This provision establishes the data categories obtained through GitHub SSO authentication and the basis on which Supabase accesses third-party identity data. The scope of data received is determined by the authorization procedures of the SSO provider, not solely by Supabase.
SSO authentication means Supabase receives profile data from your third-party accounts (such as GitHub) as part of login, and users should be aware of what data is shared during that authentication flow.
OpenAI
· OpenAI Enterprise Privacy
SOC 2 Type 2 certification is a commonly required vendor security assurance standard in enterprise procurement and is relevant to due diligence under GDPR Article 32 (appropriate technical and organizational measures) and HIPAA security rule requirements. Enterprise customers may request OpenAI's SOC 2 report as part of their vendor risk assessment.
OpenAI
· OpenAI Enterprise Privacy
SOC 2 Type 2 certification provides enterprise customers with third-party verification that OpenAI's security controls have been tested over a defined period, which is commonly required in vendor security assessments and procurement processes.
Cursor
· Cursor Security Practices
The SOC 2 Type II attestation provides independent third-party validation of Cursor's security controls, which is a material input for enterprise vendor risk assessments and procurement decisions.
Shopify
· Shopify Acceptable Use Policy
Merchants using Shopify's email marketing or customer communication tools must comply with anti-spam laws in all applicable jurisdictions, and violations can result in both regulatory enforcement and AUP-based account action.
Zillow
· Zillow Privacy Notice
This provision operationalizes Zillow's compliance with CCPA/CPRA and analogous state privacy statutes by establishing the rights framework, request process, and response obligations applicable to covered residents.
Cursor
· Cursor Security Practices
The subprocessor list and annual review commitment are operationally significant for enterprise customers who need to track third-party data flows for GDPR Article 28 compliance or internal vendor risk programs.
This provision establishes that a minor user can initiate disconnection of parental oversight access, subject to parent confirmation via email. The confirmation requirement means a parent receives notice before access is terminated, but the initiation of revocation remains with the teen, which may be relevant to regulatory and institutional assessments of the robustness of the parental oversight mechanism.
Cursor
· Cursor Data Use & Privacy Overview
The provision describes the operational infrastructure for file handling and establishes limitations on data retention and use. By specifying temporary caching with client-controlled encryption and exclusion from training datasets under privacy mode, the clause defines the scope of server-side data processing.
Cursor
· Cursor Data Use & Privacy Overview
This provision describes a temporary server-side file caching mechanism with a client-generated encryption model, and conditionally states that cached content is not used as training data, but only when Privacy Mode is enabled.
A change in corporate ownership could result in your personal data, including your Claude conversation history, being controlled by a new entity with potentially different privacy practices.
Ford
· Ford Privacy Policy
When you click links to dealer websites, financing partners, or connected app integrations from Ford's platforms, your data practices are governed by those third parties' policies rather than Ford's.
The policy states that third-party login integrations provide Duolingo with access to data held by platforms such as Google, Facebook, and Apple, which may include data beyond what a user would provide directly during registration.
This provision establishes Amplitude's sub-processor and vendor data sharing framework and the contractual limitation imposed on third-party service providers. The inclusion of data enrichment services as a permitted category may create downstream data use considerations relevant to GDPR's purpose limitation principle and CCPA's service provider requirements.
Tinder
· Tinder Privacy Policy
Linking third-party accounts creates a data flow from those platforms to Tinder that users may not fully anticipate, potentially importing more information than users intend to share with a dating app.
When Instacart links to retailer websites, partner sites, or other external platforms, the privacy practices of those sites are governed by their own policies rather than by Instacart's, meaning data collected at those destinations is outside the scope of this policy.
Zelle
· Zelle Privacy Policy
Clicking links from the Zelle website to third-party sites means you leave the protection of this privacy notice, and those sites may have different, potentially less protective data practices.
This disclaimer means Anyscale takes no responsibility for data practices on linked third-party sites, so users should review those sites' privacy policies separately before sharing any personal information.
Transparency and explainability commitments describe what information Microsoft states it will provide about AI system behavior, which is relevant to consumers and enterprises seeking to understand or challenge AI-generated outputs.
Uber
· Uber Privacy Notice
This provision identifies the operational data-sharing structure under which personal data including home or work addresses, order preferences, and identity information passes from Uber to independent contractor drivers and third-party merchant partners who operate outside Uber's direct employment or data governance structure.
23andMe
· 23andMe Privacy Statement
Given the sensitivity of genetic and health data held in 23andMe accounts, the policy states that two-factor authentication is applied as a baseline security control, which reduces the risk of unauthorized account access.
This provision establishes that material changes to Anyscale's data processing disclosures may take effect upon posting without a guaranteed direct notification mechanism. Under GDPR, material changes to processing activities may require re-notification to data subjects and, where consent is the legal basis, renewed consent.
The policy authorizes unrestricted use and sharing of aggregated or de-identified data; the practical privacy implications depend on the robustness of the de-identification process, which the policy does not detail.
Brex
· Brex Privacy Policy
Using financial behavior and usage data for marketing and analytics purposes means your transaction patterns and platform activity may influence commercial communications you receive from Brex and potentially its partners.
This provision establishes the marketing communication opt-out mechanism and clarifies that transactional communications continue after opt-out, which is relevant for CAN-SPAM compliance in the US and ePrivacy Directive requirements in the EU for email marketing.
Acorns
· Acorns Privacy Policy
The authorization to use personal information for promotional communications and personalization, in the context of a financial services platform, engages both GLBA's marketing restrictions and CCPA's provisions on using data for targeted advertising, and may interact with CAN-SPAM and TCPA requirements depending on the communication channel used.
DeepL
· DeepL Privacy Policy
When your data is shared with subprocessors, the security and privacy practices of those third parties become relevant to how well your data is protected, even if they are contractually bound.
DeepL
· DeepL Terms and Conditions
This provision directly addresses AI training data practices for paid subscribers, establishing that submitted content is excluded from model training use. This distinction is operationally significant for organizations submitting confidential, proprietary, or personally identifiable content through the service.
Ring
· Ring Privacy Notice
This provision establishes that Ring offers user-facing controls over video and data access, which is relevant to both privacy protection and the exercise of data subject rights under laws like GDPR and CCPA.