April 19, 2026
Updated contact email addresses for arbitration opt-outs and customer support inquiries.
Why it matters: If you need to exercise rights under the policy, such as opting out of arbitration or asking questions about your data, you must use the correct contact address. Using outdated addresses could cause your request to be lost or delayed.
Removed service exclusions and reduced privacy policy scope from 224 to 36 sentences, eliminating explicit carve-outs for Ledger Recover and Multisig services.
Why it matters: The removal of explicit service exclusions and cross-references to separate privacy policies creates regulatory compliance risk and user confusion about what data practices apply to each Ledger service. Under GDPR and CCPA, privacy policies must clearly disclose the scope of services covered; the absence of this disclosure may not satisfy those requirements.
Updates office address, renumbers sections, and clarifies account terminology in terms of use
Why it matters: The updated address ensures that legal notices and formal correspondence reach Wise at the correct location. The clarified account definition removes any ambiguity about whether standard Wise Accounts apply only to business customers, though this appears to be a clarification of existing practice rather than a substantive policy change.
Replaced marketing homepage with binding website privacy notice requiring express consent to data collection and retention.
Why it matters: The change converts zelle.com from a marketing destination into a legally binding privacy notice that requires your consent to data collection merely by visiting. This means Zelle is now asserting broad authority to collect and use your personal information on the basis of your presence on the site, and the notice warns that you should not visit if you disagree.
Added shopping cart retention messaging and cookie consent prompt to website interface.
Why it matters: The updated website interface establishes a more explicit consent and notification flow for returning users, which may clarify how Shein handles shopping cart data and cookie preferences. The cookie consent prompt may formalize compliance with privacy regulations that require affirmative user consent for non-essential cookies.
You're seeing a fraction of what's changing.
ConductAtlas monitors 343+ platforms and captures every policy update.
Start tracking — Free
Updated promotional content examples in privacy policy introductory section.
Why it matters: This change does not materially affect consumer privacy rights or data practices. Target's actual privacy obligations, data collection methods, and consumer protections remain unchanged.
Removed one sentence from Terms and Conditions; specific language and operational impact unclear from summary.
Why it matters: The removal of language from a terms-of-service document may affect consumer rights, obligations, or protections, but without disclosure of which sentence was removed or its subject matter, the operational significance cannot be assessed. Organizations and users should obtain the updated terms directly to evaluate what changed.
Restructured User Agreement with 570 sentences added and organizational changes to policy layout and content presentation.
Why it matters: A 570-sentence expansion of eBay's User Agreement represents a comprehensive revision to how the platform discloses its policies and procedures. Users should review the updated terms to understand any new requirements, fees, enforcement procedures, or restrictions that may apply to their accounts, as the scope of additions suggests material changes to policy documentation even if substantive rights changes are not immediately apparent from this summary.
GitHub substantially revised Terms of Service with 54 modified sentences, 40 removed, and 4 added; review specific changes to understand revised service terms.
Why it matters: The revision scale indicates material changes to GitHub's service terms. The removal of 40 sentences and modification of 54 others suggests changes to core provisions governing acceptable use, intellectual property handling, liability, dispute resolution, or data processing. Users and organizations with GitHub in their vendor stack should identify the specific provisions that changed to assess operational and contractual implications.
Restructured privacy notice to lead with Binding Corporate Rules governance and transparency principles instead of specific data collection practices.
Why it matters: The updated notice reorganizes how Twilio describes its privacy governance and operational authority. By leading with Binding Corporate Rules and transparency values rather than specific data relationships and definitions, the notice changes the information architecture users encounter first. For compliance teams, the restructuring requires verification that substantive data processing authority, scope, and controller responsibility remain aligned with prior understanding; organizational changes can obscure scope boundaries if not carefully documented.
Added Mexico and Brazil entities to Terms of Service; removed guarantee against material service functionality reduction; clarified online order placement options.
Why it matters: The addition of Mexico and Brazil service entities creates distinct legal contracting relationships with regional companies, potentially affecting dispute venue, applicable law, and regulatory compliance for customers in those jurisdictions. The removal of the functionality protection clause broadens Twilio's contractual authority to modify service features without the prior constraint that changes be non-material to overall functionality, shifting risk to customers who may have relied on that commitment for service stability planning.
Reorganized privacy policy table of contents; added sections on data sharing and profile deletion; substantive terms unchanged
Why it matters: This change improves the discoverability of existing privacy policy provisions by reorganizing the table of contents. Users can now navigate directly to sections on data sharing and profile deletion without modifying what the policy authorizes or requires. The reorganization supports user access to policy content but does not alter privacy practices or user rights.
Updated privacy policy timestamp display format from specific date to relative indicator.
Why it matters: This change does not materially affect user privacy, data handling, or rights. It is a cosmetic update to how the policy displays its last revision date.
Updated last-modified timestamp display format from specific date to relative reference; no substantive policy changes detected.
Why it matters: This change has no practical significance. It is a cosmetic modification to how the page displays the date the Terms of Service were last updated; the actual terms remain unchanged.
