343 Entities monitored
808 Documents tracked
275 Changes detected
Showing the most important changes (medium + high severity) — Show all changes including minor updates
July 3, 2026
StockX
StockX Terms of Use
medium
Expanded liability for automated agents and bots accessing accounts; users now responsible for all actions by electronic agents operating on their behalf.
Why it matters: The updated terms explicitly state that you are responsible for all actions taken by automated agents, bots, and APIs accessing your account on your behalf. This creates direct liability exposure for anyone using automation or buy-for-me services. The removal of regional term overrides consolidates enforcement under a single global framework, eliminating previously available carve-outs in the UK, EU, Japan, and South Korea, which may affect dispute resolution, liability limitations, or data processing protections that were previously region-specific.
Coursera
Coursera Terms of Use
medium
Adds content-access threshold as refund denial ground: Coursera now may deny refunds if significant portion of course was accessed before refund request submitted.
Why it matters: The updated terms establish a new operational basis for refund eligibility tied to course content access. Learners who begin engaging with course materials before requesting refunds may find themselves ineligible, regardless of other circumstances, which affects the practical timeline and conditions under which refunds are available. Organizations that allocate Coursera courses to employees or learners should account for this new access-based threshold when setting expectations around refund availability.
Indeed
Indeed Terms of Service
medium
Adds AI application drafting feature with job seeker review responsibility; removes voluntary bot-verification process.
Why it matters: The updated terms establish a new AI-assisted application feature that may affect the quality and customization of job applications submitted by job seekers. The explicit disclosure that job seekers must review and approve AI-drafted content clarifies responsibility for accuracy and appropriateness, which is operationally significant because job application quality directly affects hiring outcomes. The removal of the bot-verification disclosure indicates that program is no longer available as an option for certain job seekers.
July 2, 2026
Comcast
Comcast Terms of Service
medium
Added prohibition on AI Agents accessing Comcast services without express permission, including data mining, scraping, and automated interactions.
Why it matters: The updated terms establish a contractual obligation requiring express permission before deploying AI Agents on Comcast services, which affects any user, developer, or business using automation tools, bots, APIs, or scraping workflows to interact with Comcast infrastructure. The definition is broad enough to cover common automation practices, making this operationally significant for organizations relying on automated integrations.
HubSpot
HubSpot Privacy Policy
medium
Adds explicit disclosure of email engagement tracking; removes prior data removal process language
Why it matters: The updated policy formalizes email engagement tracking as an explicit data collection practice, which affects how HubSpot customers' email campaigns are monitored and how email recipient data is processed. Simultaneously, the removal of the data removal process language eliminates a stated user pathway for requesting data deletion, which may create ambiguity about compliance with GDPR erasure rights and CCPA/CPRA deletion rights unless HubSpot has provided an alternative mechanism.
HubSpot
HubSpot Terms of Service
medium
Updated AI governance language to disclose AI as foundational to platform; added explicit opt-out mechanism for AI model training.
Why it matters: The updated terms establish explicit disclosure and authorization for AI model training on customer data, a material shift from prior language that addressed data use only in general terms. This formalization of AI practices may require organizations using HubSpot to update their own privacy notices, data processing agreements, and internal AI governance policies, particularly in jurisdictions with emerging AI-specific regulatory frameworks such as the EU AI Act.
July 1, 2026
Unity
Unity Terms of Service
medium
Requires prior authorization to train AI models on Unity data; restricts automated access through scrapers, bots, and AI agents.
Why it matters: The updated terms establish binding restrictions on a common and growing use case: training AI models on platform data. By requiring prior authorization, Unity now gates a development practice that was previously unaddressed in its terms, meaning organizations that plan to use Unity data for AI training must now explicitly request permission before proceeding. This also reflects a broader industry trend of platforms establishing control over AI training on their data and services, which affects how development teams integrate with third-party platforms.
Windsurf
Windsurf Terms of Service
medium
Rebrands service to Cognition Platform and clarifies new company ownership; prior terms govern for 30 days from posting.
Why it matters: The updated terms establish a formal transition structure for a corporate rebranding and ownership change. Users have 30 days to review and decide whether to accept the new Cognition Platform terms; after that period, continued use constitutes binding acceptance. Organizations that depend on the service should confirm that the shift from Exafunction to Cognition does not materially alter data processing terms, service level agreements, or compliance obligations.
DraftKings
DraftKings Terms of Use
medium
Adds VPN prohibition, authorizes cross-platform fund transfers, and clarifies terms apply to daily fantasy contests only, not other DraftKings services.
Why it matters: The updated terms operationally restrict how users can access the platform (VPN prohibition), change age eligibility requirements for two states (adding Illinois, removing Virginia grandfather), and establish that DraftKings can move user funds across its multiple business lines without explicit per-transaction authorization. These changes affect account access enforcement, user eligibility, and fund custody practices.
Google Gemini
Gemini Apps Privacy Notice
medium
Adds disclosure of third-party service data collection and security warning for connected apps; clarifies temporary chat option.
Why it matters: The updated privacy notice expands disclosure of how data flows through third-party integrations and explicitly warns of security risks associated with custom app connections. These changes materially affect user understanding of data exposure and control, particularly for users who connect external tools or services to Gemini, and may influence vendor risk assessment for organizations incorporating Gemini into their technology stacks.
MetaMask
MetaMask Terms of Use
medium
Adds statutory consumer protection rights carve-out for UK/EU/EEA users; clarifies mUSD as third-party asset; replaces privacy policy language with privacy notice terminology.
Why it matters: The updated terms establish explicit recognition that statutory consumer protection laws in UK, EU, and EEA jurisdictions cannot be overridden by the agreement, clarifying the legal hierarchy for users in those regions. The mUSD clarification operationally establishes that Consensys is not the issuer or administrator of that asset, limiting Consensys' liability for mUSD-related losses or service failures.

