Hugging Face can share your personal data with its corporate affiliates and with any company that acquires Hugging Face through a merger, acquisition, or sale of assets.
This analysis describes what Hugging Face's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes transfer of personal data to successor entities in a corporate transaction, which may result in users' data being held and processed by a new company operating under different practices, without requiring affirmative re-consent at the time of transfer.
The policy states your personal data may be transferred to acquiring companies in a merger or acquisition scenario; users would not necessarily be asked for new consent before their data moves to a new corporate entity with potentially different privacy practices.
Cross-platform context
See how other platforms handle Affiliate Sharing Including Merger and Acquisition Successors and similar clauses.
Compare across platforms →Monitoring
Hugging Face has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"The Company may share User Information and Personal information collected by the Services with businesses that are legally part of the same group as the Company, or that become part of that group in the event of a change of control, merger, acquisition or sale ('Affiliates').— Excerpt from Hugging Face's Hugging Face Privacy Policy
REGULATORY LANDSCAPE: GDPR requires that in data transfers arising from corporate transactions, the legal basis for processing must survive the transfer and the new controller must provide updated Article 13 disclosures if processing purposes change materially. The provision does not include a commitment to notify users in advance of data transfers arising from corporate transactions. GOVERNANCE EXPOSURE: Medium. The absence of user notification or consent requirements for M&A-related data transfers is a common provision but may require evaluation under GDPR where processing purposes or data controller identity materially changes following acquisition. JURISDICTION FLAGS: EU/EEA and UK users have the strongest regulatory interests given GDPR requirements for lawful basis continuity and transparency following controller changes. California residents may have interests under CPRA if a successor entity's practices differ materially from disclosed ones. CONTRACT AND VENDOR IMPLICATIONS: Institutional users and enterprise customers should assess whether their agreements with Hugging Face include provisions requiring notification of change of control and data transfer rights in an M&A context. This is a standard negotiating point for B2B data processing agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should monitor for corporate structure changes at Hugging Face and assess whether any new controlling entity's privacy practices are compatible with existing obligations. Data processing agreements should include successor liability and change-of-control notification provisions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes transfer of personal data to successor entities in a corporate transaction, which may result in users' data being held and processed by a new company operating under different practices, without requiring affirmative re-consent at the time of transfer.
The policy states your personal data may be transferred to acquiring companies in a merger or acquisition scenario; users would not necessarily be asked for new consent before their data moves to a new corporate entity with potentially different privacy practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Hugging Face.