The provision operationalizes parental supervision by granting account administrators the authority to regulate which users can communicate with the child through the platform. This mechanism establishes the procedural framework for guardian-controlled contact management as a core service feature.
This provision establishes a specific data disclosure mechanism in which teen usage data, including session duration and character interaction records, is transmitted to a third-party email address (the parent or guardian) on a weekly cadence. The data categories disclosed, time spent and top characters interacted with, may constitute personal information subject to applicable privacy and children's data protection frameworks.
A parent could be held liable for purchases a child makes through Google Pay, and by allowing access, they are also making a legal representation about the child's authorization to use the stored payment cards.
Your financial information, including payment card details, is shared with third-party processors and OnlyFans subsidiaries, expanding the circle of entities that hold your sensitive financial data.
Even after you delete your account, Airtable retains and can continue to use behavioral and usage data derived from your activity, which may include information that could be used to profile users or inform product decisions.
Users who opt out of personalization may reasonably expect all profiling to stop, but the policy clearly states that profiling continues for operational purposes such as fraud prevention, which means your behavioral data is still analyzed by automated systems regardless of your preference settings.
Roblox
· Roblox Privacy and Cookie Policy
This provision authorizes collection of IP addresses and device identifiers from child users under the COPPA internal operations exception, which permits such collection without verifiable parental consent when limited to the specified purposes. The inclusion of contextual advertising within the permitted internal operations is a notable disclosure, as COPPA's internal operations exception does not permit behavioral advertising to children.
The 'without undue delay' notification standard aligns with GDPR Article 33's 72-hour supervisory authority notification requirement, but the DPA does not specify a fixed notification deadline to customers. The non-admission clause is standard but means breach notification alone cannot be used as evidence of liability in subsequent disputes.
This provision documents the scope of personal data categories Zendesk collects as a controller, including inferred profile data, which engages CCPA/CPRA disclosure requirements and GDPR Article 13 transparency obligations.
This provision establishes the scope of data collection across Minecraft services. The integration of Microsoft account data means that Minecraft-specific data collection is linked to Microsoft's broader account ecosystem, which may include cross-service data associations depending on account configuration.
The policy discloses collection of a broad range of identifiers and behavioral data in addition to account information, which is relevant for users assessing their data footprint with the service.
The scope of data collected includes both identifiers and the substantive content of user interactions, meaning OpenAI retains records of what users type, upload, and discuss across its services.
The policy states that a broad range of personal identifiers may be collected, and the phrase 'may include, but is not limited to' means the listed categories are not exhaustive.
Knowing exactly what categories of data are collected helps you assess the scope of your privacy exposure and whether the collection is proportionate to the service provided.
Microsoft
· Microsoft Privacy Statement (Legacy)
The statement describes a broad range of collected data categories including identifiers, device and configuration data, browsing and search history, location data, voice and audio recordings, and content and communications, which affects users across all Microsoft products and services.
Egnyte
· Egnyte Privacy Policy
Understanding what data Egnyte collects helps you assess what personal information is being stored and potentially used for marketing, product analytics, or shared with third-party services.
This provision establishes the categories of personal data Smartsheet collects, which determines the scope of applicable data subject rights, retention obligations, and third-party sharing disclosures required under GDPR, CCPA, and other frameworks.
Writer
· Writer Privacy Policy
This provision establishes the categories of personal information Writer collects directly, which forms the basis for applicable GDPR, CCPA, and CPRA data subject rights obligations and data mapping requirements for enterprise compliance teams.
Authentication logs are sensitive because they reveal patterns of behavior, work hours, device usage, and application access, and this data is collected automatically every time you log in using Duo.
Auth0
· Auth0 Privacy Policy
The breadth of data collected, spanning identifiers, behavioral signals, and inferred profiles, means Okta is building a fairly detailed picture of users who visit its websites or use its marketing properties, which is used for targeted advertising and product development.
Cohere
· Cohere Privacy Policy
This provision defines the scope of personal data collection and establishes that content submitted through the service is collected alongside standard account identifiers, which is relevant to understanding what data Cohere holds about you.
Rumble
· Rumble Privacy Policy
This provision establishes the foundational scope of data collection across Rumble's platform, covering both voluntarily provided data and behaviorally generated data such as viewing history and search queries, which are categories relevant to targeted advertising and data sharing disclosures elsewhere in the policy.
Udemy
· Udemy Privacy Policy
This provision establishes the categories of personal data subject to Udemy's processing activities and defines the informational scope of downstream data uses including advertising, analytics, and service improvement disclosed elsewhere in the policy.
Fiverr
· Fiverr Privacy Policy
The breadth of data collected, spanning identity, financial, behavioral, and device-level information, means Fiverr holds a detailed profile of each user that extends well beyond what is needed to process a transaction.
The breadth of collection sources means that even data you did not actively provide to Microsoft may be held and used, including data obtained from third parties, which many users may not anticipate.
Ledger
· Ledger Privacy Policy
For cryptocurrency hardware wallet users, the combination of identity data and purchase records effectively signals asset ownership, creating a risk profile that goes beyond typical retail data collection.
Upwork
· Upwork Privacy Policy
The breadth of data collected, including financial and payment data alongside identity and communications information, means Upwork holds sensitive personal information that could cause harm if improperly disclosed or breached.
Because Apple products are tightly integrated, data collected across your iPhone, Apple Watch, iCloud, App Store, and other services can be associated together, creating a detailed profile that spans your health, finances, location habits, and device usage.
This provision establishes two distinct personal data sharing flows: transaction-related sharing of name and email with Content Providers governed by each Provider's independent privacy policy, and transmission of device-level SIM identifiers to mobile carriers for billing eligibility. Under this clause, the data protection standards applicable to shared information vary by recipient and are not uniformly governed by Google's Privacy Policy.
Your personal data is shared with third-party content providers whose privacy practices may differ from Google's, and by accepting these terms you agree to that data sharing without necessarily reviewing each provider's privacy policy.