Waze
· Waze Privacy Policy
The clause establishes the operational scope for personal data infrastructure by permitting Waze to utilize distributed data storage and processing across multiple geographic jurisdictions as part of standard business operations, including reliance on third-party service providers.
Udemy
· Udemy Privacy Policy
The clause establishes the operational framework for Udemy's cross-border data processing infrastructure and specifies the contractual mechanisms (standard contractual clauses) used to address jurisdictional differences in data protection requirements.
The provision establishes the operational scope of Sony's data processing infrastructure and specifies the geographic boundaries within which personal information may be handled. This framework determines where and under what legal frameworks user data processing occurs, which has direct implications for applicable regulatory compliance obligations.
Intuit
· Intuit Privacy Statement
For EU and UK users, international data transfers require specific legal safeguards, and the adequacy of those safeguards is subject to ongoing regulatory and judicial scrutiny.
Cross-border transfers of authentication data to the US are subject to EU privacy rules, and Standard Contractual Clauses are the primary safeguard Cisco uses, but the adequacy of those safeguards depends on implementation and cannot be assumed without verification.
Canadian users' data may be subject to U.S. legal process and law enforcement access once transferred to the United States, and the protections available under Canadian law may not apply in full to data held in the U.S.
The clause establishes the operational framework for international data movement by specifying the jurisdictions where processing occurs and identifying the contractual safeguards (European Commission-approved standard clauses) that govern those transfers.
Cross-border transfers of personal data from the EEA or UK to the US require a valid transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses; the policy acknowledges transfer but does not specify the legal mechanism used.
For users in the EU, UK, and other jurisdictions with strong data protection laws, transferring personal data to countries without equivalent protections requires specific legal safeguards that the policy does not detail.
Fiverr
· Fiverr Privacy Policy
This clause establishes the operational framework for cross-border data handling and specifies the legal mechanisms Fiverr uses to comply with data protection requirements when transferring personal information internationally. It documents the company's reliance on European Commission-approved contractual mechanisms as the basis for lawful international data movement.
Roblox
· Roblox Privacy Policy
The policy asserts consent to cross-border data transfers as a basis for transferring data from jurisdictions such as the EU/EEA to the US; under GDPR, reliance on broad consent embedded in a terms of service or privacy policy for international transfers may not satisfy the requirements of a valid transfer mechanism under Chapter V of GDPR, and this provision may require evaluation against the adequacy framework or Article 46 standard contractual clauses.
International data transfers are a key area of GDPR enforcement and EU users should be aware that their data may be processed in countries with different privacy standards, though Synthesia asserts it uses approved transfer mechanisms.
Stripe
· Stripe Privacy Policy
This provision establishes the legal mechanisms Stripe relies upon for cross-border data transfers, which are subject to ongoing regulatory review and potential challenge; organizations processing EU or UK personal data through Stripe must confirm these mechanisms remain current and adequate under applicable law.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision establishes the geographic scope of data processing and identifies the legal mechanisms Microsoft employs to govern cross-border transfers. This determines the jurisdictional frameworks and contractual obligations that apply to personal data movement across Microsoft's international operations.
Okta
· Okta Privacy Policy
EU, UK, and Swiss users' personal data is being transferred to the United States, and the legal validity of that transfer depends on Okta's correct implementation of the current SCCs, which were updated in 2021 and require accompanying transfer impact assessments.
Canva
· Canva Privacy Policy
Cross-border data transfers involving EU personal data require legally adequate safeguards under GDPR. Canva's reliance on Standard Contractual Clauses is a recognized mechanism but requires accompanying Transfer Impact Assessments under post-Schrems II obligations, and compliance with these requirements cannot be verified from policy text alone.
Cursor
· Cursor Privacy Policy
The policy references legally valid transfer mechanisms for EEA and UK data transfers but does not name the specific mechanism (such as Standard Contractual Clauses), which limits the ability of EEA or UK users to evaluate the adequacy of those protections without making a direct inquiry.
The provision establishes the operational framework under which user data flows internationally, specifying both the destination jurisdictions and the legal mechanism (Standard Contractual Clauses) that Coinbase employs to satisfy data protection obligations for cross-border transfers.
Udemy
· Udemy Privacy Policy
The legal mechanism used for cross-border data transfers determines what protections EU and UK users retain when their data is processed in the U.S.; the Data Privacy Framework has been adopted as an adequacy mechanism but remains subject to political and legal developments.
This technical specification determines the jurisdiction and location where advertiser data and campaign analytics are stored, processed, and reported. The designation of Singapore as the virtual data center (vdc) and reporting region establishes the operational framework for data residency and determines which entity policies and data protection regimes apply to the advertising data flowing through these infrastructure endpoints.
Stripe
· Stripe Privacy Policy
The provision establishes the legal mechanisms by which Stripe operationalizes cross-border data flows, ensuring transfers comply with EU and UK data protection requirements through Commission-approved contractual frameworks and adequacy determinations.
This clause operationalizes HubSpot's compliance framework for international data transfers under GDPR and UK data protection law. The provision documents the specific legal instruments the organization deploys to maintain adequate protection standards when personal data crosses EEA and UK borders.
The provision establishes the legal mechanism by which the entity operationalizes cross-border data transfers where destination jurisdictions lack formal adequacy findings, ensuring compliance with EU data protection frameworks through contractual safeguards rather than jurisdictional adequacy determinations.
The provision establishes DocuSign's operational basis for international data movement by reference to an EU-approved legal mechanism. SCCs create contractual obligations between data exporter and importer to protect personal information consistent with GDPR standards, even when destination countries lack adequacy determinations.
Hinge
· Hinge Privacy Policy
The provision establishes the procedural basis for international data movement and identifies the contractual safeguard mechanism (SCCs) that governs these transfers. This clarifies how Hinge operationalizes its global service model while addressing regulatory requirements for personal data flows to jurisdictions without equivalent data protection frameworks.
ADP
· ADP Privacy Statement
BCR are a recognized but operationally complex transfer mechanism. If regulators in any country determine that BCR do not provide adequate protection, data transfers relying on them could be suspended, potentially disrupting payroll and HR services.
EU, UK, and Swiss users should know their data may be transferred to the United States, but Google states it uses legal transfer mechanisms to maintain applicable protections.
Figma
· Figma Privacy Policy
EU and UK users' personal data is processed by Figma in the US, and the adequacy of the transfer mechanism used is subject to ongoing regulatory scrutiny, meaning users should understand that their data crosses borders and the legal protections that apply.
Fastly
· Fastly Privacy Policy
Cross-border transfer mechanisms are a significant area of GDPR enforcement, and the adequacy of Standard Contractual Clauses depends on whether the destination country provides essentially equivalent protection. Organizations relying on SCCs may also need to conduct Transfer Impact Assessments.
The clause establishes the contractual framework Shopify employs to comply with EU and UK data protection requirements when moving personal data to jurisdictions outside the designated adequacy perimeter. This addresses the operational necessity to conduct cross-border data transfers while maintaining regulatory compliance.