GitHub
· GitHub Privacy Statement
The policy authorizes use of user data for AI product development, which may include training or improving machine learning models; the full scope of this use is not entirely defined within this document and requires review of separate product terms.
AI trace data submitted to LangSmith may contain sensitive business information, proprietary logic, or personal data embedded in prompts and completions, and the policy states this data is collected and stored by LangChain as part of the service.
The policy authorizes use of user-submitted content for AI model training, which means inputs to NVIDIA AI services could contribute to model development; the scope of data retained after opt-out is not fully specified in the policy.
Shein
· Shein Privacy Policy
The deployment of an alpha-stage SDK in production environments establishes the technical mechanism through which Shein's privacy-related data handling operations execute client-side. The preload directive prioritizes this script's loading sequence, indicating it operates as a core functional component of the service architecture.
Ancestry
· Ancestry Terms and Conditions
Genetic data is among the most sensitive personal information a person can share, and the layered consent structure, where core terms reference but do not fully replicate the AncestryDNA-specific terms, means users must navigate multiple documents to understand the full scope of how their DNA data may be used or shared.
OpenAI
· GPT-4o System Card (PDF)
The document discloses that these capabilities exist within the model's audio processing architecture and that restrictions were applied prior to release, meaning the risk surface is present and mitigated rather than absent, which is relevant for operators building voice-enabled applications.
Ford
· Ford Privacy Policy
This provision discloses collection of biometric identifiers and biometric information, which are subject to heightened regulatory requirements under statutes such as the Illinois Biometric Information Privacy Act, Texas biometric privacy law, and Washington state biometric law, as well as classification as sensitive personal information under CPRA.
This clause is operationally significant because it attempts to use acceptance of the privacy notice as a blanket authorization for financial institutions and government organizations to disclose user data to DraftKings. The actual enforceability of this authorization against financial institutions may be constrained by GLBA, applicable state financial privacy laws, and the independent consent frameworks those institutions operate under.
Uber
· Uber Privacy Notice
Automated deactivation decisions directly affect a driver's ability to earn income through the platform, and under GDPR Article 22 drivers in the EU may have the right to request human review of solely automated decisions that significantly affect them.
Automated credit and fraud decisions can directly affect your access to financial products, and you have the legal right to request that a human reviews any decision that significantly affects you.
Klarna
· Klarna Privacy Policy
An automated system rather than a person may determine whether you can access Klarna's payment services, and an incorrect automated decision could deny you access without obvious recourse unless you know to request human review.
Automated decisions in financial services can affect whether you are approved for credit, flagged for fraud, or restricted from certain products, and consumers should understand they may have rights to request human review or challenge these decisions.
Stash
· Stash Privacy Policy
Collection of bank login credentials is associated with account aggregation services that access your external financial accounts on your behalf; this practice involves significant security considerations and may be subject to regulatory scrutiny regarding data access standards and consumer protection.
Roblox
· Roblox Privacy and Cookie Policy
This provision authorizes third-party advertising partners to collect your behavioral and activity data across platforms using tracking technologies, which under California law constitutes 'sharing' personal information and triggers opt-out rights.
Your browsing behavior, event interests, and personal identifiers may be shared with advertising partners for targeted advertising, and exercising the opt-out requires affirmative action by the user.
Roblox
· Roblox Privacy Policy
The policy authorizes behavioral advertising directed at users as young as 13, which engages a rapidly evolving set of state-level minor privacy laws; the lawfulness of this practice depends on jurisdiction and applicable regulatory guidance.
Netflix
· Netflix Privacy Statement
This provision authorizes Netflix to incorporate behavioral profiles built from your activity on unaffiliated third-party services into its advertising targeting, meaning Netflix ads may reflect your browsing and purchase activity outside of Netflix.
Session replay technology can capture detailed behavioral data including mouse movements, clicks, and potentially form field interactions, which goes beyond standard analytics; the presence of Facebook tracking also means browsing behavior may be shared with Meta for advertising purposes.
Selfie-based age estimation involves the processing of facial image data, which may qualify as biometric data under certain state laws such as Illinois BIPA, creating significant legal and consent obligations that the policy does not explicitly address.
Biometric data is among the most sensitive personal information that can be collected because it is permanent and uniquely identifies you. Collection at physical venues like theme parks means this applies even to users who primarily think of themselves as streaming subscribers.
Whoop
· Whoop Terms of Use
Biometric and physiological health data is among the most sensitive categories of personal information and, once collected, cannot be changed if misused; understanding how WHOOP uses and shares this data is critical for any user.
Bumble
· Bumble Privacy Policy
Biometric data is among the most sensitive personal information category under both GDPR and multiple US state laws, and its collection by a consumer dating app creates significant legal exposure and personal privacy risk.
Biometric data such as facial scans or fingerprints is highly sensitive because, unlike passwords or account numbers, it cannot be changed if compromised, making its collection and protection particularly significant.
Airbnb
· Airbnb Privacy Policy
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised; its collection is regulated by specific laws in several US states and under GDPR.
Lyft
· Lyft Privacy Policy
Biometric identifiers are unique and permanent; their collection and potential misuse carry significant privacy risks, and laws like Illinois BIPA impose strict requirements including written consent and data retention schedules before any biometric data may be collected.
The collection of biometric data including facial scans is subject to specific state laws such as Illinois BIPA, which impose written consent, retention schedule, and prohibition-on-sale requirements that go beyond a general privacy notice disclosure.
Biometric data such as facial recognition scans or fingerprints is among the most sensitive categories of personal information and is subject to strict state-level legal protections in Illinois, Texas, and Washington, among others. The policy discloses this collection but does not specify the retention schedule, the third-party processors involved, or the precise consent mechanism employed.
PayPal
· PayPal Privacy Statement
The provision identifies a broad list of use cases for biometric data collection beyond basic login, including cryptocurrency transfers and lifting account limitations, which means biometric data may be collected across multiple account interactions rather than a single enrollment event.
Adobe
· Adobe Privacy Policy
Biometric data like faceprints is sensitive and largely irreplaceable if misused. Users in states like Illinois have strong legal protections for this data that may exceed what this policy describes, and the carve-out 'unless otherwise specified in the Software or Services' creates some ambiguity about data deletion timelines.
Biometric data is among the most sensitive categories of personal information because it is permanent and cannot be changed if compromised, making the circumstances and scope of its collection particularly important to understand.