343 Entities monitored
811 Documents tracked
269 Changes detected
Showing the most important changes (medium + high severity) — Show all changes including minor updates
July 1, 2026
Unity
Unity Terms of Service
medium
Requires prior authorization to train AI models on Unity data; restricts automated access through scrapers, bots, and AI agents.
Why it matters: The updated terms establish binding restrictions on a common and growing use case: training AI models on platform data. By requiring prior authorization, Unity now gates a development practice that was previously unaddressed in its terms, meaning organizations that plan to use Unity data for AI training must now explicitly request permission before proceeding. This also reflects a broader industry trend of platforms establishing control over AI training on their data and services, which affects how development teams integrate with third-party platforms.
Windsurf
Windsurf Terms of Service
medium
Rebrands service to Cognition Platform and clarifies new company ownership; prior terms govern for 30 days from posting.
Why it matters: The updated terms establish a formal transition structure for a corporate rebranding and ownership change. Users have 30 days to review and decide whether to accept the new Cognition Platform terms; after that period, continued use constitutes binding acceptance. Organizations that depend on the service should confirm that the shift from Exafunction to Cognition does not materially alter data processing terms, service level agreements, or compliance obligations.
DraftKings
DraftKings Terms of Use
medium
Adds VPN prohibition, authorizes cross-platform fund transfers, and clarifies terms apply to daily fantasy contests only, not other DraftKings services.
Why it matters: The updated terms operationally restrict how users can access the platform (VPN prohibition), change age eligibility requirements for two states (adding Illinois, removing Virginia grandfather), and establish that DraftKings can move user funds across its multiple business lines without explicit per-transaction authorization. These changes affect account access enforcement, user eligibility, and fund custody practices.
Google Gemini
Gemini Apps Privacy Notice
medium
Adds disclosure of third-party service data collection and security warning for connected apps; clarifies temporary chat option.
Why it matters: The updated privacy notice expands disclosure of how data flows through third-party integrations and explicitly warns of security risks associated with custom app connections. These changes materially affect user understanding of data exposure and control, particularly for users who connect external tools or services to Gemini, and may influence vendor risk assessment for organizations incorporating Gemini into their technology stacks.
MetaMask
MetaMask Terms of Use
medium
Adds statutory consumer protection rights carve-out for UK/EU/EEA users; clarifies mUSD as third-party asset; replaces privacy policy language with privacy notice terminology.
Why it matters: The updated terms establish explicit recognition that statutory consumer protection laws in UK, EU, and EEA jurisdictions cannot be overridden by the agreement, clarifying the legal hierarchy for users in those regions. The mUSD clarification operationally establishes that Consensys is not the issuer or administrator of that asset, limiting Consensys' liability for mUSD-related losses or service failures.

You're seeing a fraction of what's changing.

ConductAtlas monitors 343+ platforms and captures every policy update.

