Noom
· Noom Privacy Policy
For EU and UK users, transferring health data to the US requires specific legal safeguards, and the adequacy of those safeguards is a live area of regulatory scrutiny.
International data transfers from U.S. users to Spotify group companies and subcontractors in other countries engage cross-border data transfer frameworks and may affect what legal protections apply to your data depending on where it is processed.
Your IP address, which can reveal your approximate geographic location, is used to modify the content of AI responses you receive, creating a form of location-based profiling that you may not expect from an AI assistant service.
The clause operationalizes location-based service personalization as a standard practice while creating a procedural pathway for users to decline this specific data processing activity without service disruption.
GitHub
· GitHub Copilot Business Privacy Statement
ISO 27001 certification is a commonly referenced baseline for information security vendor assessments and may be required by enterprise procurement policies or contractual obligations with customers in regulated industries.
ISO 27701 certification is a recognized international benchmark for privacy information management, providing external validation that D&B's privacy controls meet a defined standard, though certification scope varies by market.
This provision establishes that the company's privacy practices operate under third-party audited standards for information security and privacy management. The certification structure creates an external compliance framework against which the company's stated privacy practices can be assessed.
This provision discloses jurisdiction-specific data subject rights and routes their exercise through Google's privacy tools, establishing the procedural framework for rights requests under GDPR, UK GDPR, CCPA, and equivalent frameworks. The rights are conditional on jurisdiction, and the notice does not enumerate specific response timelines.
Your sensitive financial and identity data held by a broker-dealer is accessible to law enforcement through subpoenas, court orders, and national security processes, and the policy does not commit to notifying users when this occurs.
The commitment to notify users of law enforcement data requests, where legally permitted, is a materially distinct disclosure practice that may provide users with an opportunity to seek legal counsel before data is disclosed.
This provision establishes that the main notice is not a self-contained disclosure; the operational scope of data collection, use, and sharing obligations for specific products or user groups is distributed across multiple linked documents that must be reviewed collectively to assess compliance.
Oura
· Oura Privacy Policy
This is a user-protective commitment that goes beyond what most privacy policies assert, though its practical enforceability depends on the jurisdiction and the nature of the legal order received.
Under GDPR and similar frameworks, companies must identify a specific legal basis for each type of data processing; the Legal Bases Charts are the primary disclosure mechanism WBD uses to fulfill this obligation and to inform users about the basis on which their data is processed.
Because the substantive legal terms are distributed across linked documents rather than consolidated here, users and compliance teams must access each linked document separately to understand the full scope of Snowflake's policies.
Visa
· Visa Privacy Notice
Device identifiers combined with location data and transaction records can enable precise behavioral tracking and are increasingly subject to regulation in privacy-sensitive jurisdictions.
This provision authorizes collection of repository names and data accessed as part of audit logging, meaning records of which code repositories you interact with may be retained and shared with customers in the event of a security incident.
A detailed transaction history tied to your identity enables McDonald's and its partners to build a behavioral profile over time that can be used for targeted marketing and potentially shared with third parties.
Revolut uses your transaction and behavioural data to identify and send you product offers, which means your financial behaviour directly influences the commercial communications you receive.
The opt-out mechanism is practically important because failure to use it means AWS may continue to send promotional communications to your contact details, and understanding how to unsubscribe prevents unwanted ongoing contact.
Miro
· Miro Privacy Policy
If you provide Miro with your email address, you may receive marketing messages. The opt-out mechanism should be accessible and promptly honored, and Miro's ability to send marketing to business contacts may also engage B2B email marketing rules in certain jurisdictions.
The opt-out mechanism for marketing emails is standard, but users should be aware that opting out of marketing does not affect other data processing practices described in the policy.
Twilio
· Twilio Privacy Notice
The clause distinguishes between marketing communications, from which users may opt out, and transactional or account-related communications, which may continue regardless of opt-out status. This establishes separate pathways for different communication categories.
Acorns
· Acorns Privacy Policy
This provision establishes the operational framework for Acorns' marketing communications practices and defines the scope of user control over promotional outreach. The distinction between promotional and non-promotional communications creates two separate channels, with only promotional messages subject to user opt-out.
The use of 'legitimate interests' rather than consent as the sole basis for marketing emails is an area of active regulatory debate in the EU, where some supervisory authorities consider direct marketing by email to require prior consent under the ePrivacy Directive regardless of GDPR lawful basis claims.
Stripe
· Stripe Privacy Policy
The clause establishes the operational framework for Stripe's direct marketing practices and specifies the procedures by which users can control receipt of marketing communications. This defines both the company's authorization to conduct marketing outreach and the user's method to manage communication preferences.
Neon
· Neon Privacy Policy
The provision establishes a bifurcated communication framework in which marketing communications are subject to user opt-out, while transactional and service-related messages continue independently of opt-out elections. This distinction creates separate consent streams for different communication categories.
Your contact and usage data collected by Cerebras may be used to target you with promotional communications and to profile your behavior for product development, and you have a right to opt out of direct marketing in most jurisdictions.
The opt-out mechanism is accessible and clearly described, but the policy does not specify how quickly opt-outs will be processed or whether all marketing channels are covered.
RunPod
· RunPod Privacy Policy
This provision authorizes marketing communications that may include partner offerings, extending the use of personal data beyond RunPod's own services, and provides a stated opt-out mechanism that users can exercise at any time.
This provision authorizes use of personal information for third-party promotional communications, which engages CAN-SPAM Act requirements in the US and GDPR consent or legitimate interests analysis for EU users, as well as CASL for Canadian users.