Miro
· Miro Privacy Policy
This provision establishes that personal data collected from users of the Miro platform may be disclosed to advertising and analytics vendors, which is operationally significant for enterprise customers whose employees use the platform for sensitive collaboration.
The terms authorize sharing personal data with a broad range of third parties including advertising partners, which may be relevant for users who assumed their data remained within Jasper's systems, and may constitute a sale or sharing of personal information under CCPA.
This provision authorizes disclosure of user browsing and activity data to advertising technology vendors for cross-site targeting purposes, which may require evaluation under GDPR consent requirements and ePrivacy Directive guidance applicable to cookie-based tracking in EU member states.
This provision authorizes data combination from multiple external sources including marketing partners, which may result in a more comprehensive profile of users than data collected directly from them. The categories of combined data include contact information, demographic information, communications activity, and order history.
This provision establishes the categories of third parties with whom personal data may be shared, which is directly relevant to CCPA opt-out rights, GDPR legitimate interests assessments, and the scope of data flows that must be disclosed and contractually managed.
This provision establishes data sharing with advertising and analytics partners, categories that under CCPA/CPRA may constitute sharing personal information for cross-context behavioral advertising, triggering opt-out rights for California residents.
RunPod
· RunPod Privacy Policy
This provision establishes that personal data flows to multiple categories of third-party service providers, requiring RunPod to maintain data processing agreements with each and potentially triggering sub-processor notification obligations for enterprise customers under their own data processing agreements with RunPod.
Personal data including government IDs, financial information, and usage data is shared with multiple external vendors, each of which represents an additional data security and privacy risk vector outside OnlyFans' direct control.
The policy authorizes sharing of personal data with advertising and analytics vendors in addition to operational service providers, which may result in personal data being used for purposes beyond service delivery.
Brex
· Brex Privacy Policy
Collection of data from credit bureaus and identity verification services triggers FCRA obligations, including permissible purpose requirements and adverse action notice rights, which are distinct from general privacy law protections.
Users may not be aware that Luma can build a more detailed profile of them by combining data from external sources with account and usage data, potentially without direct interaction from the user.
This practice means that Skillshare's data profile on you extends beyond what you directly provided or generated on the platform, incorporating external commercial data that you may not be aware of and cannot directly review or correct.
This provision establishes the categories of third parties that receive children's personal information under COPPA's disclosure framework. The inclusion of app publishers on the Epic Games Store as recipients of child account information for operational purposes is operationally significant, as it means publishers whose games children download may receive child account data without requiring separate parental consent where Epic characterizes the disclosure as integral to service operation.
Third-party trackers on aa.com operate under their own privacy policies, meaning data about your visit may be collected and used by entities you have no direct relationship with and whose data practices American does not control.
Connecting third-party accounts to Airtable gives Airtable access to data from those external services, which is then stored and associated with your Airtable account, potentially expanding the personal data Airtable holds about you beyond what you directly entered.
Oura
· Oura Privacy Policy
This provision establishes that data exchanged through third-party integrations is governed in part by the third parties' own terms and policies, and that Oura's compliance with those terms is conditioned on awareness of policy updates. The qualification 'as we become aware of those policies and agreements' introduces a temporal condition on Oura's adherence to third-party data governance requirements.
xAI
· xAI Terms of Service
The optional X login integration permits xAI to access an extensive profile including post history from all accounts you can view on X (both public and protected), date of birth, and location information, subject to user opt-in.
This provision binds users to the terms of service and privacy policies of two separate third-party payment processors as a condition of using Gumroad's payment services, and authorizes data sharing across Gumroad, Stripe, PayPal, and additional third-party payment providers. Users are subject to the data practices of multiple entities under distinct policy frameworks.
Data about you may be collected from sources beyond what you directly provide, potentially including professional profile databases or social media data aggregators, without a direct disclosure at the point of collection.
Medium
· Medium Privacy Policy
This provision establishes the contractual basis under which Medium transfers personal data to external parties for operational purposes, which implicates GDPR Article 28 data processor agreement requirements and CCPA business-purpose sharing disclosure obligations.
Brex
· Brex Privacy Policy
This provision establishes the contractual framework for vendor data sharing and the scope of permitted downstream use, which is directly relevant to CCPA service provider qualification, GDPR processor agreement requirements, and GLBA information security program obligations.
This sharing with advertising networks means your data may be used beyond Zendesk's own purposes and shared with third parties whose own privacy practices are separate from Zendesk's notice, potentially affecting the scope of data that flows to external entities.
If you opt out of data collection on your smart TV or streaming device, those choices do not carry over to Disney's own data collection, meaning you may need to manage privacy settings separately in multiple places.
Twitch
· Twitch Privacy Notice
This provision significantly extends Twitch's data collection reach beyond its own platform to encompass your behavior on other gaming and social media services, which many users may not anticipate.
Glean
· Glean Privacy Policy
Sub-processor visibility is a GDPR requirement and a practical security concern, since each sub-processor represents an additional party with access to potentially sensitive workplace data.
Cross-device and cross-site advertising tracking using hashed email addresses means your FanDuel activity can follow you across the internet even if you do not use cookies, making it difficult to fully limit tracking through standard browser controls alone.
Suno
· Suno Acceptable Use Policy
This provision establishes a two-tier consent architecture that applies denied-by-default consent for regulated regions and granted-by-default consent for all other users. The presence of multiple third-party advertising and analytics vendors activated through this consent framework creates ongoing data processor governance obligations.
Shein
· Shein Privacy Policy
Third-party tracking scripts can share your browsing behavior with advertising platforms without your explicit knowledge, and the timing of their activation relative to consent mechanisms is a key compliance question under US and EU privacy law.
Healthcare website visitors, including those seeking mental health or chronic condition care, may have their browsing behavior tracked by multiple third-party platforms, which raises data sensitivity concerns specific to health-related contexts.
Writer
· Writer Privacy Policy
This provision authorizes third-party tracking deployments that may require affirmative consent under EU ePrivacy Directive requirements and applicable member state implementations, and may trigger CCPA/CPRA opt-out rights for California residents regarding sale or sharing of personal information with advertising partners.