Start tracking — Free
June 30, 2026
AWS Bedrock
AWS Service Terms
medium
Added formal framework for AWS Bedrock free exploration services, establishing customer responsibility for deployment and AWS rights to reuse content.
Why it matters: The updated terms establish for the first time a binding contractual framework governing AWS Bedrock's free exploration services, shifting these offerings from informal arrangements to formal terms with explicit responsibility allocations. The terms authorize AWS to discontinue these services without notice and to develop competing products based on customer work, while placing sole responsibility for legal compliance, testing, and production deployment on customers. This clarifies operational boundaries but introduces discontinuation risk for organizations relying on free consulting availability.
Weights & Biases
Weights & Biases Terms of Service
medium
Removed provision allowing signed customer agreements to supersede master service agreement
Why it matters: The removal of explicit supersession language eliminates contractual clarity about which governing document takes precedence when a customer has both a signed agreement and posted master terms. For customers with pre-existing written agreements, this change creates potential ambiguity that may require review to confirm their agreements remain binding and enforceable absent explicit master-terms recognition.
Coursera
Coursera Terms of Use
medium
Added requirement that subscription refunds must be requested separately; no refunds on renewal charges; cancellation stops future billing but doesn't auto-refund.
Why it matters: The updated terms establish that refund eligibility is no longer automatic upon cancellation and that annual renewal charges are entirely non-refundable. This modifies the practical process for obtaining a refund and limits refund eligibility for recurring charges, which may affect budget planning for individuals and organizations that use Coursera subscriptions.
June 26, 2026
Mercury
Mercury Terms of Service
medium
Adds autopay terms: auto-cancellation after 2 consecutive failures, no payment re-attempts, limited liability.
Why it matters: The updated terms establish new operational procedures for autopay failure handling that directly affect revenue collection reliability for subscription and recurring billing businesses. Organizations relying on Mercury for recurring payments must understand that authorizations will auto-terminate after 2 consecutive failures and will not be re-attempted by Mercury except once for Mercury-caused system delays, requiring manual re-enrollment or collections for failed series.
Threads
Threads Terms of Use
medium
Removed disclosure that user-AI interactions improve Meta AI; cut account recovery help options.
Why it matters: The updated help section no longer discloses that user-AI interactions are used to improve Meta's AI systems. Under regulations like GDPR and the EU AI Act, transparency about data processing for AI training is required; removal of this disclosure from a user-facing help section may create compliance gaps if equivalent notice does not appear in Threads' privacy policy or other binding terms. The removal also simplifies the help section and reduces guidance on account recovery options, though these may be documented elsewhere.
June 24, 2026
Whatnot
Whatnot Privacy Policy
high
Influencer Agreement shifted from California court litigation to mandatory arbitration under main Terms of Service
Why it matters: The updated terms establish mandatory arbitration as the exclusive dispute resolution mechanism for influencers, removing the ability to pursue claims through California courts or jury trials. This fundamentally changes the procedural framework and forum for resolving disagreements between influencers and Whatnot, consolidating dispute handling under the platform's main Terms of Service rather than terms specific to the influencer relationship.
Whatnot
Whatnot Terms of Service
high
Requires mandatory arbitration for all influencer disputes; removes court venue; incorporates class action waiver from main Terms of Service.
Why it matters: The updated terms eliminate influencers' ability to pursue disputes in court and require all disagreements with Whatnot to proceed through arbitration with a class action waiver. This materially changes the dispute resolution mechanism available to creators and reduces their practical remedies in cases involving payment disputes, account termination, or contract interpretation.
Google Maps
Google Maps Platform Terms of Service
medium
Broadened definition of 'High Risk Activities' to encompass any use where service failure could cause death, injury, or environmental/property damage, including weaponry.
Why it matters: The updated terms shift how Google classifies and restricts certain application categories. Developers can no longer rely on the prior enumerated list to determine whether their applications fall under high-risk restrictions; they must now evaluate their use cases against a broader principle-based standard. This change affects compliance assessment, contract terms, and indemnification obligations for organizations embedding Google Maps into autonomous systems, emergency services, defense, or similar mission-critical applications.
June 23, 2026
Windsurf
Windsurf Security & Data Handling
medium
Added formal security disclosures including SOC 2 Type II certification, MFA requirements, production access controls, and vulnerability program.
Why it matters: The updated document establishes formal security commitments previously absent from public Windsurf documentation. By disclosing SOC 2 Type II certification, encryption practices, access controls, and employee security requirements, Windsurf creates a documented baseline against which procurement teams and compliance officers can evaluate the platform's data protection measures. This materialization of security practices may reduce vendor assessment friction for organizations subject to GDPR, CCPA, or internal data protection governance.
