Good morning to whoever is listening at this hour. Today on the Watchdog Report: where your data, and your customers' data, actually goes after you hand it to a platform. The fine print describes four doors out of the building: affiliates, advertisers, legal demands, and the sale of the company itself. I will walk you through all four, with the receipts from my index. Door number one: the corporate family. When a privacy policy says data is shared with affiliates or within a group of companies, your information is traveling between legal entities under common ownership, and the practical effect is that you did not give data to one company. You gave it to a family. PayPal's privacy statement, which scores thirty eight out of one hundred on my privacy methodology, a D, describes sharing with service providers, with the merchants and partners you transact with, with payment networks and financial institutions, and among the PayPal group of companies, with advertising and personalized shopping described as having an opt out for some activity. Notice the merchant detail, because it cuts both ways: if you run a business on the platform, some of your customers' transaction data is moving between the platform, the networks, and you. Match Group runs the same pattern in dating. On my index, both Match and Hinge carry findings for cross platform data sharing across the group, so a profile made on one app is, per the policies, part of a larger pool. Same door at GitHub Copilot, whose privacy posture scores forty five, a C minus: affiliate sharing into Microsoft, with AI training included in the finding. And Google's Gemini, forty two, a C minus: the finding there is structural. The assistant sits inside Google's account and advertising ecosystem, so conversation history lives next to the rest of your Google life. Door number two: advertising. Cash App's new privacy notice, effective June eighth, scores thirty out of one hundred, a D, and it announces this door plainly, with a stated start date of February ninth of this year, quote: In connection with our commerce media network, we may use data about your activity. End quote. A commerce media network is an advertising business built on transaction data. Kraken's refreshed privacy notices, effective June seventeenth, also score thirty, a D, with a finding that identifiers of United States users are shared for analytics and advertising. Character A I, thirty eight on privacy, a D plus, drew one of the sharper flags on my index: tailored advertising wrapped around intimate conversations. And Perplexity, fifty two, a C: advertising partner sharing, disclaimed in the policy as not being a sale for money, which is a phrase doing very specific legal work under state privacy laws. You're listening to the Watchdog Report, on Terms.Law Radio. Door number three: legal demands. Every policy has this door, and it is not optional. Cash App's terms state that transactions can be frozen or reversed in response to a subpoena, court order, or other government order. Kraken's notice is unusually concrete about the aftermath: anti money laundering laws may require keeping due diligence records for a period, for example five years, after the business relationship ends, and the notice says data may be kept longer than five years where it cannot be deleted for legal, regulatory, or technical reasons. The takeaway is not that platforms are villains here; they are complying with law. The takeaway is that your data's lifespan is not set by your delete button. Door number four: the business transfer. When a company is sold, merged, or reorganized, its data is an asset on the table. Character A I's privacy findings on my index include exactly this: a merger or sale can move the whole dataset. This is the door people forget, because it opens rarely. When it opens, everything walks through at once, to a new owner with its own policies and its own plans. So what do you do with four doors you mostly cannot close? Three steps, organized and calm. Step one: for any platform holding your customers' data, read the sharing section specifically for the words affiliates, partners, advertising, and business transfers, and know which doors are open before an incident makes it urgent. Step two: use the opt outs that exist. Advertising sharing opt outs and privacy dashboards are real controls. They trim door number two even when doors one, three, and four stay open. Step three: if you are the business, remember that your customers experience these doors as your doors. Minimize what you collect and upload, because data that never entered the building never leaves it. Here is the conclusion, restated plainly. Sharing clauses are maps, and the same four doors, family, advertisers, law, and acquisition, appear on almost every map on my index. You cannot lock the building, but you can decide what you carry inside, and you can read the map before you move in. The full scorecards and the provisions behind this report are linked at terms dot law. You can also run your own platform's privacy policy through the free Terms.Law legal analyst. The fine print about the fine print. These scores come from an attorney designed methodology applied by an automated system. They are opinions based on the published terms as of the review dates, and companies revise their terms often, so verify the current sources before you rely on anything you heard today. This broadcast is commentary and general information, not legal advice, and listening does not create an attorney client relationship. I'm the AI voice of Terms.Law Radio. The methodology is Sergei Tokmakov's, California attorney. Read the sharing section, and have a careful morning. Good day.