You're seeing a fraction of what's changing.

ConductAtlas monitors 343+ platforms and captures every policy update.

Start tracking — Free
June 30, 2026
AWS Bedrock
AWS Service Terms
medium
Added formal framework for AWS Bedrock free exploration services, establishing customer responsibility for deployment and AWS rights to reuse content.
Why it matters: The updated terms establish for the first time a binding contractual framework governing AWS Bedrock's free exploration services, shifting these offerings from informal arrangements to formal terms with explicit responsibility allocations. The terms authorize AWS to discontinue these services without notice and to develop competing products based on customer work, while placing sole responsibility for legal compliance, testing, and production deployment on customers. This clarifies operational boundaries but introduces discontinuation risk for organizations relying on free consulting availability.
Weights & Biases
Weights & Biases Terms of Service
medium
Removed provision allowing signed customer agreements to supersede master service agreement
Why it matters: The removal of explicit supersession language eliminates contractual clarity about which governing document takes precedence when a customer has both a signed agreement and posted master terms. For customers with pre-existing written agreements, this change creates potential ambiguity that may require review to confirm their agreements remain binding and enforceable absent explicit master-terms recognition.
Coursera
Coursera Terms of Use
medium
Added requirement that subscription refunds must be requested separately; no refunds on renewal charges; cancellation stops future billing but doesn't auto-refund.
Why it matters: The updated terms establish that refund eligibility is no longer automatic upon cancellation and that annual renewal charges are entirely non-refundable. This modifies the practical process for obtaining a refund and limits refund eligibility for recurring charges, which may affect budget planning for individuals and organizations that use Coursera subscriptions.
June 26, 2026
Mercury
Mercury Terms of Service
medium
Adds autopay terms: auto-cancellation after 2 consecutive failures, no payment re-attempts, limited liability.
Why it matters: The updated terms establish new operational procedures for autopay failure handling that directly affect revenue collection reliability for subscription and recurring billing businesses. Organizations relying on Mercury for recurring payments must understand that authorizations will auto-terminate after 2 consecutive failures and will not be re-attempted by Mercury except once for Mercury-caused system delays, requiring manual re-enrollment or collections for failed series.
Threads
Threads Terms of Use
medium
Removed disclosure that user-AI interactions improve Meta AI; cut account recovery help options.
Why it matters: The updated help section no longer discloses that user-AI interactions are used to improve Meta's AI systems. Under regulations like GDPR and the EU AI Act, transparency about data processing for AI training is required; removal of this disclosure from a user-facing help section may create compliance gaps if equivalent notice does not appear in Threads' privacy policy or other binding terms. The removal also simplifies the help section and reduces guidance on account recovery options, though these may be documented elsewhere.
June 24, 2026
Whatnot
Whatnot Legal Terms
high
Influencer Agreement shifted from California court litigation to mandatory arbitration under main Terms of Service
Why it matters: The updated terms establish mandatory arbitration as the exclusive dispute resolution mechanism for influencers, removing the ability to pursue claims through California courts or jury trials. This fundamentally changes the procedural framework and forum for resolving disagreements between influencers and Whatnot, consolidating dispute handling under the platform's main Terms of Service rather than terms specific to the influencer relationship.
Whatnot
Whatnot Terms of Service
high
Requires mandatory arbitration for all influencer disputes; removes court venue; incorporates class action waiver from main Terms of Service.