Eventbrite
Eventbrite Privacy Policy
medium
Adds formal data protection complaint procedures and regulatory escalation rights for UK users and all applicable jurisdictions
Why it matters: The updated terms establish clear procedural pathways for users to file data protection complaints and explicitly confirm rights to escalate to regulatory authorities. This clarifies dispute resolution procedures and regulatory recourse that apply under UK and EU data protection law, potentially reducing ambiguity around how Eventbrite handles privacy complaints.
June 22, 2026
WhatsApp
WhatsApp Privacy Policy
medium
Softens commitment against ads in Status and Channels by adding 'if we ever do' condition and updates contact form URL.
Why it matters: The updated language reserves WhatsApp's operational flexibility to introduce ad formats in Status and Channels in the future, conditional only on updating the privacy policy. This revision weakens the prior unconditional commitment and may be material in jurisdictions where consumer reliance on WhatsApp's ad-free status affects the service's competitive positioning or regulatory treatment.
June 21, 2026
Ancestry
Ancestry Privacy Statement
medium
Removed 'Do Not Sell or Share My Personal Information' link from privacy footer
Why it matters: The removal of a direct, labeled footer link to CCPA opt-out controls may reduce consumer awareness and ease of access to statutory privacy rights. Under CCPA, opt-out mechanisms must remain conspicuous and accessible; the removal of a prominent footer link could complicate user discovery and exercise of these rights if the functionality is not equally accessible elsewhere on the site.
Chime
Chime Privacy Policy
medium
Updated disclosure: Chime now explicitly authorizes sharing customer information with other financial companies for joint marketing purposes.
Why it matters: The updated notice materially changes Chime's stated data-sharing practice by explicitly authorizing sharing of customer financial information with other financial companies for joint marketing. This reverses the prior 2017 notice, which stated Chime did not engage in this sharing. The change is operationally significant because it creates a new disclosure obligation and may require downstream organizations that rely on Chime's data handling practices to update their own privacy notices, vendor agreements, or customer disclosures.
June 16, 2026
AI21 Labs
AI21 Labs Terms of Use
medium
Removed explicit opt-out mechanism for data sales and targeted advertising; replaced with general cookie consent framework.
Why it matters: The updated terms restructure how users access privacy controls and opt-out rights. Rather than providing an explicit button dedicated to opting out of data sales and targeted advertising, the revised language embeds consent management within a general cookie framework. This change affects the accessibility and prominence of privacy choices, and may impact compliance with statutory privacy law requirements in California and the EU that mandate clear, accessible opt-out mechanisms. Organizations relying on AI21's services should verify that the revised framework remains adequate for their vendor compliance obligations.
Oura
Oura Privacy Policy
medium
Adds explicit disclosure of AI assistant and machine learning features, including user choice on partner data sharing
Why it matters: The updated terms establish explicit transparency about AI-powered processing and feature development, which strengthens disclosure compliance and clarifies how personal health data may be used. The addition of user choice over partner data sharing provides a concrete control mechanism within the AI feature ecosystem.
Whatnot
Whatnot Privacy Policy
high
Replaced court-based dispute resolution with mandatory arbitration for Australian sellers under main Terms of Service.
Why it matters: The updated terms eliminate court access and jury trial rights for Australian sellers, consolidating all disputes under mandatory individual arbitration. This materially changes the dispute resolution mechanism available to sellers and may affect how they evaluate risk and enforce claims against Whatnot.
Whatnot
Whatnot Terms of Service
high
Replaced court-based dispute resolution with mandatory arbitration for Australian sellers, removing Los Angeles venue language and jury trial waiver.
Why it matters: This change materially alters how disputes between Australian sellers and Whatnot will be resolved, shifting from court-based proceedings with defined venue to mandatory individual arbitration. The change consolidates dispute governance into cross-referenced provisions, meaning sellers must now review the main Terms of Service arbitration sections to understand their rights, creating additional complexity for dispute resolution.
AWS Bedrock
AWS Service Terms
medium
Adds explicit metadata sharing authorization with Anthropic models and launches WAF AI traffic monetization payment facilitation feature.
Why it matters: The updated terms establish explicit authorization for AWS to share request metadata with Anthropic for usage tracking, which modifies the data-processing relationship and may require organizations to update their privacy notices and data-processing agreements if they handle regulated data. The introduction of AWS WAF AI traffic monetization formalizes a new optional payment-facilitation service that involves sharing user configuration and payment information with third parties, requiring organizations to understand their own vendor relationships and liability frameworks.

