The policy discloses that all collected personal data across all categories may be transferred to a third party acquiring control of Figure AI's business in whole or in part, including through merger, acquisition, or bankruptcy.
This analysis describes what Figure AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes transfer of all personal data categories, including sensory data and professional data, to an acquiring entity without a requirement for separate user notice or consent at the time of transfer. The scope covers partial acquisitions, meaning a third party acquiring only a portion of the business could receive the full dataset.
Under this clause, all personal data collected by Figure AI, including sensory data such as recordings and geolocation data, may be transferred to a third-party acquirer in a merger, acquisition, or bankruptcy without a separate consent step at the time of the transaction. The agreement does not specify that the acquiring entity must maintain the same privacy practices.
Cross-platform context
See how other platforms handle Business Transfer Data Disclosure and similar clauses.
Compare across platforms →Monitoring
Figure AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).— Excerpt from Figure AI's Figure AI Privacy Policy
1) REGULATORY LANDSCAPE: Business transfer data disclosures engage the FTC Act's consumer protection framework, and the FTC has historically scrutinized whether acquiring entities honor predecessor privacy commitments. Under CCPA and CPRA, transferred personal data remains subject to the original privacy commitments unless users are notified and provided opt-out rights where applicable. State privacy laws in Colorado, Connecticut, Virginia, and others may require notification or new consent upon material changes to data processing. 2) GOVERNANCE EXPOSURE: Medium. The provision's reference to partial acquisitions expands the potential transfer scope beyond standard whole-company sale language. The absence of a requirement that the acquiring entity maintain equivalent privacy practices creates post-transfer compliance uncertainty for users. 3) JURISDICTION FLAGS: California (CCPA/CPRA) requires that data transferred in a business transaction remain subject to the original privacy commitments or that users be provided notice and opt-out rights. EU and UK GDPR frameworks, if applicable, would require that any data transfer in a corporate transaction maintain an adequate legal basis for processing. State privacy laws in multiple states create notification obligations upon material changes to data handling. 4) CONTRACT AND VENDOR IMPLICATIONS: In M&A due diligence contexts, acquiring entities should assess the scope of personal data categories subject to transfer, including sensory and biometric data, and evaluate whether post-acquisition processing plans align with Figure AI's stated privacy commitments. Data privacy representations and warranties in transaction agreements should reflect the breadth of data categories described in this policy. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should establish a protocol for user notification in the event of a business transfer transaction as required under applicable state privacy laws. Data transfer agreements in M&A contexts should include provisions requiring the acquiring entity to honor existing privacy commitments or provide users with appropriate notice and rights.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes transfer of all personal data categories, including sensory data and professional data, to an acquiring entity without a requirement for separate user notice or consent at the time of transfer. The scope covers partial acquisitions, meaning a third party acquiring only a portion of the business could receive the full dataset.
Under this clause, all personal data collected by Figure AI, including sensory data such as recordings and geolocation data, may be transferred to a third-party acquirer in a merger, acquisition, or bankruptcy without a separate consent step at the time of the transaction. The agreement does not specify that the acquiring entity must maintain the same privacy practices.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Figure AI.