The policy states that personal data from EU and UK users may be transferred internationally and that Standard Contractual Clauses are the stated mechanism, which matters because the adequacy of these mechanisms for transfers to certain jurisdictions may require ongoing assessment under post-Schrems II guidance.
Stripe
· Stripe Privacy Policy
International data transfers are subject to legal requirements in the EU, UK, and other jurisdictions, and the adequacy of Stripe's transfer mechanisms directly affects whether EU and UK user data is protected to required standards when processed outside those regions.
International data transfers are a key area of GDPR enforcement and EU users should be aware that their data may be processed in countries with different privacy standards, though Synthesia asserts it uses approved transfer mechanisms.
Lime
· Lime Privacy Policy
For EU, UK, and other international users, this means their personal data including location history may be transferred to a jurisdiction with a different privacy legal framework, and the adequacy of the transfer mechanisms protecting that data is not detailed in the notice.
Transferring personal data out of the EEA to the United States means your data is subject to US law, including potential government access requests, and the adequacy of the transfer mechanism may be subject to legal challenge.
For users in the EEA, UK, and other regions with strong data protection laws, transferring data internationally can reduce the legal protections that apply to your personal information.
Tinder
· Tinder Privacy Policy
Data transferred to the US from the EU or UK may be subject to different legal protections, including potential access by US intelligence agencies under US surveillance law.
EU and UK users whose data is transferred to the United States or other countries must be protected by an appropriate transfer mechanism under GDPR; the policy does not specify which mechanisms Jasper relies upon in the available text.
For EU and UK users, the legal adequacy of data transfers to the US is an ongoing regulatory concern following the Schrems II decision, and the effectiveness of Standard Contractual Clauses depends on accompanying transfer impact assessments.
Grindr
· Grindr Privacy Policy
For EU and UK users, transferring sensitive personal data to the US without adequate transfer mechanisms can violate GDPR and create legal exposure for Grindr and reduced rights protections for users.
Reddit
· Reddit Privacy Policy
When your data is transferred from the EU or UK to the US, it moves to a jurisdiction with different privacy protections, and the adequacy of Reddit's transfer mechanisms is subject to ongoing legal challenges that could affect the lawfulness of processing.
Klarna
· Klarna Privacy Policy
When your data is transferred outside the EU or UK, it may be subject to government access or privacy standards that are different from those in your home country, even if contractual protections are in place.
GitHub
· GitHub Privacy Statement
Data leaving the EU or UK for the US is subject to different legal protections, and the validity of the transfer mechanisms GitHub uses may affect your privacy rights in practice.
Fiverr
· Fiverr Privacy Policy
Data transferred outside the EU may receive weaker legal protections, and users should understand that their data may be subject to access by US authorities under laws like the CLOUD Act.
OpenAI
· OpenAI Privacy Policy
Data transferred to the US is subject to US law, including potential government access under national security frameworks, which may offer different protections than those in users' home countries.
Okta
· Okta Privacy Policy
EU, UK, and Swiss users' personal data is being transferred to the United States, and the legal validity of that transfer depends on Okta's correct implementation of the current SCCs, which were updated in 2021 and require accompanying transfer impact assessments.
Canva
· Canva Privacy Policy
Cross-border data transfers involving EU personal data require legally adequate safeguards under GDPR. Canva's reliance on Standard Contractual Clauses is a recognized mechanism but requires accompanying Transfer Impact Assessments under post-Schrems II obligations, and compliance with these requirements cannot be verified from policy text alone.
Cursor
· Cursor Privacy Policy
The policy references legally valid transfer mechanisms for EEA and UK data transfers but does not name the specific mechanism (such as Standard Contractual Clauses), which limits the ability of EEA or UK users to evaluate the adequacy of those protections without making a direct inquiry.
Stripe
· Stripe Privacy Policy
EU and UK users' data is transferred internationally and protected by contractual safeguards, but those safeguards have faced legal challenges and may be subject to US government surveillance laws.
After the Schrems II ruling, Standard Contractual Clauses alone are no longer automatically sufficient — DocuSign must also conduct Transfer Impact Assessments to verify US government access to data doesn't undermine EU protections.
Hinge
· Hinge Privacy Policy
EEA and UK data protection laws require that your data only be sent to countries with equivalent privacy protections, and transfers to the US must be covered by specific legal safeguards such as Standard Contractual Clauses.
ADP
· ADP Privacy Statement
BCR are a recognized but operationally complex transfer mechanism. If regulators in any country determine that BCR do not provide adequate protection, data transfers relying on them could be suspended, potentially disrupting payroll and HR services.
EU, UK, and Swiss users should know their data may be transferred to the United States, but Google states it uses legal transfer mechanisms to maintain applicable protections.
Figma
· Figma Privacy Policy
EU and UK users' personal data is processed by Figma in the US, and the adequacy of the transfer mechanism used is subject to ongoing regulatory scrutiny, meaning users should understand that their data crosses borders and the legal protections that apply.
Cross-border data transfers are a significant regulatory concern under GDPR, and the adequacy of SCCs as a transfer mechanism is subject to ongoing legal scrutiny and enforcement, meaning the lawfulness of these transfers could be challenged by regulators.
Fastly
· Fastly Privacy Policy
Cross-border transfer mechanisms are a significant area of GDPR enforcement, and the adequacy of Standard Contractual Clauses depends on whether the destination country provides essentially equivalent protection. Organizations relying on SCCs may also need to conduct Transfer Impact Assessments.
Fitbit
· Fitbit Privacy Policy
For EU and UK users in particular, transferring health data to the US may not carry the same legal protections as data kept within the European Economic Area, depending on the safeguards Fitbit uses.
Uber
· Uber Privacy Notice
Cross-border transfers of sensitive driver data (including biometrics, criminal records, and location data) to the US mean this data is subject to US government surveillance programs and may have less robust legal protection than in the EU — Standard Contractual Clauses alone may not fully address this risk post-Schrems II.
The policy states that personal information may be transferred and processed outside the user's home jurisdiction, including outside Australia, Canada (and Quebec specifically), New Zealand, and the United States, without specifying the legal mechanisms used to authorize those transfers.
Data collected when you watch Disney+ may be combined with information from your theme park visit, retail purchase, or call center interaction, building a detailed cross-context profile that can be used for advertising and personalization.