March 19, 2026
Reorganized policy footer links with no substantive policy impact.
Why it matters: This change has no operational significance. It is a purely organizational adjustment to the ordering of hyperlinked policy documents. All policies remain accessible, and no substantive privacy, data handling, or legal terms were modified.
Reordered linked policy document references in terms of service
Why it matters: This change has no operational significance for consumers or organizations. It is a reorganization of how Square presents links to its related policy documents and does not modify any substantive terms, rights, or obligations.
Updated internal reference code in survival clause; no substantive changes to which terms survive service termination.
Why it matters: This change has no operational significance. The Survival clause specifies which contractual provisions remain binding after service termination; the list of those provisions is identical before and after the update. The change is a reference code or version identifier update only.
Reorganized privacy notice navigation; renamed biometric notice from 'Information' to 'Data'.
Why it matters: This change is not materially significant. It involves only the reordering of privacy notice links and a cosmetic rename of one notice title. No substantive privacy rights, data processing practices, or consumer protections were altered.
Renamed Enterprise Support tier to Expert Support in terms of service
Why it matters: This change updates the terminology used to identify a support tier within the Terms of Service. The operational features and benefits of the support offering remain unchanged; the update affects only how the tier is named and referenced in the agreement documentation.
You're seeing a fraction of what's changing.
ConductAtlas monitors 343+ platforms and captures every policy update.
Start tracking — Free
Renamed Brand Studio to Dream Studio throughout Terms of Service; no material change to user rights or obligations.
Why it matters: This change establishes nomenclatural clarity for the renamed product within the governing terms. The operative restrictions remain identical: Stability AI continues to reserve the right to remove user-created model adaptations without advance notice or stated justification. The update ensures the terms accurately reference the current product name in circulation.
Clarified language in privacy notice regarding personalization feature naming and control procedures; no substantive change to data practices.
Why it matters: The updated notice clarifies how users can manage personalization on Gemini Apps, replacing specific feature terminology with more general language. Users retain the same ability to disable personalization; the change affects how that control is described in the privacy documentation rather than the control itself or the data practices underlying it.
Product portfolio updates to Google Maps Platform ToS: removed Agent Platform, added Mixed Reality, renamed Gemini Enterprise services
Why it matters: This change reflects Google's product portfolio strategy and marketing positioning within the platform Terms document. The reorganization adds visibility to Mixed Reality services and consolidates AI/ML product naming, but does not alter the substantive terms, conditions, or obligations governing use of Google Maps Platform services.
Corrected version history, account definition, section numbering, and legal mailing address in Terms of Use.
Why it matters: These changes are administrative corrections that do not alter the substantive terms of the agreement. The version number correction, section numbering adjustments, and updated contact information ensure alignment between the document as published and its operational references. Users face no new obligations or restrictions.
Minor interface and navigation updates applied to Target privacy policy; no substantive data practice or rights changes detected.
Why it matters: This change does not materially affect Target's privacy practices or consumer rights under the policy. The updates are formatting and interface modifications that do not alter what data Target collects, how it uses personal information, or what protections or controls the policy establishes.
Added comprehensive Target Circle loyalty program terms including automatic updates without notice and continued-use consent provisions.
Why it matters: The updated terms establish an explicit unilateral modification framework for a major consumer loyalty program, enabling Target to change program features, rewards, data handling, and terms without advance notice. The provision that continued participation constitutes acceptance means members remain bound to updated terms simply by using the program, without affirmative reaffirmation. This operational structure concentrates authority to modify loyalty program governance in Target's hands and depends on members actively opting out if they object to changes rather than proactively consenting to each modification.
Updates Canadian office addresses for data processing responsibility in privacy notice.
Why it matters: The updated addresses ensure Canadian users can identify and contact the correct eBay legal entity responsible for their personal data processing and can direct privacy requests to the appropriate location.
Reorganized Privacy Notice with expanded disclosure of data collection, processing relationships, and data controller accountability.
Why it matters: The updated Privacy Notice operationally establishes Twilio's explicit role as a data controller and maps the scope of data relationships it processes, which clarifies accountability for GDPR, CCPA, and equivalent compliance frameworks. Organizations using Twilio as a vendor must verify that their Data Protection Addenda and customer privacy disclosures remain aligned with Twilio's now-detailed controller role and multi-tier data subject framework.
Removes Brazil from entity-specific contracting structure; adds Japan as separate Twilio jurisdiction; commits to not materially decrease service functionality.
Why it matters: The removal of Brazil from the entity-specific contracting structure creates uncertainty about dispute jurisdiction, applicable law, and data handling for Brazilian customers. The addition of Japan as a separate jurisdiction establishes clearer contractual clarity for Japanese customers. The commitment to preserve functionality protects customers against unilateral removal of core service capabilities, though the definition of 'materially decrease' remains subject to dispute interpretation.
Added UK to server location disclosures in data processing notice
Why it matters: The updated policy clarifies that user data processing occurs in UK data centers in addition to the US and EU. This affects how data location and international transfer disclosures are presented to users and impacts compliance obligations under UK and EU data protection law, particularly regarding the adequacy of transfer mechanisms between jurisdictions.
