Business Transfers and Corporate Transactions

What it is

If Inflection AI is sold, merged, or goes through bankruptcy, your personal data, including conversation history, could be transferred to the new owner as a business asset.

Why it matters (compliance & governance perspective)

A change in ownership could mean your data, including sensitive conversations, is transferred to a company with different privacy practices, even if you originally consented to Inflection AI's terms.

Consumer impact (what this means for users)

In the event of a corporate acquisition, merger, or bankruptcy, your personal data could be transferred to a new entity whose privacy practices may differ from those you agreed to when you first used Inflection AI's services.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Business transfer provisions engage GDPR obligations around notification of material changes to data processing and, in some interpretations, may require fresh consent where processing purposes change materially post-transfer. Under CCPA/CPRA, an acquirer taking on personal data must honor existing consumer rights. The FTC has taken action regarding deceptive transfers of personal data in bankruptcy or acquisition contexts. FTC guidance specifically addresses data asset transfers in bankruptcy proceedings. GOVERNANCE EXPOSURE: Medium. This provision is standard in technology company privacy policies, but the sensitivity of conversational AI data, which may include health, financial, or highly personal information, means that a corporate transfer carries higher practical risk than for more routine service data. The policy states notification will be provided, but does not specify that users can opt out or request deletion prior to transfer. JURISDICTION FLAGS: EU/EEA users may have GDPR rights to object to processing under a new controller if the legal basis for processing changes materially after a transfer. California users retain CCPA/CPRA deletion and opt-out rights regardless of ownership changes. International transfers to acquirers outside the EU/EEA require valid transfer mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers and enterprise users should review whether their data processing agreements with Inflection AI include provisions governing data handling in change-of-control scenarios, including rights to retrieve or delete data before transfer. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the notification commitment in this provision is operationally backed by a defined process, and whether users will have a meaningful window to request deletion before a business transfer is completed. For enterprise deployments, change-of-control provisions in B2B contracts should be reviewed.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• AI Model Training Using Conversation Content high
• Automatic Data Collection and Cookies medium
• Third-Party Data Sharing with Service Providers medium
• User Rights for EU and California Residents medium
• Children and Minors Data Restriction medium
• Data Retention medium

Related Analysis

• Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

  ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.

• 23andMe Is Bankrupt. What Happens to Your DNA Now?

  Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.