This provision creates a dual governance structure for business-domain accounts where organizational administrators obtain administrative control and visibility into account activity. The clause establishes notice procedures but permits reduced notice where the organization has already informed the user of monitoring capabilities.
The clause establishes a disclosure framework that permits FanDuel to share user data with external organizations involved in sports governance and employment oversight, creating information-sharing channels beyond the platform itself for compliance and enforcement purposes.
Gusto
· Gusto Terms of Service
This allocation of responsibility establishes the operational boundary between Gusto's service obligations and user obligations regarding data accuracy and regulatory compliance. It defines which party bears financial consequences for errors in submitted payroll data.
Stripe
· Stripe Privacy Policy
This provision clarifies the scope of Stripe's data processing authority and the categories of personal data it handles on behalf of merchants. It establishes the operational framework for how customer information flows through Stripe's systems during transaction processing and service provision.
Stripe
· Stripe Privacy Policy
Many consumers who encounter Stripe only through third-party merchant checkouts may not realize that their direct rights against Stripe are limited in that context, and that they must contact the merchant to exercise certain privacy rights.
This provision places compliance obligations on account holders for conduct they did not directly perform, meaning that inadequate end-user controls can result in account suspension or termination even if the account holder personally did nothing wrong.
The terms reserve broad enforcement discretion including legal action, and acknowledge that EU and UK regulatory obligations require X to restrict categories of content beyond its own policy violations, which may result in content or account restrictions for users in those jurisdictions regardless of X's own policies.
This provision establishes the data-sharing framework for enterprise subscription arrangements, defining what learning metrics the employer customer gains access to for workforce development and compliance purposes.
This provision operationally defines the scope of administrative access within enterprise deployments, establishing that account data and generative outputs fall within the category of information administrators can access and manage as part of account administration.
This provision states that employer-side administrators have potential access to individual users' Prompts and Outputs, which may include sensitive code, business logic, or personal queries entered during work sessions.
This provision establishes that employers or educational institutions sponsoring platform access may receive identifiable learner performance data including assessment results, which creates operational implications for employee privacy expectations and institutional data governance obligations. The scope of permissible disclosure to enterprise customers warrants evaluation under applicable employment privacy laws, FERPA, and GDPR depending on the jurisdiction and nature of the sponsoring organization.
GitHub
· GitHub Privacy Statement
This provision clarifies the data governance structure within organizational deployments, allocating responsibility and control authority between GitHub and the organization, which affects compliance obligations and data handling authority within the enterprise context.
Enterprise customers cannot rely on this policy for any assurances about how their end-user data is handled; they need to review their separate data processing agreement with PlanetScale.
Cursor
· Cursor Privacy Policy
Employees or users whose accounts are provisioned by an organization may not have the same rights or protections described in this policy; their data rights depend entirely on the terms of the agreement between their employer and Anysphere.
PayPal
· PayPal User Agreement
The provision establishes reporting obligations that function as a condition to PayPal's liability framework for unauthorized transactions. The immediate notification requirement and emphasis on telephonic contact create a procedural mechanism designed to limit potential exposure by enabling rapid account suspension and transaction reversal.
This provision defines Microsoft's regulatory compliance obligations under EU law and establishes the institutional framework through which the company will implement AI Act requirements across its product portfolio and service delivery. It affects how Microsoft structures AI system governance, documentation practices, and user-facing disclosures in EU markets.
Apple
· Apple App Store Review Guidelines
This provision establishes a regulatory framework for EU developers that creates procedural pathways for alternative distribution and payment processing while preserving Apple's authority to set fee structures and compliance requirements for transactions processed outside its system.
The clause recognizes statutory rights under GDPR and equivalent frameworks while simultaneously disclosing that personal data processing may occur in jurisdictions with lower data protection standards. This creates a dual framework where users have formal rights to exercise but data handling extends to territories where those protections may not apply.
The provision establishes dual operational frameworks: it preserves users' statutory rights under GDPR and equivalent data protection regimes, while simultaneously authorizing cross-border data transfers to the United States where different legal protections apply. This creates a structural tension between retained statutory rights and the contractual authorization for extraterritorial processing.
The provision defines Eventbrite's operational role and liability scope depending on which payment processing method the organizer selects, establishing whether Eventbrite maintains direct control over transaction processing or functions as a conduit for payment information transfer.
Many of the most significant harms from credit reporting errors, such as a denied loan, job rejection, or higher interest rate over years, are consequential damages that this clause attempts to exclude from any recovery.
The agreement explicitly excludes recovery for lost data and business interruption, which are among the most likely and significant harms that could arise from a cloud platform failure; this provision operates in tandem with the 12-month fee cap to define the outer boundary of Snowflake's financial exposure.
This clause establishes that free-tier inputs become subject to broad secondary use rights by the service provider, extending beyond the immediate service delivery to include public dissemination and derivative work creation. The perpetual and irrevocable nature of the license means these rights are retained even after user-generated inputs are incorporated into the service's outputs or data aggregates.
Amazon
· AWS Acceptable Use Policy
This clause places the compliance burden for export control and sanctions screening on the customer, meaning organizations using AWS to process, store, or transmit data or technology must independently verify their activities comply with EAR and OFAC requirements.
Stripe
· Stripe Acceptable Use Policy
This provision places an affirmative obligation on users to comply with applicable export control laws when transferring or moving any software or technology associated with the End User Services, with specific reference to encryption software, which is subject to export licensing requirements under U.S. and other national export control regimes.
The agreement places affirmative export compliance obligations on the licensee, meaning organizations deploying or distributing NIM internationally bear legal responsibility for verifying that their use does not violate U.S. Export Administration Regulations or OFAC sanctions.
Stash
· Stash Privacy Policy
The collection of these data categories establishes the informational scope necessary for Stash to operate financial services and identity verification functions. The breadth of financial account credentials and government-issued identification data represents the core informational inputs required for account establishment and ongoing account management.
The collection framework establishes the informational foundation for regulatory compliance, account verification, and anti-money laundering obligations. The provision ties data collection to both user-initiated feature selection and applicable legal requirements, creating conditional collection triggers based on jurisdictional obligations and service tier access.
The provision establishes a broad data collection framework that captures real-time device state information and precise location data across multiple signal types, enabling the service to maintain detailed records of user device configurations and geographic positioning during service use.
The collection scope establishes the data foundation necessary for Coinbase to fulfill regulatory compliance obligations under financial services laws. The breadth of data categories—including government-issued identification, financial account numbers, and tax identification—enables the verification procedures required by law for cryptocurrency exchange operations.