OpenAI
· OpenAI Privacy Policy
The clause establishes OpenAI's authority to incorporate third-party sourced data into its user profiles and service operations, expanding the data streams that inform service delivery and user identification beyond direct user inputs.
Visa
· Visa Privacy Notice
Receiving data from external sources like data brokers means Visa's profile of you may go beyond what you directly provided, incorporating inferred demographics and interests from third parties you may not have interacted with intentionally.
Combining externally sourced data with network and service data creates a significantly richer profile of each customer than either source alone, expanding the scope of data that may be used for commercial purposes.
Data enrichment from third-party sources, including data brokers, means One Identity may build a more detailed profile of you than what you directly provided, which can affect how you are targeted for marketing.
This clause establishes the scope of data collection mechanisms beyond direct user-provided information, enabling the service to aggregate personal data from external sources as part of its operational data practices. The provision defines the categories of third parties through which personal data flows into OpenAI's systems.
Zillow
· Zillow Privacy Notice
Data enrichment from third-party brokers means Zillow's profile of you may include information you never directly provided to the company, potentially including demographic, financial, or behavioral data from other platforms.
Acorns
· Acorns Privacy Policy
This provision means Acorns' profile of you is not limited to what you share with them directly; it may be enriched with externally sourced data, which can expand the scope of behavioral targeting and data sharing beyond what the typical user would anticipate.
The clause defines the scope of data sources that feed model training operations, establishing a procedural framework for how Anthropic sources training data across multiple categories and establishing that user-generated content from the Services constitutes a training data source unless users opt out.
Twilio
· Twilio Privacy Notice
The provision establishes the scope of data collection practices across both user-initiated submissions and automated tracking mechanisms, defining what categories of information the entity gathers from website visitors to support account management, communications, and analytics functions.
This clause establishes the scope of first-party data collection practices and defines the information categories that Datadog processes across customer acquisition and engagement touchpoints. It clarifies which data elements the organization collects through direct user interactions rather than inferred or observed means.
This provision defines the scope of data collection practices authorized under the agreement. It establishes the operational distinction between first-party data (user-provided) and derived data (interaction-based), which determines what information the service provider may access and process.
Stripe
· Stripe Privacy Policy
The policy's collection scope covers individuals who interact with Stripe only indirectly through merchant checkouts, meaning many consumers may not be aware that Stripe is collecting their device and behavioral data during purchases.
Writer
· Writer Privacy Policy
The breadth of data collected, particularly User Content (what you write and submit) and usage data, means Writer has access to potentially sensitive business information beyond basic account details.
Miro
· Miro Privacy Policy
This provision defines the full scope of personal data Miro processes, which is material for enterprise data governance assessments because board content may include sensitive business information alongside standard account metadata.
Brex
· Brex Privacy Policy
This provision establishes the full scope of personal data Brex processes, which spans both standard digital identifiers and sensitive financial account details, creating compliance obligations under CCPA, GLBA, and GDPR depending on the user's jurisdiction and the nature of the data.
This provision establishes the full scope of personal data collection, including voice and audio data which may be subject to additional state-level protections (such as Illinois BIPA or Washington's My Health MY Data Act depending on data type) and GDPR requirements for processing biometric or sensitive personal data categories.
The policy authorizes collection of a broad range of personal information including identifiers, commercial records, and electronic network activity, which may be used for advertising, analytics, and personalization purposes.
This clause defines the operational parameters of Threads' data collection practices and establishes the basis for subsequent data processing activities described elsewhere in the privacy policy. The authorization encompasses multiple data sources and categories, which supports the service's core functions including content delivery, user interaction infrastructure, and analytics operations.
GitHub
· GitHub Privacy Statement
The breadth of collection covers both identity-linked data (name, email, payment) and behavioral data (usage patterns, device fingerprint), meaning GitHub builds a detailed profile of both who you are and how you use the service.
Figma
· Figma Privacy Policy
The scope of data collection determines what information Figma retains about you and your work, including potentially sensitive professional design assets.
The provision defines the operational basis for Pinterest's data practices by specifying the sources and types of data the service collects. This establishes the informational foundation for the platform's core functions—account management, service delivery, content personalization, and advertising operations.
Medium
· Medium Privacy Policy
This provision establishes the categories of personal data Medium collects across both direct user input and automated technical collection, which determines the scope of data subject rights requests under GDPR and CCPA and informs the data mapping obligations of any organization assessing Medium as a data processor or service.
The breadth of data collected, spanning identifying information, payment details, and behavioral usage data, means monday.com builds a detailed profile of each user over time.
The policy states that content created or uploaded within Atlassian products, including messages and files, is collected as personal information, meaning material you create in Jira or Confluence may be processed under this policy.
Venmo
· Venmo Privacy Policy
The provision defines the informational foundation for service delivery and operational processes, establishing which data types the entity is authorized to collect across direct user input, system interactions, and external sources. This scope determination affects downstream data handling, retention, and sharing practices governed by other policy sections.
Fly.io
· Fly.io Privacy Policy
Understanding what data is collected helps users assess their privacy exposure and decide what information they are comfortable providing to a cloud infrastructure provider.
Midjourney
· Midjourney Data Retention & Privacy FAQ
The policy discloses a broad set of data categories collected across account, device, behavioral, and content dimensions, including the content of prompts and uploaded images, which may contain personal or sensitive information.
The collection of email address, phone number, date of birth, payment method, and a unique persistent identifier means Discord holds a detailed profile linked to your real identity across your use of the service.
The policy authorizes collection of a broad range of professional and behavioral identifiers, including payment information and clickstream data, which are used for service delivery, marketing, and analytics purposes.
The breadth of data categories collected, including learning performance, streaks, device identifiers, and IP addresses, means Duolingo builds a detailed profile of each user's activity and behavior over time.