This type of data sharing is what most privacy laws define as a 'sale' or 'sharing' triggering opt-out rights, meaning your online behavior may follow you across platforms unless you actively opt out.
This sharing with advertising partners constitutes a regulated activity under California's CPRA and requires an opt-out right for California residents; EU residents' consent is also required under GDPR for this type of tracking.
This sharing arrangement means your Grubhub activity can influence ads you see on completely unrelated websites and apps, and third-party partners may retain and use your data under their own separate privacy policies, which Grubhub does not control.
Zelle
· Zelle Privacy Policy
This provision means your browsing activity on zelle.com, including pages you visit and interactions you have, can follow you to other websites in the form of targeted advertisements.
Your browsing activity on Audible is transmitted to Amazon's centralised analytics infrastructure, meaning your audiobook interests and listening habits are aggregated into Amazon's broader consumer profile.
Linking accounts triggers automatic data sharing from third-party platforms to Epic that many users may not anticipate, and the combined data profile this creates is significantly richer than what users provide directly to Epic.
Your behavior on Threads contributes to a cross-platform profile Meta maintains about you, which is used to target advertising across all Meta services, not just Threads.
EA
· EA Privacy and Cookie Policy
Enabling Cross-Play shares your gaming identity with platforms beyond the one you are playing on, and those platforms' own privacy practices apply to the data they receive, which may differ from EA's policy.
Sharing data across Meta's family of companies means information you provide on Threads may be combined with data from Facebook, Instagram, and other Meta services to build a more comprehensive profile used for advertising and other purposes.
EA
· EA Privacy and Cookie Policy
Your gaming identity and activity data will be shared with multiple platform operators beyond EA, each governed by their own separate privacy policies, potentially expanding the reach of your personal data significantly.
Tax data is among the most sensitive personal information people share digitally, and this clause permits it to flow into advertising and product recommendation systems beyond the original tax-filing purpose.
Data you generate on Xbox may be linked to your identity across Microsoft's entire ecosystem — including search history, professional profile, and productivity data — creating a far more comprehensive profile than users may expect from a gaming platform.
Data sharing across Apple's extensive service ecosystem allows Apple to build detailed user profiles that are more comprehensive than what any single service would reveal, which could affect personalized advertising targeting and has implications for data minimization under privacy law.
Miro
· Miro Privacy Policy
The existence of a separate DPA means that individual and free-tier users may have fewer contractual data protections than enterprise customers who have negotiated or accepted a formal DPA.
As a financial platform, Robinhood collects highly sensitive data including investment patterns, banking information, and identity documents, and the scope of third-party data sharing creates privacy risks beyond what typical consumers expect.
In a corporate sale or bankruptcy, your personal data — including your conversation history — could be transferred to a new company with different privacy practices.
Your personal data — including your name, email, IP address, phone number, and location — could be disclosed to government authorities or a new company owner without your direct consent in these circumstances.
Notion
· Notion Terms of Service
EU/EEA organizations and any organization processing EU personal data through Notion must have a valid DPA in place under GDPR; the existence of a published Sub-processors list enables customers to assess third-party data sharing and object to new sub-processors.
Miro
· Miro Terms of Service
For business customers under GDPR or other data protection laws, the DPA is the operative legal instrument defining Miro's obligations as a data processor, and the subprocessors list determines which third parties may access the personal data you upload to Miro.
The DPA is the operative document for GDPR and CCPA compliance purposes, and its terms govern data controller and processor obligations, sub-processor authorization, and cross-border transfer mechanisms for personal data processed through Atlassian products.
The policy authorizes sharing of Threads personal data with Meta's family of companies for operational, advertising, and safety purposes, as well as with third-party partners, meaning data does not remain siloed within the Threads app.
Your banking data — including transaction history, balance information, and personal identifiers — can be shared with affiliate companies and third parties for marketing purposes, meaning your financial behavior may be used to target you with advertising or offers from entities beyond Bank of America itself.
Your personal data could end up with a company you have never interacted with and whose privacy practices you have not agreed to, potentially resulting in materially different data use than what Poshmark disclosed to you.
Medium
· Medium Privacy Policy
A corporate transaction could result in your personal data being controlled by a different company with different privacy practices, and this policy gives you no opt-out right in that scenario.
In a corporate transaction, the new owner of TikTok's data assets may have different privacy practices than TikTok, and users have no right under this policy to object to or withdraw from such a transfer.
A corporate acquisition could result in your genetic and family history data being controlled by a different company with different privacy practices, making the opt-out opportunity described here particularly important for sensitive data categories.
Your data — including driving behavior, location history, and biometric identifiers — could end up in the hands of entirely different companies with different privacy practices if GM undergoes a corporate transaction.
Figma
· Figma Privacy Policy
If Figma is acquired or merges with another company, your personal data and design content could be transferred to the new entity, which may have different privacy practices.
TikTok
· TikTok Privacy Policy
This provision states that user data may be transferred to a new or acquiring entity even during negotiation stages, before any transaction is completed, and without individual user notice or consent at the time of transfer.
Waze
· Waze Privacy Policy
A corporate acquisition could result in your Waze data, including years of location history, being transferred to a new owner with different privacy practices, and you may have limited ability to prevent this.