Microsoft
· Microsoft Privacy Statement (Legacy)
The statement identifies multiple categories of third parties with whom personal data may be shared, including affiliates, service vendors, and parties in legal or corporate transaction contexts, which determines the breadth of entities that may access user data.
The clause defines the operational scope of third-party data sharing and establishes contractual requirements for service providers who handle personal information. It creates gatekeeping conditions that restrict when and with whom personal data may be transferred outside Google's direct control.
Microsoft
· Microsoft Privacy Statement (Legacy)
The clause establishes multiple pathways for data disclosure beyond the user's direct transaction, including sharing with corporate affiliates, service providers, and law enforcement or legal process recipients. The provision's scope encompasses both consent-based sharing and unilateral sharing justified by Microsoft's operational, legal, or security determinations.
Roblox
· Roblox Privacy and Cookie Policy
This provision establishes the categories of third parties that receive your personal data and the conditions under which sharing occurs, including advertising partners and corporate transaction scenarios where data may transfer to a new entity.
This provision establishes that conversation data and associated user information collected through Gemini may be shared with Google's affiliated entities and external service providers, with the full scope of sharing governed by the broader Google Privacy Policy rather than solely the Gemini-specific notice.
Your personal data flows to multiple third-party organisations including credit reference agencies, which can affect your credit profile at other institutions, and to counterparties in your transactions.
While the policy limits direct named data sharing with advertisers, it acknowledges that ad providers can identify users through technical mechanisms such as cookies when ads are viewed or clicked, which may in practice enable advertiser-level identification even without formal data transfer.
The provision establishes the operational scope of data sharing for advertising purposes, specifying both the categories of recipients (advertising networks, social media platforms, advertising technology providers) and the types of data subject to sharing (identifiers, device information, interaction data). This defines how user information flows beyond Riot Games' direct control.
The policy authorizes data flows to and from multiple categories of third parties, including advertising partners who may share audience data with Spotify to enable targeted advertising; the scope of these flows determines what data about you is available to external parties and for what purposes.
The policy authorizes sharing personal information including identifiers, usage data, and potentially AI trace data with advertising and analytics partners, which may implicate opt-out rights under CCPA and lawful basis requirements under GDPR.
This provision defines the operational boundaries for data sharing and establishes that Google uses service providers and affiliated entities to process personal information under contractual obligations. The clause conditions external sharing on specific authorization mechanisms rather than permitting unrestricted sharing.
Groq
· Groq Privacy Policy
This clause establishes the scope of third-party data recipients within Groq's operational framework. It defines categories of entities with authorized access to user information as part of standard service delivery, vendor relationships, and potential corporate restructuring events.
This clause establishes the operational mechanism by which Amazon facilitates third-party seller fulfillment by disclosing customer identifying and transactional information. The provision clarifies that data sharing with sellers is a standard practice integrated into the marketplace transaction process.
The clause establishes the operational framework for data distribution across Shopify's service infrastructure. Identifying these categories of recipients clarifies the scope of permitted data transfers necessary to execute payment processing, order fulfillment, platform security, and analytics functions.
The use of third-party analytics and service providers means user data travels beyond Khan Academy's own systems, and the strength of protection depends on the contractual terms and technical controls in place with each subprocessor.
Target
· Target Privacy Policy
This clause establishes the operational scope of data sharing within Target's service delivery ecosystem. It creates a contractual framework governing how third-party vendors access and use personal information in the course of providing specified business functions.
23andMe
· 23andMe Privacy Statement
This provision establishes the operational framework for data distribution across the service delivery ecosystem. It creates contractual obligations binding third-party recipients to limited use restrictions, defining the scope of data access necessary for platform operations.
Data shared in connection with a business transaction such as a merger or acquisition may reach new parties under different privacy frameworks, and users typically have limited ability to prevent this type of transfer.
Your personal data, potentially including family history and account information, is shared with multiple third-party vendors and business partners. The scope of business partner sharing for marketing purposes is broader than operational service provider sharing.
TikTok
· TikTok Privacy Policy
The clause establishes the operational basis for data sharing between TikTok and its commerce-related subsidiaries, conditioning such sharing on compliance with Executive Order 14352 requirements rather than on user consent or opt-in mechanisms.
A corporate transaction could result in your wallet activity data, IP address history, and other personal information being acquired by an entity with entirely different privacy practices, and you may not receive advance notice before this happens.
This clause means your data could end up controlled by a company with different privacy practices without requiring your consent, and the transfer may occur even during diligence before a deal is finalized.
This provision establishes that personal data constitutes a transferable asset in corporate restructuring events. The authorization applies both during negotiation periods and upon transaction completion, meaning data recipients may change without separate user consent if a qualifying business event occurs.
This clause establishes the operational framework governing how user data may be handled during corporate transactions or changes in service provision, clarifying that Personal Information constitutes a transferable asset subject to such events.
Meta
· Meta AI Labeling Policy
This provision establishes a use-limitation principle that confines the permissible scope of platform data use to the application context in which it was obtained, restricting cross-context behavioral profiling and off-platform advertising applications.
The standard applied to de-identification is described only as 'reasonable efforts,' which may not meet the specific technical thresholds required under some state privacy laws; data shared with unaffiliated entities under this provision falls outside the policy's stated non-sale commitment.
The provision establishes a mechanism for data sharing that operates outside the named partner disclosures in the privacy policy, conditioned on the anonymization standard described. The operational significance turns on whether Substack's anonymization process meets the stated threshold of preventing individual re-identification, and whether the universe of 'trusted partners' is defined elsewhere or remains subject to Substack's determination.
While the data is described as de-identified and aggregated, enterprise customers should understand that usage patterns from their organization may contribute to Perplexity's AI model training and product development. The practical effectiveness of de-identification depends on implementation, which the agreement does not detail.
Notion
· Notion Terms of Service
Developers building integrations with Notion are subject to separate terms that may impose restrictions on data access, storage, and use of content retrieved via the API, which affects both the developers and the end users whose data those integrations access.
Spotify
· Spotify Terms and Conditions
The clause establishes the technical permissions necessary for service delivery by allocating device resources to Spotify's operations. It further authorizes the use of those same device resources for advertising delivery by Spotify and designated business partners.