Why it matters: The updated terms eliminate influencers' ability to pursue disputes in court and require all disagreements with Whatnot to proceed through arbitration with a class action waiver. This materially changes the dispute resolution mechanism available to creators and reduces their practical remedies in cases involving payment disputes, account termination, or contract interpretation.
Google Maps
Google Maps Platform Terms of Service
medium
Broadened definition of 'High Risk Activities' to encompass any use where service failure could cause death, injury, or environmental/property damage, including weaponry.
Why it matters: The updated terms shift how Google classifies and restricts certain application categories. Developers can no longer rely on the prior enumerated list to determine whether their applications fall under high-risk restrictions; they must now evaluate their use cases against a broader principle-based standard. This change affects compliance assessment, contract terms, and indemnification obligations for organizations embedding Google Maps into autonomous systems, emergency services, defense, or similar mission-critical applications.
June 23, 2026
Windsurf
Windsurf Security & Data Handling
medium
Added formal security disclosures including SOC 2 Type II certification, MFA requirements, production access controls, and vulnerability program.
Why it matters: The updated document establishes formal security commitments previously absent from public Windsurf documentation. By disclosing SOC 2 Type II certification, encryption practices, access controls, and employee security requirements, Windsurf creates a documented baseline against which procurement teams and compliance officers can evaluate the platform's data protection measures. This materialization of security practices may reduce vendor assessment friction for organizations subject to GDPR, CCPA, or internal data protection governance.
Eventbrite
Eventbrite Privacy Policy
medium
Adds formal data protection complaint procedures and regulatory escalation rights for UK users and all applicable jurisdictions
Why it matters: The updated terms establish clear procedural pathways for users to file data protection complaints and explicitly confirm rights to escalate to regulatory authorities. This clarifies dispute resolution procedures and regulatory recourse that apply under UK and EU data protection law, potentially reducing ambiguity around how Eventbrite handles privacy complaints.
June 22, 2026
WhatsApp
WhatsApp Privacy Policy
medium
Softens commitment against ads in Status and Channels by adding 'if we ever do' condition and updates contact form URL.
Why it matters: The updated language reserves WhatsApp's operational flexibility to introduce ad formats in Status and Channels in the future, conditional only on updating the privacy policy. This revision weakens the prior unconditional commitment and may be material in jurisdictions where consumer reliance on WhatsApp's ad-free status affects the service's competitive positioning or regulatory treatment.
June 21, 2026
Ancestry
Ancestry Privacy Statement
medium
Removed 'Do Not Sell or Share My Personal Information' link from privacy footer
Why it matters: The removal of a direct, labeled footer link to CCPA opt-out controls may reduce consumer awareness and ease of access to statutory privacy rights. Under CCPA, opt-out mechanisms must remain conspicuous and accessible; the removal of a prominent footer link could complicate user discovery and exercise of these rights if the functionality is not equally accessible elsewhere on the site.
Chime
Chime Privacy Policy
medium
Updated disclosure: Chime now explicitly authorizes sharing customer information with other financial companies for joint marketing purposes.
Why it matters: The updated notice materially changes Chime's stated data-sharing practice by explicitly authorizing sharing of customer financial information with other financial companies for joint marketing. This reverses the prior 2017 notice, which stated Chime did not engage in this sharing. The change is operationally significant because it creates a new disclosure obligation and may require downstream organizations that rely on Chime's data handling practices to update their own privacy notices, vendor agreements, or customer disclosures.
