The collection of accessibility data enables Ticketmaster to process accommodation requests and fulfill regulatory compliance obligations in jurisdictions that require validation of accessibility needs. This mechanism supports the operational delivery of accessible ticketing services.
Gusto
· Gusto Privacy Policy
Health and benefits data is among the most sensitive personal information category, and its collection by a payroll platform creates potential obligations under HIPAA and heightened risks if exposed.
Gusto
· Gusto Privacy Policy
The clause establishes a dual data management structure where both employers and individual members have upload and access capabilities within the platform, creating a shared data repository that supports payroll, tax, and benefits administration workflows.
Fitbit
· Fitbit Terms of Service
The clause establishes the scope of health and biometric information Fitbit is authorized to acquire from users. This data collection forms the operational basis for the service's health tracking and analytics functions.
This provision identifies collection of health metrics that, while not covered by HIPAA in a consumer app context, are classified as sensitive personal information under CCPA/CPRA and subject to FTC guidance on health data. Menstrual cycle and reproductive health data have received specific regulatory and legislative attention since 2022.
Health and fitness data is among the most sensitive categories of personal information, and its collection through always-connected hardware means Peloton builds a detailed picture of your physical condition and activity over time.
The clause establishes the scope of health and performance data collection and defines permitted uses, including disclosure to third-party service providers. This provision determines what categories of biometric and activity information the platform captures and how that information flows within the service ecosystem.
The clause defines the scope and categories of health data that Apple's systems are authorized to process when users activate health-related features, establishing the operational basis for health data collection within the Apple ecosystem.
Apple
· Apple App Store Review Guidelines
This provision conditions App Store approval for health and medical apps on possession of applicable regulatory credentials, and prohibits monetizing HealthKit health data through advertising, providing a baseline protection for sensitive health information.
This provision creates a compound compliance obligation for health and pharmaceutical advertisers: obtaining Pinterest's internal authorization, satisfying applicable FDA or equivalent regulatory standards for promotional claims, and including required disclosures, with Pinterest's approval not constituting regulatory clearance.
Health and prescription data is among the most sensitive personal information, and its collection by a company that also operates digital advertising programs creates significant privacy considerations for consumers.
The clause establishes the operational scope of health data collection and processing within Walmart's pharmacy and health service operations. It defines the primary uses and legal parameters under which sensitive health information may be retained and utilized by the entity.
This clause establishes the operational framework under which Ticketmaster collects and processes health and safety data as mandated by law, specifying permissible uses (contact and government sharing) and data retention practices (regular deletion). It clarifies that such collection is conditional on legal requirement rather than discretionary.
Garmin
· Garmin Privacy Statement
This data is among the most sensitive personal information that can be collected, and its exposure, misuse, or breach carries significant personal and legal consequences, particularly for reproductive health data given the current legal environment in some U.S. states.
The clause defines the scope and categories of sensitive data collection Apple is authorized to perform, establishes opt-in mechanics for health data sharing, and identifies differential handling procedures for location and financial data. This delineates Apple's data collection authority and the governance framework for health research participation.
Fitbit
· Fitbit Privacy Policy
This provision establishes the scope of data collection that forms the operational foundation of the service. The enumerated data categories define what information Fitbit processes to deliver fitness tracking, health monitoring, and device functionality to users.
Health data is one of the most sensitive categories of personal information and its collection by an airline, including via third-party intermediaries, raises questions about how long it is retained, who it is shared with, and under what legal basis it is processed.
Noom
· Noom Terms of Service
The operational significance is that health data collected through the service is subject to Noom's standard data practices rather than regulated healthcare privacy requirements. This distinction determines which regulatory framework and contractual obligations govern the handling of health information provided by users.
This provision establishes the operational scope and authorization for health data collection practices across NBCUniversal's service ecosystem. It creates a framework for integrating third-party health data sources into the company's analytics and personalization infrastructure, defining what data categories the company is permitted to process and how that data may be combined with other information streams.
Calm
· Calm Privacy Policy
The provision establishes a data-sharing mechanism with platform-level health systems and defines the scope of permissible processing, limiting Calm's use of health app data to sleep metrics without inferential analysis for other health attributes.
Gusto
· Gusto Privacy Policy
The clause establishes the scope of health data that Gusto processes in its operational capacity as a benefits administrator, defining what categories of sensitive health information the platform handles in the course of providing benefits management services.
Apple
· Apple App Store Review Guidelines
This provision operationalizes Apple's gatekeeping authority over medical software by creating explicit review criteria and rejection triggers. It establishes that validation of claimed accuracy is a prerequisite for App Store approval rather than a post-deployment obligation.
Microsoft
· Microsoft Privacy Statement (Legacy)
This provision establishes the operational scope and legal framework for health data processing under Microsoft health products. By delegating detailed health data governance to a separate policy document, the provision creates a dual-policy structure that specifies collection, use, and handling practices specific to health information categories.
Microsoft
· Microsoft Privacy Statement (Legacy)
The clause establishes a document incorporation mechanism by reference, requiring users to consult additional policies to obtain complete information about data processing practices and state-specific privacy rights rather than relying solely on the legacy privacy statement.
Strava
· Strava Privacy Policy
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.
Whoop
· Whoop Terms of Use
The agreement discloses collection of a range of physiological and biometric-adjacent data categories on a continuous basis; the handling of this data is governed primarily by the Privacy Policy rather than these Terms, and the Terms incorporate the Privacy Policy by reference without reproducing its data sharing or retention provisions here.
This provision establishes the operational scope of health data collection through digital channels, specifying which categories of sensitive health information are collected and through which platform mechanisms, which defines the data processing activities disclosed in the privacy policy.
The clause creates mandatory procedural controls for high-risk advisory applications by requiring human professional gatekeeping and consumer-facing transparency. These requirements establish operational gates that must be implemented before service deployment in affected use cases.
The existence of a separate, elevated tier for high-risk consumer-facing use cases signals that Anthropic recognizes some deployments create heightened risk of harm to vulnerable individuals, and operators in those spaces face stricter compliance obligations.
The provision creates a categorical framework that triggers additional compliance obligations for developers deploying the API in regulated or sensitive domains. This classification mechanism establishes differentiated requirements based on use case risk profile rather than applying uniform policy across all applications.