Webull
· Webull Privacy Policy
These rights are legally enforceable under California law and give California-based investors meaningful control over their financial and personal data held by Webull.
California's CCPA and CPRA provide some of the strongest consumer data rights in the US, and TurboTax users in California can meaningfully restrict how their sensitive tax data is used beyond the core filing service.
These rights are legally enforceable under California law and include a non-discrimination guarantee, meaning Squarespace cannot penalize you for exercising them, which is a meaningful consumer protection.
California residents have legally enforceable data rights under CCPA that go beyond what users in other US states may have, including the right to know exactly which categories of personal data are collected and shared.
Auth0
· Auth0 Privacy Policy
CPRA significantly expanded California privacy rights including the right to correct inaccurate data and limit use of sensitive personal information, and Okta's acknowledgment of these rights means California residents have concrete, enforceable options beyond what users in other US states may have.
These rights are enforceable under California law and give California residents meaningful control over their personal data held by Calendly, including the ability to stop data sharing with advertising partners.
California residents can exercise rights under CCPA including data access, deletion, and opt-out of sale, and the policy provides a direct contact mechanism at privacy@langchain.dev for submitting these requests.
These rights are legally enforceable under California law and provide California residents with more control over their data than users in most other US states, including the right to stop Dropbox from sharing their data for advertising purposes.
Yelp
· Yelp Privacy Policy
These are legally enforceable rights under California law that give California residents meaningful control over their personal data held by Yelp, including the ability to stop their data from being shared with advertising partners.
Bumble
· Bumble Terms and Conditions
This is a legally mandated consumer protection right for California residents that provides a guaranteed refund window, but the process differs depending on which platform you used to subscribe, and missing the three-business-day deadline eliminates this specific refund right.
Carbon emissions disclosure in model cards engages emerging ESG reporting frameworks and provides organizations integrating AI models with data relevant to their own sustainability reporting obligations.
The clause operationalizes statutory CCPA obligations by designating a contact mechanism and specifying the four core rights California residents may exercise under state law, establishing the procedural pathway for rights assertion.
Calm
· Calm Privacy Policy
Under California privacy law, entities offering financial incentives must disclose the collection practices, provide opt-in and opt-out mechanisms, and establish that the value exchange is reasonably related to the personal information collected. This provision satisfies CCPA disclosure requirements by detailing the personal information categories collected and establishing that incentive values are proportionate to data collection.
This provision preserves Supabase's operational flexibility to adapt privacy practices in response to regulatory changes, business operations, or service modifications. It establishes that privacy policy modifications do not require affirmative user agreement before taking effect.
Google
· Google Terms of Service
The agreement sets a 15-day minimum notice period for material changes, but carves out new service launches and urgent situations from this requirement. Users who disagree with updated terms must stop using services and remove their content.
Non-material changes to the privacy policy can take effect with only a date change and no direct notification, meaning users who do not regularly review the policy may miss changes that affect their data practices.
Microsoft
· Microsoft Privacy Statement (Legacy)
The statement commits to notifying users of material changes before they take effect, either by posting a prominent notice or sending a direct notification, which is relevant to users who want to track when and how Microsoft's data practices change.
This provision establishes operational eligibility conditions for boarding that, if unmet, authorize American to deny transportation and may affect the passenger's ability to seek compensation or rebooking. Cutoff times vary by route and airport and are published separately from the CoC itself.
COPPA requires verifiable parental consent before collecting personal information from children under 13. However, given that Equifax holds credit and financial data about minors in certain contexts (such as authorized user accounts or identity theft protection services for families), the interaction between this disclaimer and actual data practices warrants attention.
The policy establishes an age-based restriction on data collection consistent with COPPA in the US; the restriction applies to services not directed at children, but does not address the full range of minors' privacy protections under GDPR Article 8 or state laws that apply to users under 16 or 18.
The 16-year age threshold is consistent with CPRA requirements and several state privacy laws, though the US federal COPPA standard applies to children under 13 for certain online services.
This provision establishes Zendesk's age threshold at 16 for data collection purposes, engaging COPPA requirements in the US for children under 13 and GDPR Article 8 requirements for children under 16 in EU member states that have not lowered the threshold, which varies by country.
The policy sets a minimum age of 16 rather than the COPPA threshold of 13, which means it applies a stricter age threshold for consent purposes; this is operationally relevant for GDPR compliance, which sets the digital consent age at 16 (with member state variation down to 13).
The policy sets 13 as the minimum age and commits to deleting data from younger users, but does not describe verification mechanisms, which is relevant for platforms that may be accessed by minors.
If a child under 13 creates a ClickUp account, the company commits to deleting that data, but enforcement depends on ClickUp detecting the underage user, which may not always occur in practice.
While standard for most platforms, developers using Vercel to build consumer applications that may reach children should be aware that Vercel's own child data protections apply only to platform accounts, not to end users of their deployed applications.
Ledger
· Ledger Privacy Policy
Children's data provisions are operationally significant because they establish compliance frameworks with children's privacy regulations (such as COPPA in the United States) and define the procedural requirements for lawful data processing when minors are involved. This provision determines Ledger's consent and notification obligations to parents or guardians.
The 16-year age threshold is stricter than COPPA's 13-year requirement in the US, but parents or guardians whose children may have accessed Smartsheet should know the service is not intended for minors.
RunPod
· RunPod Privacy Policy
This provision reflects RunPod's compliance framework with the Children's Online Privacy Protection Act (COPPA) and similar age-restriction requirements. It establishes the operational parameters under which RunPod collects and manages data from minors.
This provision establishes HubSpot's operational compliance framework regarding collection of data from minors under 16. The clause reflects regulatory requirements under children's privacy statutes and establishes the company's protocol for handling inadvertent collection of such data.