Expands privacy notice with 516 added sentences covering data collection, AI decision-making, cookie usage, and traveler rights
Why it matters: The expanded privacy notice provides substantially more detail about what data Booking.com collects from travelers, how it uses that data (including for AI-driven decisions), who it shares data with, and what rights travelers have. For travelers considering booking through Booking.com, the additional transparency allows more informed decisions about data privacy before committing to a reservation.
Added mandatory arbitration clause and class action waiver, effective immediately; users can opt out within 30 days.
Why it matters: This change materially restricts how users can pursue disputes with Booking.com. By making arbitration mandatory and requiring class action and jury trial waivers as default conditions, the updated terms eliminate the option to use courts and prevent collective legal action unless users take affirmative steps to opt out within 30 days of April 19, 2026.
Hinge modified six sentences in privacy policy; specific operational changes require document review.
Why it matters: Privacy policy modifications warrant review to confirm whether they affect how Hinge discloses data practices, consent requirements, or processing mechanisms. Six sentence changes could affect material disclosures or could reflect minor clarifications; document-level review is necessary to determine significance.
Removes UK from stated server locations; now lists only US and EU servers
Why it matters: Transparency about server locations is a key privacy disclosure that affects where your data is stored and what data protection laws apply. Removing UK from the list changes what the policy tells you about data handling and may indicate a shift in infrastructure that affects your rights under UK and EU data protection law.
Added 'Do Not Sell or Share My Personal Information' link in Terms footer for California privacy compliance
Why it matters: The updated Terms establish clearer navigation to California privacy rights disclosures. This change improves accessibility to opt-out mechanisms required under CCPA and reflects standard compliance practice for serving California consumers.
Adds plain-language summaries to major privacy policy sections clarifying data collection, use, and sharing practices.
Why it matters: The updated policy makes Noom's data practices more transparent and easier to understand by adding clear summaries at the start of each major section. Users can now quickly see that Noom collects personal, technical, and health data; uses it to personalize services and run the platform; and shares it with service providers and partners, without having to parse detailed legal language.
Adds explicit disclaimers that Noom is not medical care, requires age 18+, clarifies features may be inaccurate, and reserves unilateral account suspension rights
Why it matters: The updated terms make explicit that Noom is not a substitute for medical care and that its coaching and food features may be inaccurate, which is critical for users who might rely on it for health decisions. The new language also reserves Noom's right to terminate your account at any time without stated cause or process, expanding the company's unilateral control over your access.
Reorganized privacy policy footer navigation and link placement
Why it matters: This change has no material impact on consumer privacy rights or protections. It is a structural reorganization of the policy webpage footer and does not alter any substantive privacy commitments or data handling practices.
Removed two sitemap navigation links from footer; no policy changes to terms or user rights.
Why it matters: This change does not materially affect consumers. It is a removal of two footer navigation links with no impact on the terms of service, user rights, data handling, or any substantive provision.
Updates privacy contact email from support@figma.com to privacy@figma.com; centralizes DPO contact; reorganizes footer navigation
Why it matters: The updated policy establishes a dedicated privacy contact channel, which may improve response times for data subject rights requests and privacy inquiries. GDPR and UK Data Protection Act require transparent contact methods for exercising data rights; the clearer channel supports regulatory compliance and user accessibility.
Navigation reorganization and product menu restructuring in Canva Privacy Policy; no substantive privacy practice changes detected.
Why it matters: This change does not substantively alter Canva's privacy practices, data collection, or consumer rights. The modification is limited to product navigation and menu reorganization within the Privacy Policy document structure.
Removed template library from product navigation in Terms of Use document structure.
Why it matters: This change has no operational significance. It is a structural reorganization of the Terms of Use document navigation and does not modify substantive terms, consumer obligations, data practices, or service features.
Removed decorative emoji symbols from Terms of Service document index—formatting change only.
Why it matters: This change does not materially affect how Notion's terms operate. The removal of emoji formatting from the document index is purely cosmetic and does not alter any legal provisions, user rights, data practices, or service obligations.
Shifts child privacy certification to CARU, clarifies persistent ID collection for children, and expands parental visibility of authorized third-party app access.
Why it matters: Nintendo now explicitly discloses that it collects and permits service providers to collect persistent identifiers from child users for specific operational purposes, and parents can see exactly which apps are authorized to access their child's account, providing clearer visibility into data practices affecting children. The shift from ESRB to CARU oversight represents a change in the third-party body conducting independent audits and enforcement of the company's child privacy compliance.
Adds AI-powered phone marketing disclosures and reorganizes data retention criteria; removes specific retention examples.
Why it matters: Microsoft disclosed a new marketing contact method (AI-generated voice calls) that consumers may not expect, requiring them to verify their consent preferences. Simultaneously, the company made its data retention commitments less specific and more operationally broad, which reduces consumer clarity about how long their data is kept and may complicate vendor compliance verification.
Removed one-month response commitment for privacy requests and explicit disclosure of child safety consortia data sharing
Why it matters: The removal of response timelines for privacy rights requests eliminates a compliance commitment that operationalized GDPR and UK DPA obligations, creating ambiguity about what timeline now applies when users exercise data subject rights. The removal of explicit child safety consortium disclosure eliminates transparency about a data processing practice, which may affect users' ability to understand what data is shared and for what purpose, and may create compliance questions under transparency-focused regulations like GDPR Article 14.
Updated daily. New changes added as detected.