A corporate transaction could result in your sensitive health and pharmacy data being controlled by a different company with different privacy practices, and the policy does not commit to providing advance notice or consent for such transfers.
The policy authorizes transfer of all personal information, including AI trace data and account details, to a successor entity in a business transaction, which may result in your data being controlled by a different company with potentially different privacy practices.
A change in ownership could mean your data, including sensitive conversations, is transferred to a company with different privacy practices, even if you originally consented to Inflection AI's terms.
This provision anchors the policy within federal statutory authority, establishing that the collection of personally identifiable information operates under Section 631 of the Cable Act rather than solely under the company's discretionary authority. The definitional framework distinguishes between identifying and non-identifying data categories, which determines what information falls within the scope of Cable Act protections and restrictions.
Calendar content can include highly sensitive professional and personal information, such as medical appointment titles, confidential meeting descriptions, or client names, and this data is processed by Calendly's systems.
This provision establishes an opt-out mechanism for advertising and tracking data uses for California residents, and discloses that tracking tools are used for personalized advertising purposes, a data use category that may engage CCPA opt-out rights and California Privacy Rights Act provisions.
California residents have stronger legal rights than users in most other US states, including the ability to stop Nextdoor from sharing their data with advertising partners.
Upwork
· Upwork Privacy Policy
This clause operationalizes statutory data subject rights under CCPA and GDPR by establishing Upwork's procedural obligation to receive, evaluate, and act upon user requests according to the applicable legal frameworks governing each jurisdiction.
Gusto
· Gusto Privacy Policy
The provision operationalizes Gusto's compliance obligations under state privacy regimes, establishing the legal framework governing data collection, processing, retention, and user access/deletion/opt-out rights. This determines the substantive privacy protections and consumer controls available under the service agreement.
Target
· Target Privacy Policy
This provision establishes Target's stated compliance posture under CCPA/CPRA and analogous multi-state privacy frameworks; it creates operational obligations including response timelines, non-discrimination requirements, and appeal procedures that must be implemented and auditable to satisfy regulatory expectations.
OpenAI
· OpenAI Privacy Policy
This provision identifies the specific state-law rights available to users in California, Virginia, Colorado, Connecticut, and Texas, and directs users to a single privacy request portal to exercise them, which is operationally significant for users wishing to control how their data is used.
Target
· Target Privacy Policy
This provision confirms that consumers in covered states have a legally enforceable right to opt out of a significant portion of Target's data sharing for advertising purposes, and it provides a clear mechanism to exercise that right.
This provision establishes OpenAI's acknowledgment of California privacy statutes and the consumer rights those statutes create. The clause operationalizes the company's compliance framework for residents subject to CCPA and CPRA requirements.
Garmin
· Garmin Privacy Statement
These rights under California law are among the strongest consumer data rights in the U.S. and cover the full range of sensitive data Garmin collects including health metrics, precise location, and financial information.
California residents have enforceable statutory rights to access and delete their personal data held by Progressive, rights that do not currently exist for most consumers in other US states, making this one of the most practically significant provisions in the policy for California users.
This provision acknowledges and codifies Peloton's obligation to honor California statutory privacy rights without requiring affirmative consumer action to establish eligibility. The clause confirms Peloton's operational compliance framework with state-mandated consumer data controls.
This provision describes the statutory rights available to California residents under CCPA and CPRA and establishes the mechanisms through which those rights may be exercised. The non-discrimination right is operationally significant because it prohibits Audible from denying service or providing a degraded service to users who exercise privacy rights.
These rights are legally enforceable under California law and give California residents meaningful control over how Cerebras handles their personal data, including the ability to stop data sharing for advertising or other purposes.
Twilio
· Twilio Privacy Notice
The clause establishes Twilio's acknowledgment of California statutory consumer privacy rights and operationally commits the entity to providing mechanisms through which California residents may exercise these access, deletion, correction, and opt-out rights.
This provision operationalizes California statutory privacy rights by confirming the company's obligation to honor consumer requests to restrict sales and sharing activities and by specifying the mechanism through which users access and exercise these rights under state law.
Roblox
· Roblox Privacy and Cookie Policy
The clause creates a reference mechanism that incorporates state-specific privacy obligations into Roblox's primary privacy policy, ensuring compliance with jurisdiction-specific requirements under state privacy statutes.
Square
· Square Privacy Notice
This provision establishes the operational framework through which California residents can exercise statutory privacy rights under the CCPA/CPRA. It defines the scope of individual rights available to a specific jurisdiction and creates corresponding obligations for Square to honor such requests.
The provision operationalizes CCPA/CPRA statutory rights by specifying the company's data practices and establishing mechanisms for residents to exercise access, opt-out, and limitation rights. This structure defines the scope of personal information handling and creates procedural pathways for rights exercise aligned with California privacy law requirements.
The opt-out right for sale or sharing of personal information is particularly relevant given Ideogram's use of analytics and advertising-related third-party services, which may constitute sharing under CPRA.
The clause operationalizes statutory privacy rights under CCPA/CPRA by explicitly acknowledging user entitlements to data access, correction, and deletion. This establishes the procedural framework through which users can exercise legally mandated consumer privacy protections.
This clause establishes Tabnine's obligation to honor California statutory privacy rights as codified in state law. The provision clarifies that CCPA/CPRA protections apply to the service agreement and establishes the legal framework governing data subject access and deletion requests.
This clause operationalizes Bank of America's CCPA compliance obligations by defining permissible information-sharing categories and restricting external disclosure. It establishes the bank's consent-based sharing model and creates a framework for limiting affiliate data exchange consistent with California statutory requirements.
The clause establishes the operational procedure through which Dropbox implements California Consumer Privacy Act (CCPA) data access and deletion rights, specifying the submission channels that trigger Dropbox's obligation to respond to such requests.
The clause implements statutory rights under the California Consumer Privacy Act and creates an operational obligation for Wealthfront to process and respond to disclosure and deletion requests within the procedural framework established by CCPA requirements.
ADP
· ADP Privacy Statement
This provision identifies a jurisdiction-specific supplement that governs California residents' data rights, which is operationally significant because CPRA rights including the right to opt out of sale or sharing for targeted advertising apply to ADP's data controller activities and are governed by the California notice rather than the global policy.