OpenAI
· OpenAI Privacy Policy
The clause establishes the jurisdictional framework and legal mechanism for international data flows, clarifying that personal data collected from non-U.S. users will be subject to U.S. law and processed in U.S. infrastructure. This addresses regulatory requirements under EU and UK data protection frameworks for lawful cross-border data transfers.
Glean
· Glean Privacy Policy
Cross-border data transfers are a key GDPR compliance obligation. If the transfer mechanisms are not properly implemented, data flows to the US could be challenged by regulators or privacy advocates.
Square
· Square Privacy Notice
The clause establishes the operational framework for Square's global data handling infrastructure, permitting the company to move personal information across jurisdictions with different regulatory environments. This authorization enables Square to centralize data processing, storage, and systems management across its international operations.
The provision operationalizes Smartsheet's data processing infrastructure by establishing the jurisdictional basis for international data transfers and specifying the legal frameworks—primarily SCCs—through which the company complies with cross-border data transfer requirements under applicable law.
Microsoft
· Microsoft Privacy Statement (Legacy)
The clause establishes the geographic scope and legal mechanisms governing where user personal data may be processed. By referencing specific regulatory frameworks (DPF and SCCs), the provision defines the compliance structure Microsoft applies to international data transfers, which determines the legal protections applicable to data movement across jurisdictions.
The clause establishes the operational framework for international data movement by specifying the jurisdictions where processing occurs and identifying the contractual safeguards (European Commission-approved standard clauses) that govern those transfers.
The policy discloses that personal data may be transferred internationally and that NVIDIA relies on Standard Contractual Clauses or equivalent mechanisms; the adequacy of these mechanisms and NVIDIA's implementation of supplementary safeguards is relevant for EU/EEA and UK users.
The provision establishes the operational framework for international data flows necessary to deliver the service's core functionality of connecting users globally. It creates an authorization structure for cross-border data transfers while conditioning such transfers on compliance with local legal safeguard requirements.
GitHub
· GitHub Privacy Statement
The provision establishes the operational framework under which GitHub processes personal data across jurisdictions with varying legal protections. The use of Standard Contractual Clauses represents the contractual mechanism GitHub employs to comply with EU data transfer requirements and provide a defined safeguard structure for international data flows.
Cross-border data transfers from the EU and UK to the U.S. are subject to specific legal requirements under GDPR, and users should be aware that their data leaves their home jurisdiction, even if transfer safeguards are in place.
Cross-border transfers of authentication data to the US are subject to EU privacy rules, and Standard Contractual Clauses are the primary safeguard Cisco uses, but the adequacy of those safeguards depends on implementation and cannot be assumed without verification.
Canadian users' data may be subject to U.S. legal process and law enforcement access once transferred to the United States, and the protections available under Canadian law may not apply in full to data held in the U.S.
Airbnb
· Airbnb Privacy Policy
This provision establishes the operational framework under which Airbnb processes personal data across multiple jurisdictions. The clause addresses a core compliance requirement for international data transfers, particularly for EU/EEA users, by identifying the legal mechanisms (standard contractual clauses) used to authorize cross-border data movement.
Adyen
· Adyen Privacy Policy
Cross-border transfers expose your data to legal systems with potentially lower privacy protections than the EU or UK, and the adequacy of Standard Contractual Clauses as a safeguard depends on ongoing regulatory and judicial developments.
Uber
· Uber Privacy Notice
This clause establishes the operational framework for Uber's global data architecture, specifying that personal data collected in one jurisdiction may be processed, stored, or accessed in other jurisdictions. The provision sets out the compliance mechanisms—standard contractual clauses and law-required safeguards—that govern these transfers.
Garmin
· Garmin Privacy Statement
The provision establishes the operational framework for cross-border data flows and identifies the specific contractual safeguard (SCCs) used to comply with data transfer restrictions under EU/EEA regulations. This mechanism addresses the legal requirement that international transfers be accompanied by adequate protective measures.
Bumble
· Bumble Privacy Policy
International data transfers mean your personal information may be processed under legal frameworks that provide different or potentially lower levels of protection than your home country's laws.
The clause establishes the geographic scope of data processing operations and creates a jurisdictional framework for where user information may be stored and accessed. For users in regulated regions, it conditions cross-border transfers on the existence of adequate legal safeguards, reflecting compliance with regional data protection requirements.
Figma
· Figma Privacy Policy
The provision operationalizes Figma's data handling framework by establishing U.S. law as the governing framework and authorizing international data transfers. This determines the legal regime applicable to data management and defines the jurisdictional scope within which data protection obligations operate.
Fly.io
· Fly.io Privacy Policy
If you are in the EU, UK, or another jurisdiction with strong data protection laws, transfers to the US require specific legal safeguards that must be in place for the transfer to be lawful.
Cohere
· Cohere Privacy Policy
This provision is particularly significant for EU and UK users because transfers of personal data from the EEA and UK to the United States require a lawful transfer mechanism under GDPR and UK GDPR, and the adequacy or sufficiency of those mechanisms is subject to ongoing regulatory scrutiny.
DeepL
· DeepL Privacy Policy
This provision discloses that EEA user data may be routed to non-EEA processors, with Standard Contractual Clauses cited as the primary safeguard mechanism. Organizations subject to strict data residency requirements or sector-specific cross-border transfer restrictions should evaluate whether this transfer framework satisfies their obligations.
Transferring personal data from the EU to the US requires specific legal mechanisms under GDPR, and users should understand their data may be processed under US law rather than their home country's privacy framework.
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borders, which affects the legal standards and accountability structures applicable to the company's data handling practices.
The clause establishes the operational framework for international data processing and specifies that Airtable will implement legal compliance mechanisms for cross-border transfers as required by applicable law. This addresses jurisdictional requirements that govern personal data movement across borders.
Auth0
· Auth0 Privacy Policy
Cross-border data transfers from the EU and UK to the US remain a significant regulatory concern following the Schrems II ruling, and the adequacy and current status of Okta's SCCs and any supplementary measures are important for both individual data subjects and enterprise customers.
Replit
· Replit Privacy Policy
The clause establishes the operational framework for international data processing, permitting cross-border transfers while establishing that Replit maintains responsibility for protection standards during such transfers. This affects the jurisdictional scope and regulatory regimes under which user data may be processed.
Visa
· Visa Privacy Notice
The provision establishes the operational framework governing Visa's cross-border data transfer practices and specifies the contractual mechanisms through which Visa implements protective measures. This addresses the jurisdictional and regulatory complexity of global data transfers where destination countries may have different legal protections than the user's home jurisdiction.
Lyft
· Lyft Privacy Policy
Cross-border data transfer provisions establish the operational scope of data flows and define which legal frameworks govern data protection once information leaves the user's home jurisdiction. This affects the regulatory oversight and security standards applicable to personal information during transit and storage.
Brex
· Brex Privacy Policy
This provision engages GDPR Chapter V cross-border transfer requirements for EU and UK users, requiring that Standard Contractual Clauses be accompanied by a Transfer Impact Assessment where transfers are made to countries without an adequacy decision, including the United States.