Parents should be aware that minors are not permitted to use Poshmark, and any account opened by a minor violates the terms and may be terminated.
Whoop
· Whoop Terms of Use
This provision establishes a minimum age requirement of 18 for service access, which is operationally significant given that the service collects continuous physiological data; the restriction also determines COPPA applicability, as the 18-year threshold exceeds COPPA's 13-year threshold.
Udemy
· Udemy Terms of Use
This provision establishes Udemy's stated age restriction and shifts responsibility to users and parents to ensure minors do not access the platform, but the terms do not describe active age verification mechanisms.
This provision establishes Skillshare's stated COPPA-aligned posture for users under 18; as an online learning platform, Skillshare may attract users near the age threshold, and the operational reliability of age verification mechanisms is a material compliance consideration for FTC enforcement under COPPA and related state laws.
The policy sets the minimum age at 18 rather than 13, which is the threshold under COPPA for many US online services; this higher threshold affects the scope of the company's obligations and represents the stated age baseline for service eligibility.
This provision establishes a tiered age requirement: 16 as the minimum with parental consent, and 18 for the Google Pay app. The clause acknowledges that the minimum legal age may be higher in certain countries, introducing jurisdiction-specific variability.
OpenAI
· OpenAI Privacy Policy
The policy authorizes unrestricted use and sharing of data described as de-identified or aggregated; the practical scope of this permission depends on whether the de-identification process meets technical and legal standards that prevent re-identification, which the document does not describe in detail.
While de-identification reduces privacy risk, the practical robustness of de-identification methods varies, and regulators in some jurisdictions apply scrutiny to whether data is truly irreversible.
The clause operationalizes compliance with federal privacy disclosure obligations, establishing the bank's legal duty to provide transparent accounting of data practices and to communicate statutory limitations on consumer opt-out rights regarding information sharing.
Financial transaction data is highly sensitive and its collection by Apple through Apple Pay raises questions about retention, security, and potential use, though Apple's stated policy of not linking Apple Pay data to user identities and excluding it from advertising is a meaningful consumer protection.
OpenAI
· OpenAI Data Processing Addendum
This provision grants operators an audit right, which is required under GDPR Article 28(3)(h). The practical value of this right depends on what 'reasonable notice' means and whether OpenAI's standard practice is to provide documentation rather than physical inspections, which is common among large cloud providers.
This clause satisfies the GDPR Article 28(3)(h) requirement that processor agreements include an audit right. The practical scope and logistics of exercising this right against a large cloud and advertising infrastructure provider may be operationally complex, and advertisers typically rely on third-party audit certifications such as ISO 27001 or SOC 2 reports as a practical substitute.
Inferred data creates profiles beyond what you directly provide, meaning Mercury may hold conclusions about your business or personal characteristics that are derived from behavioral signals rather than information you explicitly gave them.
This provision authorizes transfer of user personal data, including conversation content, to unknown third-party entities in the event of a corporate transaction, potentially under different privacy terms.
A corporate acquisition could result in your personal data being transferred to a new company with different privacy practices, and the notice commitment, while helpful, may not provide a meaningful opportunity to prevent the transfer.
Replit
· Replit Privacy Policy
This provision authorizes transfer of personal information to a new entity in the event of a business transaction; the notice requirement provides some procedural protection, but the practical ability for users to opt out of the transfer is not specified.
Fiverr
· Fiverr Privacy Policy
A business transfer could result in your personal data being controlled by a different company with different privacy practices, without requiring your affirmative consent to the transfer.
This provision reserves the right to transfer personal data to a successor entity in a business transaction without requiring individual user consent, which is a standard commercial clause but has implications for users whose data may be processed by a new entity under different privacy practices.
A corporate transaction could result in your data moving to a company with different privacy practices, values, or business models, and the notification commitment, while present, does not give you a right to prevent the transfer.
Figma
· Figma Privacy Policy
In the event of a corporate acquisition or merger, your Figma account data, design files, and personal information could be transferred to a new company whose privacy practices may differ from Figma's.
This clause means your personal data could end up with a completely different company under different privacy practices, and unlike some other disclosures, this transfer may occur without your specific consent at the time it happens.
The policy reserves the right to transfer all collected personal data to an acquirer in the event of a merger, acquisition, or insolvency proceeding, without requiring individual user consent or providing an opt-out mechanism for this specific transfer.
These rights are legally enforceable under the CPRA and Washington state law, meaning Starbucks is obligated to respond to qualifying requests, and consumers who exercise these rights cannot be penalized or given worse service as a result.
Zelle
· Zelle Privacy Policy
This provision provides California-specific rights for business contacts, reflecting the CPRA's extension of certain rights to B2B personal information, and establishes a manual email-based process for exercising those rights.
Udemy
· Udemy Privacy Policy
These rights, backed by California law, give California residents meaningful control over their personal data at Udemy and cannot be waived by the privacy policy terms.
This provides California residents with specific, actionable rights over their personal data, backed by California law, with a direct submission mechanism provided in the policy.
Zillow
· Zillow Privacy Notice
These rights give California consumers meaningful control over their personal data, including the ability to stop Zillow from sharing home search and contact data with advertisers and partners.
These are legally enforceable rights under California law, meaning Mercury is required to honor them within defined response timelines, giving California-based business owners meaningful control over their data.
Affirm
· Affirm Privacy Policy
These rights give California residents meaningful control over their financial and behavioral data at Affirm, including the ability to stop data sharing for marketing purposes.
These rights give California users meaningful control over how Whatnot uses their personal data, including the ability to stop data sharing for advertising purposes and to have their data deleted.