May 19, 2026
Removed privacy commitment statement regarding user control over data collection and sharing
Why it matters: The updated policy no longer includes an opening commitment statement about respecting user privacy and control. While this removal does not necessarily change what data practices Tabnine authorizes or performs, privacy policies serve as the primary disclosure mechanism under GDPR, CCPA, and FTC regulations. Removal of an explicit commitment to user control and privacy respect may affect how regulators and customers perceive Tabnine's stated privacy posture, and it creates a gap between what users may have understood the policy to commit to and what is now written.
Added explicit Data Privacy Framework certifications and opt-out rights for third-party data disclosure and non-authorized uses.
Why it matters: The updated terms establish explicit legal compliance commitments and international transfer mechanisms for personal data from regulated jurisdictions. By certifying DPF compliance and stating that DPF Principles take precedence, Segment provides clearer legal grounding for cross-border data transfers from the EU, UK, and Switzerland to the U.S. The addition of specific opt-out rights for third-party disclosure and non-authorized uses strengthens transparency and user control mechanisms for affected data subjects. Organizations relying on Segment must ensure their own compliance documentation and vendor management accurately reflect these mechanisms.
Expands DPF compliance disclosures and specifies that Data Privacy Framework Principles take precedence over other policy terms.
Why it matters: The updated language clarifies Twilio's legal basis for processing EU, UK, and Swiss personal data in the United States by making explicit its Data Privacy Framework certifications and establishing that DPF Principles take precedence over conflicting policy terms. This affects the validity of data transfers and any organization relying on Twilio for cross-border personal data processing must confirm that this framework aligns with their own data transfer justifications.
Narrows content distribution license to app-only use, adds account verification disclosure, clarifies app deletion does not remove accounts.
Why it matters: The narrowing of Bumble's content distribution rights from the general public to app-only use materially reduces the company's stated contractual authority over user-generated content and may affect third-party content access or licensing. The added verification disclosure provides transparency regarding account security and age compliance procedures, which reflects regulatory pressure around account verification practices and may clarify the lawful basis for collection and processing of verification data.
Updated SoFi Plus billing to monthly cycles and added right to modify fees upon advance notice. Payment authorization now ends on payment method change or cancellation.
Why it matters: The updated terms explicitly authorize SoFi to modify subscription fees and billing intervals upon advance notice, establishing a contractual right to unilateral modification that was not previously stated. This affects pricing predictability for subscribers and may engage state automatic renewal laws that impose specific requirements for how and when subscription modifications can be communicated and implemented. The clarification that payment authorization terminates upon payment method change (not just cancellation) affects how recurring charges are processed and how subscribers can control ongoing billing.
You're seeing a fraction of what's changing.
ConductAtlas monitors 325+ platforms and captures every policy update.
Start tracking — Free
May 16, 2026
Added cookie consent banner and opt-out mechanism for targeted advertising cookies; clarified privacy disclosures on Trust Center
Why it matters: The updated disclosure makes explicit Writer's cookie and tracking practices on its website, establishes an affirmative consent mechanism for visitors, and clarifies opt-out rights for targeted advertising. This reflects evolving regulatory expectations around cookie transparency and user control, particularly under GDPR, CCPA, and similar frameworks.
Removed auto-apply activity from pricing factors; added explicit tax billing obligations and premium feature loss on budget reduction
Why it matters: The updated terms establish explicit tax obligations and calculation procedures that affect the true cost of sponsored ads. Users are now directly responsible for applicable taxes determined by Indeed based on location, and the terms clarify that budget reductions trigger loss of premium features. The removal of auto-apply from pricing factors reduces transparency about what determines ad pricing.
Removes description of 24/7 Meta AI support assistant for account help from AI Labeling Policy
Why it matters: The removal eliminates a public commitment to 24/7 AI-powered support for account-related problems. The updated policy no longer describes this support infrastructure, which may affect user expectations about available help channels and the scope of Meta's stated AI service commitments. Organizations referencing this policy language in their own materials will need to update those references.
May 15, 2026
Adds disclosure of business contact use for marketing outreach and Customer.io data sharing; requires consent for location-based and cross-source marketing analysis.
Why it matters: The updated policy establishes explicit disclosure of a specific marketing vendor (Customer.io) and clarifies the consent framework for marketing uses of personal information, including location-based and cross-source data analysis. This provides greater specificity about third parties receiving data and establishes granular controls over marketing-related uses, which affects how users and downstream organizations must document vendor relationships and consent mechanisms.
Adds GenAI Features section with as-is provision, output verification requirement, and chatbot data restrictions.
Why it matters: The updated terms establish a new liability and verification framework for GenAI functionality that shifts responsibility for output accuracy and verification to users while limiting RapidAPI's liability. Organizations and users relying on GenAI outputs for decision-making, recommendations, or business operations need to understand that these outputs carry no warranty and require independent verification. The explicit data restriction on chatbots also creates a compliance and operational boundary that users and organizations must respect to avoid inadvertent personal data exposure.
