These rights are legally enforceable under California law and give California residents meaningful control over their personal data, including the ability to stop Samsung from sharing their information with advertising partners.
Noom
· Noom Privacy Policy
These rights give California residents meaningful control over their health and personal data held by Noom, including the ability to demand deletion or stop data sharing with advertisers.
Calm
· Calm Privacy Policy
California's CPRA requires companies to disclose when they offer financial incentives in exchange for personal data and to explain the value of that data; this notice fulfills that requirement and gives users the right to opt out.
T-Mobile
· T-Mobile Terms and Conditions
California residents have stronger privacy protections than most other US states, including enforceable rights to access and delete personal data that do not depend on T-Mobile's agreement — these are statutory rights.
This provision gives California residents a specific legal right to find out whether and how their personal data has been shared for marketing purposes, which can help them understand the scope of data sharing connected to their Starbucks account.
This provision discloses a California-specific right to request information about third-party direct marketing data disclosures, exercisable once per year by email, which is a limited but actionable data transparency right for California residents.
California's CCPA and CPRA provide some of the strongest consumer data rights in the US, and TurboTax users in California can meaningfully restrict how their sensitive tax data is used beyond the core filing service.
Webull
· Webull Privacy Policy
These rights are legally enforceable under California law and give California-based investors meaningful control over their financial and personal data held by Webull.
These rights are legally enforceable under California law and include a non-discrimination guarantee, meaning Squarespace cannot penalize you for exercising them, which is a meaningful consumer protection.
California residents have legally enforceable data rights under CCPA that go beyond what users in other US states may have, including the right to know exactly which categories of personal data are collected and shared.
These rights are enforceable under California law and give California residents meaningful control over their personal data held by Calendly, including the ability to stop data sharing with advertising partners.
Auth0
· Auth0 Privacy Policy
CPRA significantly expanded California privacy rights including the right to correct inaccurate data and limit use of sensitive personal information, and Okta's acknowledgment of these rights means California residents have concrete, enforceable options beyond what users in other US states may have.
California residents can exercise rights under CCPA including data access, deletion, and opt-out of sale, and the policy provides a direct contact mechanism at privacy@langchain.dev for submitting these requests.
These rights are legally enforceable under California law and provide California residents with more control over their data than users in most other US states, including the right to stop Dropbox from sharing their data for advertising purposes.
Yelp
· Yelp Privacy Policy
These are legally enforceable rights under California law that give California residents meaningful control over their personal data held by Yelp, including the ability to stop their data from being shared with advertising partners.
The clause operationalizes statutory CCPA obligations by designating a contact mechanism and specifying the four core rights California residents may exercise under state law, establishing the procedural pathway for rights assertion.
Calm
· Calm Privacy Policy
Under California privacy law, entities offering financial incentives must disclose the collection practices, provide opt-in and opt-out mechanisms, and establish that the value exchange is reasonably related to the personal information collected. This provision satisfies CCPA disclosure requirements by detailing the personal information categories collected and establishing that incentive values are proportionate to data collection.
This provision preserves Supabase's operational flexibility to adapt privacy practices in response to regulatory changes, business operations, or service modifications. It establishes that privacy policy modifications do not require affirmative user agreement before taking effect.
Non-material changes to the privacy policy can take effect with only a date change and no direct notification, meaning users who do not regularly review the policy may miss changes that affect their data practices.
Microsoft
· Microsoft Privacy Statement (Legacy)
The statement commits to notifying users of material changes before they take effect, either by posting a prominent notice or sending a direct notification, which is relevant to users who want to track when and how Microsoft's data practices change.
COPPA requires verifiable parental consent before collecting personal information from children under 13. However, given that Equifax holds credit and financial data about minors in certain contexts (such as authorized user accounts or identity theft protection services for families), the interaction between this disclaimer and actual data practices warrants attention.
The policy establishes an age-based restriction on data collection consistent with COPPA in the US; the restriction applies to services not directed at children, but does not address the full range of minors' privacy protections under GDPR Article 8 or state laws that apply to users under 16 or 18.
If a child under 13 creates a ClickUp account, the company commits to deleting that data, but enforcement depends on ClickUp detecting the underage user, which may not always occur in practice.
The policy sets a minimum age of 16 rather than the COPPA threshold of 13, which means it applies a stricter age threshold for consent purposes; this is operationally relevant for GDPR compliance, which sets the digital consent age at 16 (with member state variation down to 13).
The 16-year age threshold is consistent with CPRA requirements and several state privacy laws, though the US federal COPPA standard applies to children under 13 for certain online services.
The policy sets 13 as the minimum age and commits to deleting data from younger users, but does not describe verification mechanisms, which is relevant for platforms that may be accessed by minors.
This provision establishes Zendesk's age threshold at 16 for data collection purposes, engaging COPPA requirements in the US for children under 13 and GDPR Article 8 requirements for children under 16 in EU member states that have not lowered the threshold, which varies by country.
The 16-year age threshold is stricter than COPPA's 13-year requirement in the US, but parents or guardians whose children may have accessed Smartsheet should know the service is not intended for minors.
While standard for most platforms, developers using Vercel to build consumer applications that may reach children should be aware that Vercel's own child data protections apply only to platform accounts, not to end users of their deployed applications.
Ledger
· Ledger Privacy Policy
Children's data provisions are operationally significant because they establish compliance frameworks with children's privacy regulations (such as COPPA in the United States) and define the procedural requirements for lawful data processing when minors are involved. This provision determines Ledger's consent and notification obligations to parents or guardians.