This provision establishes Squarespace's compliance posture under COPPA and limits the platform's legal exposure for collecting children's data, though enforcement depends on Squarespace's ability to detect underage users.
Slack
· Slack Privacy Policy
This provision establishes Slack's stated compliance posture under COPPA and equivalent regulations, and provides a reporting mechanism if a child's data is believed to have been collected.
A clear restriction on children's use is required under COPPA for US-based services and equivalent laws in the EU (GDPR) and UK (Children's Code), and its presence indicates Supabase has considered age-related compliance obligations.
Canva
· Canva Privacy Policy
This provision operationalizes Canva's compliance framework with children's privacy regulations, including the Children's Online Privacy Protection Act (COPPA) in the U.S. and equivalent statutory regimes in other jurisdictions. It establishes the company's data handling obligations when it discovers non-compliant collection of minors' information.
Cursor
· Cursor Security Practices
This disclosure addresses data sovereignty concerns relevant to users and enterprises subject to regulations or policies restricting data flows to or processing by entities in certain jurisdictions; the qualification 'to our knowledge' at the sub-subprocessor level introduces a bounded uncertainty.
Clipboard content can include sensitive information such as passwords, bank account numbers, personal notes, or other data copied from other apps that is incidentally accessible during a TikTok action.
Automatic collection of IP address and location data means Perplexity builds a profile of your usage patterns even if you never create an account or actively provide personal information.
This is a meaningful consumer protection commitment that goes beyond a legal minimum, particularly relevant for users aware of data broker practices in the financial technology industry.
Stash
· Stash Privacy Policy
This provision establishes the operational framework for marketing communications and specifies the procedure by which users can manage their communication preferences within the platform's email system.
Uber
· Uber Privacy Notice
Communications submitted to customer support, including descriptions of incidents and personal information shared in that context, are collected and retained by Uber and may be used beyond the immediate support purpose.
This clause implements the GDPR Article 28(3)(b) personnel confidentiality requirement and is relevant to customers assessing insider risk controls within Perplexity's workforce.
OpenAI
· OpenAI Data Processing Addendum
This provision implements a standard GDPR Article 28(3)(b) requirement and provides operators with a contractual assurance that internal access to their data is subject to confidentiality controls. It does not specify the scope of access logging or auditing.
Users may not notice policy changes if they do not regularly check the policy page, yet the updated terms may apply to data already collected or to future data collection practices.
Klarna
· Klarna Privacy Policy
Knowing and exercising these rights lets you check what data Klarna holds about you, correct errors that might affect your credit assessment, and delete data you no longer want the company to retain.
Plaid
· Plaid End User Privacy Policy
Plaid's provision of a dedicated data portal is a notable consumer protection that allows you to see and delete the financial data Plaid holds, which is particularly important given how broadly Plaid's data collection reaches across the fintech ecosystem.
The policy grants access, correction, deletion, objection, and restriction rights to eligible users, with the applicable rights varying by jurisdiction, and directs users to a dedicated portal to submit requests.
The explicit acknowledgment of the right to complain to a data protection supervisory authority is a legally required disclosure under GDPR and reflects standard practice in jurisdictions with active regulatory oversight, giving individuals a meaningful enforcement pathway beyond D&B's own processes.
The provision operationalizes the exercise of statutory privacy rights by designating specific submission channels and establishing an identity verification requirement as a procedural prerequisite to fulfilling privacy requests.
Chime
· Chime Privacy Policy
Having a clear and specific contact channel for privacy rights requests is a practical requirement for exercising your CCPA rights or other data access and deletion rights; this provision gives you the specific contact details needed.
The policy states that deleted conversations remain on Anthropic's back-end systems for up to 30 days after user-initiated deletion, meaning personal data in those conversations is not immediately eliminated from all Anthropic systems.
Shareable conversation links can spread beyond your intended recipient without any access control, which means sensitive or personal information in a shared conversation could be viewed by unintended parties.
Ledger
· Ledger Privacy Policy
Analytics and advertising cookies collect behavioral data that may be shared with third-party platforms; the effectiveness of this control depends on whether the consent mechanism is properly configured to block tracking before consent is given.
Miro
· Miro Privacy Policy
The use of a separate Cookies Policy means that tracking technology practices are documented outside the main privacy policy, requiring users to review both documents to understand the full scope of data collection via cookies and similar mechanisms.
This provision establishes the tracking technology framework, including the categories of technical and behavioral data collected, and references a cookie consent tool as the primary mechanism for user control.
Tracking technologies collect behavioral and device data that can be used for analytics and targeted marketing, and users should review the Cookie Notice and adjust their preferences to limit tracking they are not comfortable with.
Cookies may be used to collect behavioral and technical data about website visitors, which can be used for analytics and marketing purposes, and the choice to block them involves a trade-off with website usability.
This provision establishes the technical mechanisms through which Amplitude collects behavioral and device data from website visitors and authorizes their use for advertising and personalization, which engages cookie consent requirements under EU and UK law and opt-out rights under CCPA/CPRA.
Replit
· Replit Privacy Policy
Cookies and tracking technologies may be used to collect behavioral and device data that is shared with advertising and analytics partners; browser-level cookie blocking is disclosed as a control mechanism, but the policy does not specify whether a cookie preference center or granular consent mechanism is available.
Writer
· Writer Privacy Policy
Marketing and analytics cookies may involve sharing your browsing and usage data with third-party advertising and analytics platforms, depending on your cookie settings.
Gusto
· Gusto Privacy Policy
Tracking technologies on a payroll and HR platform may capture behavioral data alongside sensitive employment information, and users may not be aware of the extent of this tracking.