You're seeing a fraction of what's changing.

ConductAtlas monitors 343+ platforms and captures every policy update.

Start tracking — Free
Inflection AI
Inflection AI Privacy Policy
medium
Expanded data collection scope to include voice, audio, precise location, and third-party platform access (contacts, emails, calendar, documents).
Why it matters: The updated policy establishes explicit authorization for collection of voice, audio, and location data, moving beyond the previously disclosed text-based input model. This expansion affects the scope of personal data Inflection AI may process and requires users and organizations relying on the service to understand the full range of data collection practices now authorized under the policy.
June 12, 2026
SoFi
SoFi Terms of Service
medium
Replaces blanket cookie consent with category-based preference controls and clearer disclosure of tracking purposes and partners
Why it matters: The updated terms establish a privacy control mechanism that operationally requires affirmative user choice for non-essential tracking rather than deploying tracking technology by default unless users actively opt out. This shift aligns SoFi's consent model with GDPR requirements for valid consent and reflects regulatory emphasis on transparent, granular user control over data collection practices. The change affects how SoFi collects and shares user data with advertising and analytics partners, since those data flows now depend on users affirmatively selecting corresponding cookie categories.
Google
Google Terms of Service
medium
Replaced broad as-is warranty disclaimers with affirmative warranty commitment and issue-resolution procedure.
Why it matters: The updated terms establish an affirmative warranty commitment and dispute-resolution procedure, replacing a categorical disclaimer framework. This change affects how service quality is defined and contested contractually, and may create measurable obligations for Google to address reported quality issues, which was previously disclaimed entirely.
OpenAI
OpenAI Privacy Policy
medium
Removed advertiser data partnership language and ad personalization controls; added contact scanning and content monitoring disclosures
Why it matters: The updated terms remove specific disclosures of advertiser data sourcing and user controls over ad personalization, which may reduce transparency about how Free and Go users' data is used in advertising contexts. Simultaneously, the policy adds explicit authorization for contact identification and universal content monitoring, centralizing these practices in the main policy purposes section. Together, these changes shift the balance between disclosed advertiser practices and explicit data-processing authorities, with potential implications for how users understand data flows and what controls remain available to them.
NVIDIA NIM
NVIDIA Privacy Policy
high
Removed cookie consent mechanisms and tracking technology disclosures from Privacy Policy
Why it matters: The removal of cookie and tracking technology disclosures from NVIDIA's Privacy Policy eliminates explicit user notice about data collection practices that were previously stated. Privacy regulations in the EU, UK, and California require transparent disclosure of tracking technologies before data collection. If NVIDIA continues to deploy cookies and tracking tools without updated disclosure language, the company may lack compliant notice mechanisms to satisfy legal requirements or obtain user consent.
Ticketmaster
Ticketmaster Privacy Policy
medium
Added disclosures for biometric information collection, messaging service communications, and event photography and video capture for marketing use.
Why it matters: The updated policy establishes explicit authorization and disclosure for biometric data collection and event photography practices that were not previously detailed. These additions create transparency regarding sensitive data practices and establish objection mechanisms, but also signal that Ticketmaster may implement these practices at events. Organizations that use Ticketmaster for customer data should evaluate whether these disclosed practices require updates to their own privacy notices or data processing agreements.

You're seeing a fraction of what's changing.

ConductAtlas monitors 343+ platforms and captures every policy update.

Start tracking — Free
June 9, 2026
OpenAI
OpenAI Privacy Policy
medium
Removes explicit description of ad personalization controls available to Free and Go users; adds Korea Addendum reference.
Why it matters: The removal of explicit language describing ad personalization controls creates operational ambiguity for users previously informed that they could manage ad-targeting data through account settings. While OpenAI's policy continues to authorize ad personalization for Free and Go users, the elimination of documented control mechanisms without explanation or alternative disclosure may affect user ability to understand and manage their participation in targeted advertising. This change is operationally significant because it shifts from explicit control disclosure to implicit authorization, potentially affecting how users exercise choices about their data and ads.

Don't manually check 343+ platforms.

Get alerts when policies change — before it affects you.

Start tracking — Free

Updated daily. New changes added as detected.

Page 1 of 9 Older →