Restructured privacy policy navigation with new links to Consumer Health Data Privacy and HIPAA notices; removed numbered table of contents.
Why it matters: The updated privacy policy structure changes how users navigate privacy disclosures and obligations. Rather than consulting a single numbered policy, users seeking information about data collection, retention, security, children's privacy, or their own rights must now reference multiple linked documents. This change is operationally significant for compliance teams monitoring Headspace as a vendor, as privacy obligations are now distributed across at least three separate documents (main privacy policy, Consumer Health Data Privacy Policy, HIPAA Notice), requiring verification that all linked disclosures are accessible and complete.
Updated privacy contact channels and added subprocessor disclosure and Data Processing Addendum links.
Why it matters: The contact routing changes ensure that privacy inquiries and data subject requests reach the appropriate functional area (support for general questions, external DPO for rights requests). The explicit linking of subprocessor and DPA documentation improves discoverability of data processing terms that organizations relying on Figma need to evaluate for compliance. Operationally, UK and EEA users now have a dedicated Data Protection Officer contact, reinforcing GDPR-required DPO accessibility.
Added links to Candidate Privacy Notice, Data Processing Addendum, and Figma Subprocessors page in Terms of Service footer.
Why it matters: The updated terms establish more accessible data processing documentation, which is operationally significant for organizations subject to data protection regulations. Availability of a Data Processing Addendum and Subprocessors list allows regulated organizations to evaluate Figma's vendor terms against their own data governance and contracting frameworks, particularly under GDPR and CCPA.
Shifted child privacy certification from CARU to ESRB and simplified data retention language in privacy policy update.
Why it matters: The updated policy removes explicit transparency about what persistent identifiers Nintendo collects from child users and why, which may affect how the policy complies with COPPA's requirement for clear disclosure of information collection practices. The shift from CARU to ESRB changes which independent body audits and enforces Nintendo's compliance with its stated practices. Simplified retention language removes prior detail about how Nintendo handles data based on sensitivity levels, though the practical retention practices may remain unchanged.
Authorizes additional ad types in Status and Channels; adds US consumer privacy rights notice.
Why it matters: The updated terms establish explicit authorization for additional advertising formats in Status and Channels, where the prior policy only committed to updating terms if such ads were introduced. This operationally means users may now encounter ads in those features without the implication that prior notice would be given. The addition of a US regional privacy notice reflects alignment with state-level privacy laws that require separate disclosure of consumer rights, affecting how WhatsApp discloses its practices to US residents.
Removed account monitoring service descriptions and restructured Plaid Account language to emphasize third-party app onboarding rather than standalone features.
Why it matters: The restructured terms shift how Plaid describes its Plaid Account service, moving away from emphasizing independent account management features and toward positioning the account primarily as a facilitator for third-party app integration. This change does not establish new data authorities or restrictions, but it does refocus the service narrative away from standalone consumer-facing features. Organizations relying on Plaid should confirm the intended effective date, as the document lists December 2023 despite changes being made in March 2026.
Removed collapsible sections and reorganized data collection descriptions in privacy policy; formatting change only.
Why it matters: The updated policy maintains the same privacy practices and disclosures; this change affects how information is presented visually and structurally, not what data Klarna collects or how it is used. The operational practices described in the policy remain unchanged.
Reorganized Terms of Service table of contents with new service category headers and additional agreement cross-references.
Why it matters: The reorganization clarifies the navigation and structure of Klarna's legal agreements by adding explicit service categories and cross-references. This presentational change may improve user ability to locate specific agreements governing payment plans, credit card services, and other products, but does not alter the substantive terms that govern those services.
Removes data correction rights, third-party opt-out protections, and use-limitation requests; adds binding arbitration for disputes.
Why it matters: The removal of documented data correction, deletion, and opt-out rights narrows the contractual protections users have in the published privacy policy and may create compliance gaps under GDPR, FADP, and CCPA, which grant users statutory rights to access, correct, and delete personal data and to object to processing. The addition of binding arbitration establishes a mandatory dispute mechanism that limits judicial recourse. For organizations using Glassdoor as a data processor, these changes may require amendment of existing vendor data processing agreements to ensure user data subject rights are preserved through contract rather than relying on Glassdoor's published policy.
Narrowed Terms scope to US users, added mandatory arbitration clause, established precedence of master Terms over service-specific terms.
Why it matters: The updated terms establish mandatory individual arbitration as the primary mechanism for resolving disputes, eliminating jury trial and class action rights for US users. This operationally limits the venues and procedures available for dispute resolution and may reduce collective bargaining power in disputes. The geographic narrowing and term precedence change clarify that the master Terms apply to US users and control over service-specific terms, which affects how the agreement is structured and interpreted.
Minor footer location reference updated in Privacy Notice.
Why it matters: This change has no operational significance. It is a formatting or administrative footer update that does not alter privacy disclosures, data handling, consumer rights, or regulatory obligations.
Updated daily. New changes added as detected.