Yelp
· Yelp Terms of Service
This provision implements Yelp's compliance framework with the Children's Online Privacy Protection Act (COPPA), which restricts the collection and use of personal information from children under 13. The age restriction operates as a foundational eligibility requirement for service access and establishes Yelp's contractual posture regarding minors.
This provision operationalizes compliance with the Children's Online Privacy Protection Act (COPPA) by establishing verification mechanisms for age-restricted access and requiring deletion protocols for inadvertently collected information from users under 13. The inactivity termination authorization allows for account management based on usage patterns.
Amazon
· Amazon Conditions of Use
This provision operationalizes Amazon's compliance with the Children's Online Privacy Protection Act (COPPA), which imposes specific restrictions on data collection from children under 13. The clause establishes the mechanism by which Amazon enforces age-based access controls across its service offerings.
This provision establishes Walmart's operational compliance framework with the Children's Online Privacy Protection Act (COPPA), which imposes federal requirements on websites collecting data from children under 13. The policy creates an affirmative duty to identify and remove such data upon detection.
This provision operationalizes Luma's compliance obligations under the Children's Online Privacy Protection Act and establishes the contractual age gate for service access. The requirement that users represent their age and obtain parental consent for minors ages 13-17 allocates responsibility for verifying eligibility to the user at account creation, while the deletion requirement creates a data retention control mechanism tied to age-related discovery.
Roblox
· Roblox Privacy and Cookie Policy
This provision operationalizes COPPA's data minimization requirement for child users and establishes three specific remedial actions Roblox states it will take upon receiving excess personal information from under-13 users. The provision also reflects the policy's stated commitment to filtering public communications from child users to remove personal information.
This provision establishes age-based access controls and a COPPA compliance commitment. The mechanism for enforcement relies on user self-representation at account creation rather than independent age verification, which is typical but creates a gap between stated policy and practical enforcement.
Parents are responsible for establishing and managing accounts for younger children, and Microsoft's platform relies on parental consent mechanisms to comply with COPPA and equivalent international laws, meaning parents should actively review and configure Family Safety settings.
Microsoft
· Microsoft Services Agreement (Legacy)
This clause implements compliance with the Children's Online Privacy Protection Act (COPPA), which mandates verifiable parental consent before collecting personal information from children under 13. The provision establishes the procedural mechanism by which Microsoft obtains parental authorization before account creation.
The minimum age threshold of 16 is higher than COPPA's 13-year statutory minimum, which means Substack has adopted a stricter standard that also captures 13 to 15-year-olds who might otherwise legally use other platforms.
Reproducing, quoting extensively, or republishing website content without permission could expose users to copyright infringement claims, which is particularly relevant for journalists, researchers, and professionals who routinely cite or excerpt online sources.
The provision operationalizes X's legal obligations under U.S. copyright law and establishes the institutional framework through which copyright claims are processed, content is evaluated for infringement, and removal procedures are implemented.
This provision establishes that corporate card use of Google Pay creates a contractual representation by the employee that the employer has authorized use and is bound by these Terms. Organizations that have not reviewed or accepted these Terms may nonetheless be bound by them through employee use of corporate cards.
The policy reserves the right to transfer all user personal data, including learning history, identifiers, and payment information, to a third party in the context of a corporate transaction, without requiring separate user consent at the time of transfer.
Fitbit
· Fitbit Privacy Policy
A change in ownership could mean your sensitive health and fitness data, collected under Fitbit's current privacy practices, is governed by a different company's policies, potentially with different sharing and retention practices.
This provision means that user data, including voice recordings and audio content, may be transferred to a third party in a corporate acquisition without requiring individual user consent, subject to applicable law.
Replit
· Replit Privacy Policy
This provision establishes the operational framework for handling personal data during corporate transitions, clarifying that data continuity with a successor entity is permissible under the privacy policy rather than constituting a breach of the existing data handling terms.
This provision reserves the right to transfer all collected personal data to a third party in the event of a corporate transaction, which may result in user data being governed by a different privacy policy without additional consent being obtained prior to transfer.
This provision authorizes disclosure of personal information to potential and actual acquirers, and separately acknowledges that in insolvency proceedings Pinecone may not be able to control how personal data is treated, which creates uncertainty about downstream data handling.
The policy authorizes transfer of user personal data, including account information and transaction records, to acquiring or successor entities as part of corporate transactions, without requiring user notification or consent at the time of transfer.
OpenAI
· OpenAI Privacy Policy
This provision authorizes transfer of personal data during corporate transactions, including during the negotiation phase, without requiring individual user notification prior to the transfer, which may affect the continuity of the privacy protections users accepted.
This provision authorizes the transfer of personal data to a new corporate entity in connection with a corporate transaction, meaning control over your data could shift to a different company with its own privacy practices, potentially under a revised privacy policy.
A change of ownership could result in your voice data and personal information being controlled by a company with different privacy practices, and users may have limited ability to prevent this transfer under the policy's current terms.
This clause establishes the operational framework for personal data continuity during corporate restructuring events, ensuring data transfer authority exists while requiring notification of such transfers and any resulting changes to data handling practices.
Medium
· Medium Privacy Policy
This provision establishes that personal data may be disclosed to prospective acquirers or transaction counterparties prior to deal completion, which creates data exposure outside Medium's direct operational relationships and may engage GDPR requirements for lawful transfer basis during pre-transaction due diligence.
A change in ownership could result in your personal data being controlled by a different company with different privacy practices, and you may not have advance notice or a meaningful ability to prevent the transfer.
This provision authorizes transfer of the full scope of Ancestry's collected personal information, including genetic data, to a successor entity in a corporate transaction. The receiving entity may operate under different privacy policies and data governance frameworks, subject to applicable law and any representations made at the time of transfer.
Rumble
· Rumble Privacy Policy
This provision establishes that all collected personal data is transferable to acquiring entities without requiring individual user consent beyond notification, which is a standard U.S. commercial practice but may require evaluation under GDPR, Canadian, and other international privacy frameworks depending on the nature and destination of any transfer.
This clause means your personal data, including identity documents, payment information, and precise location history, could be transferred to a new owner whose privacy practices may differ from FanDuel's current policy, with no opt-out mechanism described for this scenario.
Fly.io
· Fly.io Privacy Policy
A change in ownership could mean your data ends up with a company that has different privacy practices, and you may not have a practical way to prevent this transfer.