Adds FedNow instant payment acceptance with irreversible finality; reserves right to decline transactions for security or compliance.
Why it matters: The updated terms establish new payment finality rules specific to FedNow instant transfers and reserve broad discretionary authority for Wise to block such transactions. Users receiving FedNow payments should understand that such transfers cannot be reversed after completion, creating distinct operational and dispute-handling implications compared to traditional reversible transfers. The discretionary decline authority may also affect payment reliability for users relying on FedNow as an incoming payment method.
Adds USD-to-stablecoin conversion service; clarifies users don't own assets during transfer and bear risk of permanent loss if destination address is incorrect.
Why it matters: The updated terms establish a new service that carries material financial risk if users specify incorrect blockchain addresses or incompatible networks, resulting in permanent, irreversible loss of funds. The language explicitly disclaims user ownership during the transfer and places sole responsibility on the user to verify all transaction details before initiation, which is operationally significant because blockchain transactions, once confirmed, cannot be undone by the platform.
Permits transfers of Secured USDC to third parties without user consent when designated as Coinbase One Card security deposits.
Why it matters: The revised terms establish a new contractual framework that separates operational control of designated assets from user ownership. By agreeing to use Secured USDC, you authorize Coinbase to transfer those funds to a third party and to prioritize that party's instructions over yours. This shifts the traditional custodial model where the asset holder controls withdrawal and transfer instructions, and may engage regulatory frameworks governing custody, lending, and consumer protection depending on how the feature is implemented and whether it involves credit extension.
You're seeing a fraction of what's changing.
ConductAtlas monitors 325+ platforms and captures every policy update.
Start tracking — Free
Removed disclosure that user AI interactions are used to improve Meta's AI systems; consolidated agreement references to unified Meta Terms.
Why it matters: The removal of explicit disclosure about AI training data use reduces transparency about how Meta processes user interactions with its AI assistant. The updated terms consolidate agreement references but remove a specific practice disclosure. For regulators and privacy officers evaluating transparency compliance, the absence of this previously stated disclosure may warrant confirmation that the practice is disclosed elsewhere or has changed.
May 14, 2026
Adds disclosure that Meta AI interactions will be used to improve AI systems and introduces 24/7 AI support for account recovery.
Why it matters: The updated policy establishes that Meta retains and uses conversations with its AI assistant to train and improve its AI systems. This changes the data retention and reuse implications of using Meta AI for support or other purposes; users should understand that their AI conversations are not ephemeral but may inform future AI model development.
Removed cookie consent language and choice buttons from privacy policy disclosure
Why it matters: The removal of cookie purpose disclosure and choice mechanisms from the privacy policy may breach transparency and consent obligations under GDPR Article 13, CCPA, and UK PECR, which require services to clearly disclose the purposes of tracking cookies and provide users with accessible choice before those cookies are placed. The updated policy now discloses only that essential cookies are used to make Canva work, without explaining non-essential cookie purposes or providing a documented choice mechanism. If these disclosures and controls have not been relocated to another accessible, publicly available document, the privacy policy may no longer satisfy legal requirements to inform users about the scope and purpose of cookie tracking.
Added UK Creator Program terms granting Whatnot one-year licensing rights to submitted content in exchange for cash, credits, or advertising support
Why it matters: The updated terms establish the first documented Creator Program for UK users with explicit licensing and payment procedures, creating a formal framework for Whatnot to collect and commercialize user-generated content. The one-year global licensing scope, including rights to edit and create derivative works, is broad relative to typical creator compensation programs and may warrant review to confirm adequate creator consent and UK GDPR compliance.
Adds UK Creator Program Content Consent and Licence Terms establishing content submission, licensing, and payment framework for creators.
Why it matters: The updated terms establish a formal, binding content licensing framework for UK creators, granting Whatnot global promotional and derivative rights over submitted content for one-year periods. The framework clarifies creator compensation pathways (cash payments, shopping credit, advertising support) while explicitly reserving Whatnot's right to unilaterally change reward structures, selection criteria, and program eligibility, creating operational transparency for UK creators about what content rights they license and what payment conditions apply.
Removes cost-sharing for arbitration; now Ancestry covers JAMS and mediation fees for non-frivolous claims and deletes AAA fallback procedures.
Why it matters: The revised terms lower the direct cost for consumers initiating arbitration against Ancestry and establish clearer responsibility for dispute-resolution expenses, potentially increasing arbitration accessibility. The removal of the AAA fallback procedure narrows the stated mechanisms for handling mass disputes, creating less procedural certainty in scenarios involving multiple coordinated claims.
You're seeing a fraction of what's changing.
ConductAtlas monitors 325+ platforms and captures every policy update.
Start tracking — Free
Adds explicit disclosure of pixel tracking and advertising partner data sharing; shifts to default-consent model requiring active opt-out.
