If ClickUp is sold, merged, or acquired, your personal data may be transferred to the new owner as part of that transaction, potentially even during negotiation before any deal is finalized.
This analysis describes what ClickUp's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your data could be transferred to an entirely different company with different privacy practices, and the transfer may occur during negotiations before any acquisition is complete, giving you no opportunity to object in advance.
The updated policy now explicitly recognizes eight distinct data subject rights, including rights to access, correct, delete, restrict processing, receive data in portable format, object to processing, withdraw consent, and lodge complaints with regulators. Previously, ClickUp described privacy controls through general opt-out options and data access procedures without formal legal framing. The revised language aligns with GDPR and similar data protection frameworks, providing clearer legal reference points for how users may exercise control over their personal data. You can exercise these rights by contacting ClickUp's support team.
View change record →In the event of a ClickUp acquisition or merger, your personal data including account details, usage history, and workspace content may transfer to a new corporate owner without your individual consent, and the new entity's privacy practices may differ from ClickUp's current commitments.
How other platforms handle this
We may disclose certain information, in connection with or during negotiations or closing of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
By issuing a chargeback or refund request for Premium subscriptions paid for through a third party, you agree to allow Telegram to release necessary data to that third party regarding your account status and Telegram Premium purchases.
We may share your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, or dissolution, transaction, or proceeding involving all or a portion of our business.
Monitoring
ClickUp has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.— Excerpt from ClickUp's ClickUp Privacy Policy
(1) REGULATORY LANDSCAPE: Business transfer data sharing engages GDPR Article 6 lawful basis requirements and may require assessment under the legitimate interests basis, as well as notification obligations to data subjects in certain jurisdictions. CCPA/CPRA require that the acquiring entity honor existing consumer rights and privacy promises. The FTC has historically scrutinized asset sales where consumer data constitutes a primary business asset and pre-existing privacy promises are not maintained. (2) GOVERNANCE EXPOSURE: Medium. This clause is standard in SaaS privacy policies and consistent with general industry practice, but the reference to transfers occurring during negotiations rather than only upon completion is a nuance worth noting. Enterprise customers whose workspace data is subject to this clause should assess contractual continuity obligations and whether their data processing agreements survive a change of control. (3) JURISDICTION FLAGS: EU and UK users may have GDPR-based rights if a transfer to a non-adequate country results from an acquisition, as new standard contractual clauses or equivalent mechanisms would need to be assessed. California users retain CPRA rights against a successor entity. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise contracts with ClickUp should include change-of-control provisions specifying data handling obligations on the acquirer, notification timelines, and termination rights if the acquiring entity does not meet agreed data protection standards. (5) COMPLIANCE CONSIDERATIONS: Legal teams should assess whether a ClickUp acquisition would trigger data transfer notification obligations under applicable law, and whether existing data processing agreements include appropriate change-of-control protections.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your data could be transferred to an entirely different company with different privacy practices, and the transfer may occur during negotiations before any acquisition is complete, giving you no opportunity to object in advance.
In the event of a ClickUp acquisition or merger, your personal data including account details, usage history, and workspace content may transfer to a new corporate owner without your individual consent, and the new entity's privacy practices may differ from ClickUp's current commitments.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ClickUp.