June 16, 2026
AI21 Labs
AI21 Labs Terms of Use
medium
Removed explicit opt-out mechanism for data sales and targeted advertising; replaced with general cookie consent framework.
Why it matters: The updated terms restructure how users access privacy controls and opt-out rights. Rather than providing an explicit button dedicated to opting out of data sales and targeted advertising, the revised language embeds consent management within a general cookie framework. This change affects the accessibility and prominence of privacy choices, and may impact compliance with statutory privacy law requirements in California and the EU that mandate clear, accessible opt-out mechanisms. Organizations relying on AI21's services should verify that the revised framework remains adequate for their vendor compliance obligations.
Oura
Oura Privacy Policy
medium
Adds explicit disclosure of AI assistant and machine learning features, including user choice on partner data sharing
Why it matters: The updated terms establish explicit transparency about AI-powered processing and feature development, which strengthens disclosure compliance and clarifies how personal health data may be used. The addition of user choice over partner data sharing provides a concrete control mechanism within the AI feature ecosystem.
Whatnot
Whatnot Legal Terms
high
Replaced court-based dispute resolution with mandatory arbitration for Australian sellers under main Terms of Service.
Why it matters: The updated terms eliminate court access and jury trial rights for Australian sellers, consolidating all disputes under mandatory individual arbitration. This materially changes the dispute resolution mechanism available to sellers and may affect how they evaluate risk and enforce claims against Whatnot.
Whatnot
Whatnot Terms of Service
high
Replaced court-based dispute resolution with mandatory arbitration for Australian sellers, removing Los Angeles venue language and jury trial waiver.
Why it matters: This change materially alters how disputes between Australian sellers and Whatnot will be resolved, shifting from court-based proceedings with defined venue to mandatory individual arbitration. The change consolidates dispute governance into cross-referenced provisions, meaning sellers must now review the main Terms of Service arbitration sections to understand their rights, creating additional complexity for dispute resolution.
AWS Bedrock
AWS Service Terms
medium
Adds explicit metadata sharing authorization with Anthropic models and launches WAF AI traffic monetization payment facilitation feature.
Why it matters: The updated terms establish explicit authorization for AWS to share request metadata with Anthropic for usage tracking, which modifies the data-processing relationship and may require organizations to update their privacy notices and data-processing agreements if they handle regulated data. The introduction of AWS WAF AI traffic monetization formalizes a new optional payment-facilitation service that involves sharing user configuration and payment information with third parties, requiring organizations to understand their own vendor relationships and liability frameworks.

You're seeing a fraction of what's changing.

ConductAtlas monitors 343+ platforms and captures every policy update.

Start tracking — Free
Inflection AI
Inflection AI Privacy Policy
medium
Expanded data collection scope to include voice, audio, precise location, and third-party platform access (contacts, emails, calendar, documents).
Why it matters: The updated policy establishes explicit authorization for collection of voice, audio, and location data, moving beyond the previously disclosed text-based input model. This expansion affects the scope of personal data Inflection AI may process and requires users and organizations relying on the service to understand the full range of data collection practices now authorized under the policy.

Don't manually check 343+ platforms.

Get alerts when policies change — before it affects you.

Start tracking — Free

Updated daily. New changes added as detected.

Page 1 of 10 Older →