Why it matters: The updated notice shifts from describing tracking practices in general terms to explicitly naming tracking methods (cookies, pixels, other technologies) and data-sharing partners (social media, advertising, analytics), while establishing that continued use constitutes agreement unless users actively decline. This change affects the transparency and consent mechanics users operate under, and reflects how SoFi's data handling practices integrate with third-party marketing and analytics ecosystems.
Updated privacy rights language to explicitly enumerate access, deletion, correction, and anti-retaliation protections subject to applicable exceptions and jurisdiction
Why it matters: The updated policy establishes explicit, detailed notice of four substantive privacy rights that apply depending on jurisdiction and subject to applicable exceptions. This clarification reduces ambiguity about what protections the policy recognizes and aligns with transparency requirements under GDPR, CCPA, and similar frameworks. Organizations relying on OpenAI's stated privacy rights in their own compliance programs can now reference more specific language.
May 13, 2026
Removed geographic service access restriction previously set for September 1, 2025
Why it matters: The removal of the geographic service restriction eliminates explicit contractual language that previously established a specific date and condition under which W&B would restrict service availability. The absence of this statement affects how users and organizational partners understand their contractual rights to ongoing service access in different regions, though the practical availability of services in any location may continue to depend on regulatory compliance, data residency, or technical constraints not explicitly stated in the updated terms.
Clarified permitted/prohibited service uses, added photo face-grouping consent requirement, SMS messaging references, and reorganized brand coverage structure.
Why it matters: The updated statement consolidates privacy coverage across Ancestry and Related Brands (Fold3, Newspapers.com, Archives, We Remember, Forces War Records, Find a Grave) under a unified framework while clarifying what service uses are permitted and prohibited. This restructuring affects how personal information processing is disclosed and may change how users understand the scope of Ancestry's authority across its subsidiary services. The addition of explicit photo face-grouping consent and SMS messaging channels establishes new user control mechanisms for specific features, while the removal of uploaded DNA data language from the account creation section narrows transparency about genetic data processing at that key disclosure point.
May 12, 2026
Removed disclosure that user interactions with Meta AI support assistant improve Meta's AI systems.
Why it matters: The updated policy removes explicit disclosure that user interactions with Meta's AI support assistant contribute to AI training and improvement. This affects operational transparency: users no longer have a clear, policy-level statement of how their support interactions may be used, which may conflict with transparency obligations under GDPR, CCPA, and FTC standards for disclosing data uses.
Meta offered rival AI chatbots one month of free access to WhatsApp while negotiating with EU regulators. This follows an outright ban on third-party AI chatbots in January, a paid-access reversal in March, and now free temporary access under Digital Markets Act enforcement pressure.
Why it matters: This is a direct example of regulatory enforcement changing platform governance in real time. The Digital Markets Act is forcing Meta to reverse its own platform policies. For WhatsApp users, this determines whether you can choose which AI assistant you use within the app or are locked into Meta AI. The outcome of EU negotiations will set precedent for whether dominant platforms can restrict AI competition on messaging services used by over 2 billion people.
May 11, 2026
Adds Claude Platform on AWS with data processing by Anthropic outside AWS infrastructure; new section 50.16 establishes terms including cross-border data transfer to Anthropic.
Why it matters: The updated terms establish a new service model where content provided to Claude Platform is processed outside AWS by Anthropic, a separate entity. This creates a multi-party data flow that organizations must account for in their vendor management, privacy notices, and data processing agreements. For organizations serving customers, this change may require disclosure updates and subprocessor authorization confirmation.
Removed granular data sharing disclosures; replaced with single login-based Privacy Settings update instruction.
Why it matters: The revised policy removes explicit, line-by-line disclosure of data sharing practices for key business purposes. Under the Gramm-Leach-Bliley Act, financial institutions must affirmatively disclose whether they share nonpublic personal information with nonaffiliated third parties and must provide consumers with the ability to opt out. Replacing itemized disclosures with a generic instruction to update account settings may not satisfy that statutory requirement, potentially exposing Chime to regulatory challenge or enforcement action by federal banking regulators or the FTC.
Adds explicit disclosure of advertiser data collection and ad personalization for Free and Go users; provides account-level control mechanism.
Why it matters: The updated policy establishes explicit disclosure of a data practice that was previously implied but not directly stated. Free and Go users now have transparent notice that advertiser-provided purchase data is collected and used to personalize ads, and OpenAI provides a mechanism to control this practice through account settings. This increases disclosure completeness and user control authority.
Adds voice transcription disclosure and expands AI personalization descriptions in privacy notice
Why it matters: The updated terms establish explicit disclosure of voice transcription capabilities and clarify the scope of third-party and AI-driven data processing. The expanded language around voice-enabled communications and AI personalization features affects how personal learning data, communications, and interaction history are processed. These clarifications have operational significance for organizations using Coursera in regulated environments, as they may require corresponding updates to vendor assessments and downstream privacy notices.
Updated daily. New changes added as detected.