terms of Service
The provision creates a structured allocation of data protection obligations between Neon and its customers. By incorporating the DPA by reference, the clause establishes that data processing terms are documented in a separate agreement and that customers retain responsibility for compliance with applicable data protection laws and notification requirements.
Stripe
· Stripe Terms of Service
The incorporation of the DPA establishes a framework that specifies how each party must handle Personal Data processing, including mechanisms for international data transfers. This creates enforceable obligations for data handling practices that supplement the primary service agreement.
The provision defines the scope and mechanics of data handling within Segment's platform infrastructure. It establishes the operational framework under which customer data is processed and classified for analytics and segmentation purposes.
This provision governs the scope of Perplexity's rights to use enterprise-submitted data, which is a primary compliance consideration for organizations deploying AI platforms that process employee queries, customer information, or proprietary business data.
This provision determines where legal accountability sits for end-user data. Because the business deploying Mixpanel is the data controller, end users must direct data rights requests such as access, deletion, and opt-out to the deploying business, not to Mixpanel.
Cohere
· Cohere Enterprise Data Commitments
Data residency options are operationally significant for enterprises subject to data localization laws or contractual requirements restricting cross-border data transfers. The availability of these options depends on Cohere's infrastructure and the specific regions offered.
Plaid
· Plaid End User Privacy Policy
Secondary use of financial transaction data for Plaid's own benefit (product development, analytics) is a purpose that goes beyond what you likely intended when connecting your bank account to a specific app, and the adequacy of de-identification for longitudinal financial data is an open technical and legal question.
The provision defines the foundational scope of the privacy framework governing data handling practices across Binance.US and affiliated entities. It establishes that the Privacy Policy applies to the full corporate group rather than a single legal entity.
Plaid
· Plaid Terms of Use
This provision defines the operational scope of data persistence within Plaid's systems and establishes the regulatory and business bases that govern retention duration. The framework creates distinct retention periods based on service necessity versus legal or accounting obligations, which determines how long personal information remains subject to processing.
The provision operationalizes data retention by establishing multiple retention triggers—account activity status, service delivery requirements, legal compliance obligations, and dispute resolution needs—which extend the retention period beyond active use. This structure creates ongoing data stewardship responsibilities and establishes the framework for biometric data management tied to avatar functionality.
The clause establishes a data sharing practice for advertising purposes as a standard operational term, while creating a compliance pathway for California residents under applicable state privacy law requirements.
The clause operationalizes Paramount+'s obligations under California privacy law (CCPA/CPRA) by creating a documented process for opt-out requests and establishing that the company will cascade opt-out instructions to third parties in its service provider and partner network.
The notice's acknowledgment that Walmart Connect data flows may constitute a 'sale' or 'sharing' under CCPA/CPRA triggers opt-out rights for California residents and GPC signal recognition obligations for Walmart's digital properties.
The opt-out right is meaningful but requires affirmative action on every browser and device separately, and users outside the listed 19 states may have no enforceable opt-out right under this policy regardless of their preferences.
The provision operationalizes user choice regarding data commercialization by conditioning the availability of opt-out functionality on affirmative user action through a specific portal. The requirement for per-site, per-device renewal and cookie-dependent persistence creates ongoing administrative obligations for maintenance of the opt-out preference.
The provision outlines T-Mobile's operational cybersecurity framework and the mechanisms through which the company implements security measures. It establishes that the company's cybersecurity program operates on a continuous basis and incorporates third-party testing and employee training as part of its security infrastructure.
This provision establishes Equifax's security obligations and the standard of care (reasonable measures rather than absolute protection) applicable to personal information in its possession. The clause operationalizes breach notification requirements under applicable state and federal law as a contractual obligation, defining the scope of Equifax's security commitments and the regulatory threshold triggering user notification.
T-Mobile has experienced multiple significant data breaches affecting tens of millions of customers, making this provision's practical meaning directly relevant; the commitment to notify 'as required by applicable law' means the timing and scope of notification depends on jurisdiction-specific legal requirements, not a uniform standard.
This clause establishes FanDuel's position regarding the inherent security risks associated with digital information transmission and storage, placing the burden of understanding these risks on users prior to service use.
Runway
· Runway Privacy Policy
The provision clarifies Runway's position on data sharing disclosures and establishes an opt-out mechanism to comply with privacy regulations that require such choice for sales of personal information. It also acknowledges that certain browser tools or privacy signals may interfere with the opt-out functionality.
This provision establishes the operational framework for data continuity during corporate restructuring events. It clarifies that personal information held by Inflection AI may be transferred as an asset or business function to a successor entity without requiring separate user consent for the transfer itself.
Adobe
· Adobe Privacy Policy
The provision establishes the scope of third-party recipients of user data and specifies that behavioral data collected across Adobe properties may be transferred to advertising and marketing partners. This defines the operational data flow between Adobe and its advertising ecosystem partners.
Lyft
· Lyft Privacy Policy
This provision establishes the operational basis for Lyft's use of personal data in marketing activities and creates authorization for data sharing with third-party advertisers and marketing partners. It permits the use of inferred information about users, expanding the categories of data that can be deployed for advertising purposes beyond directly provided information.