If Baseten is sold, merged, or its assets are acquired by another company, your personal data may be transferred to the new entity, though Baseten states it will provide notice before this happens.
This analysis describes what Baseten's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes transfer of personal data to a successor entity in a business transaction; while notice is promised, the policy does not specify how far in advance notice will be given or what rights users have to object or delete their data before the transfer.
Interpretive note: The policy does not specify the timing, mechanism, or content of notice to be provided before a business transaction transfer, nor whether users retain rights to object or delete data prior to the transfer.
Your personal data could be transferred to a new company if Baseten is acquired or merges, and the new entity's privacy policy would then govern your data; the policy states notice will be provided but does not define the notice period or your options at that point.
Cross-platform context
See how other platforms handle Business Transaction Data Transfer and similar clauses.
Compare across platforms →Monitoring
Baseten has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.— Excerpt from Baseten's Baseten Privacy Policy
(1) REGULATORY LANDSCAPE: Business transaction transfers of personal data engage CCPA provisions regarding disclosure of data transfers and consumer notice. GDPR requires that data transfers in the context of corporate transactions comply with applicable lawful basis and that data subjects are informed. The FTC has addressed data transfers in business transactions in prior enforcement contexts involving changes to privacy commitments. (2) GOVERNANCE EXPOSURE: Medium. The promise of notice before transfer is disclosed but the policy does not specify the mechanism, timing, or content of that notice, nor whether users will have a right to delete or opt out of the transfer. This ambiguity may create exposure if a transaction occurs and notice obligations are disputed. (3) JURISDICTION FLAGS: EU/EEA users may have rights under GDPR to object to processing or request deletion before a transfer to a new controller. California residents may have CCPA rights relevant to the transfer, particularly if the new entity constitutes a new business with different purposes. (4) CONTRACT AND VENDOR IMPLICATIONS: B2B contracts with Baseten should address what happens to data processed under service agreements in the event of a business transaction, including whether data portability or deletion rights are preserved. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should monitor for any announced business transactions and verify that the notice mechanism described in this provision is operationalized, and that users' rights to delete data before transfer are addressed in internal procedures.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes transfer of personal data to a successor entity in a business transaction; while notice is promised, the policy does not specify how far in advance notice will be given or what rights users have to object or delete their data before the transfer.
Your personal data could be transferred to a new company if Baseten is acquired or merges, and the new entity's privacy policy would then govern your data; the policy states notice will be provided but does not define the notice period or your options at that point.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Baseten.