Copy.ai · Copy.ai Privacy Policy

International Data Transfers

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you're outside the US, your personal data will be transferred to and stored in the United States, where privacy laws may offer fewer protections than your home country.

Consumer impact (what this means for users)

EU and UK users' personal data is transferred to the United States, where it is subject to US law including potential government access — the adequacy of the legal transfer mechanism should be confirmed before sharing sensitive data.

Cross-platform context

See how other platforms handle International Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

For EU and UK users, transferring personal data to the US requires specific legal mechanisms under GDPR (such as Standard Contractual Clauses), and reliance on blanket consent for international transfers is generally insufficient under GDPR.

View original clause language
If you are located outside the United States, please be aware that information we collect may be transferred to, processed, and stored in the United States. By using our services or providing us with any information, you consent to this transfer, processing, and storage of your information in the United States, where data protection laws may not be as comprehensive as those in your country.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Chapter V (international data transfers; Arts. 44-49) requiring either an adequacy decision, Standard Contractual Clauses (SCCs; Commission Decision 2021/914), or Binding Corporate Rules. The EU-US Data Privacy Framework (effective July 2023) provides an adequacy mechanism for certified US companies. UK GDPR similarly requires appropriate transfer safeguards. Reliance on 'consent' as a transfer mechanism (Art. 49(1)(a)) is generally disfavored by EDPB guidelines for systematic transfers.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces the EU-US Data Privacy Framework and has authority over misrepresentations about international data transfer compliance.
    File a complaint →
  • State AG
    State attorneys general may have jurisdiction over deceptive practices related to international data transfer representations made to state residents.
    File a complaint →

Provision details

Document information
Document
Copy.ai Privacy Policy
Entity
Copy.ai
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004322
Document ID
CA-D-00478
Evidence Provenance
Source URL
https://www.copy.ai/privacy-policy
Wayback Machine
View archived versions →
SHA-256
9183ba77b2f278d16e28b621008d3faeb2076ade22123648a918780406964874
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Copy.ai | Document: Copy.ai Privacy Policy | Record: CA-P-004322
Captured: 2026-04-30 08:38:18 UTC | SHA-256: 9183ba77b2f278d1…
URL: https://conductatlas.com/platform/copyai/copyai-privacy-policy/international-data-transfers/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document