AI training on customer-submitted data is a growing area of regulatory scrutiny, and the scope of what data may be used and under what legal basis is not fully specified in the notice, creating ambiguity for enterprise customers evaluating data governance risk.
Zoom
· Zoom Privacy Statement
This provision establishes a stated restriction on using meeting content for AI model training, which is directly relevant to enterprise and institutional customers with confidentiality or data use obligations. The distinction between 'customer content' covered by this restriction and other data categories used for AI improvement is a material interpretive boundary that compliance teams should assess against their contractual requirements.
The collection of AI interaction prompts and transcripts means that the content of your conversations with Spotify's AI features is stored as personal data, which may be used for service improvement, personalization, or other stated purposes and is subject to the policy's data sharing and retention terms.
Miro
· Miro Privacy Policy
The existence of a separate AI Terms Addendum means that users of Miro's AI features are subject to additional data processing terms that must be reviewed in conjunction with the privacy policy to assess the full scope of AI-related data handling.
The existence of a referenced AI governance framework is relevant to customers using Snowflake's AI or machine learning features, as it may define how AI outputs, data used for model training, and related obligations are governed.
Users submitting potentially sensitive business, technical, or personal information to Cerebras AI services may rely on this commitment as a data minimization assurance, though the policy does not describe the technical controls or audit mechanisms that implement it.
TikTok
· TikTok Privacy Policy
AI interaction inputs may contain highly personal, sensitive, or proprietary information; the policy states this data is also used to train and improve machine learning models and algorithms, and to scan and analyze AI interactions and associated metadata for enforcement purposes.
The opt-out mechanism does not fully prevent your conversations from being used to train AI models, because two significant carve-outs apply regardless of your settings choice.
Users uploading personal images, videos, or sensitive text may not expect that content to contribute to AI model development, and no specific opt-out for this use is described in the policy.
Users may not expect that their creative prompts and generated images become training data for an AI system, and there is no clearly described opt-out mechanism for this specific use within the policy.
Cohere
· Cohere Privacy Policy
This provision determines whether the prompts, documents, and queries you submit to Cohere's AI services are retained and used to further develop Cohere's models, which has implications for confidentiality of submitted content and data minimization obligations.
Cursor
· Cursor Terms of Service
This provision establishes that the default position is no use of user content for AI training, which is a contractually explicit opt-in framework rather than a passive opt-out arrangement.
This means the opt-out is not absolute: any conversation that triggers a safety review can be retained and used for model training even if you have explicitly chosen not to contribute your data, and users have no visibility into when or why a conversation is flagged.
The terms authorize Google to use conversation content for AI model training and product improvement, which means information submitted in conversations may inform future AI outputs and training datasets. The policy's advisory against submitting confidential information confirms the operational scope of this use.
Users of generative AI platforms have a reasonable expectation that their creative inputs are used to produce outputs for them, not necessarily to train the underlying AI systems. This provision extends the use of user data beyond the immediate service transaction.
This provision determines whether the content of your interactions, including text prompts, uploaded files, and feedback, may be incorporated into future AI model development, which has implications for confidentiality of the information you share.
Windsurf
· Windsurf Security & Data Handling
The document states that data may be routed to third-party AI inference providers regardless of which model the user has explicitly chosen, which means users may not have full visibility into which providers receive their code or conversation data.
This provision discloses that personally identifying user inputs are processed by AI-powered features, but the policy as excerpted does not address whether those inputs are used for model training, retained beyond immediate use, or processed by third-party AI infrastructure providers. This gap in disclosure is operationally significant for GDPR compliance (Articles 13 and 14 transparency requirements) and for enterprise and developer users of Epic's tools who may submit proprietary or sensitive information.
This provision establishes that AI support tool interaction data, including both user prompts and system-generated responses, is retained as part of the Service's data collection. This creates a data category that may require separate assessment under GDPR, CCPA, and emerging AI governance frameworks, particularly if users inadvertently include sensitive personal information in prompts.
AI-generated scores and ratings produced by D&B may influence credit decisions, business risk assessments, and professional due diligence about individuals, making the governance of these systems material to both individuals and the organizations that rely on D&B data.
Cursor
· Cursor Privacy Policy
The security review exception means that Inputs flagged for Terms of Service enforcement purposes may be analyzed by Anysphere, which is a conditional pathway that applies even without the user's explicit consent to training use.
Cursor
· Cursor Privacy Policy
This clause defines the operational scope of model training practices by establishing default non-use of user-generated content for training purposes and creating exceptions only for security analysis, user-initiated feedback, or affirmative consent. The provision creates an opt-in framework rather than opt-out, which affects data handling procedures and third-party data sharing policies.
Yelp
· Yelp Privacy Policy
This clause means your publicly posted reviews and photos, as well as private AI chat inputs and outputs, can be used to improve Yelp's commercial AI products without additional compensation or separate consent beyond using the service.
This clause operationalizes Instacart's compliance obligations under alcohol sales regulations by placing verification responsibility on the delivery stage and establishing the merchant's authority to reject orders that fail age verification procedures.
Twitch
· Twitch Privacy Notice
As an Amazon subsidiary, Twitch's data collection exists within a large corporate ecosystem; the relationship means data sharing within the Amazon affiliate group may occur and users should understand that Twitch's data practices connect to a wider set of Amazon services.
This provision authorizes automated access to user files and connected codebases for advertising purposes, which is operationally distinct from standard developer tool privacy practices and may be relevant for users storing sensitive or proprietary code.
The use of Google Analytics means your browsing and usage data from Uniswap Labs products is also transmitted to Google, and your contact information may be used for promotional communications from Uniswap Labs and third-party partners.
Chime
· Chime Privacy Policy
This provision establishes the operative scope of opt-out rights available under federal privacy law, defining which sharing practices fall within permissible categories that consumers may limit. The acknowledgment of state law variations creates a framework where Chime's actual restriction obligations may exceed the federal baseline described here, depending on applicable state regimes.
Stash
· Stash Privacy Policy
This carve-out is broad: if Stash's anonymization process is incomplete or reversible, data that the company treats as outside the policy's protections could still be linked back to you, and you would have no privacy rights over it under this policy.
OpenAI
· OpenAI API Data Usage Policies
This provision establishes the primary data use boundary for enterprise and API customers, directly affecting purpose limitation and data minimization compliance under GDPR and equivalent frameworks. The default exclusion from model training is a material operational distinction from consumer-tier ChatGPT accounts, where different terms may apply.