Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces the EU–US Data Privacy Framework and has authority over deceptive representations about data transfer safeguards under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Cross-Border Data Transfers clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Cross-Border Data Transfers clauses across approximately 55 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Cross-Border Data Transfers — Leonardo AI

Share 𝕏 Share in Share 🔒 PDF

What it is

When you use Leonardo AI, your personal data may be sent to Australia or the US, which may have weaker data protection laws than your home country.

Consumer impact (what this means for users)

EU, UK, and other users with strong domestic privacy rights may find their personal data processed in jurisdictions with different (potentially lower) privacy standards, and the policy does not specify which transfer mechanisms are used.

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

If you are in the EU or UK, transferring your data to Australia or the US requires Leonardo AI to have specific legal safeguards in place — the policy does not clearly specify what these safeguards are.

View original clause language

By using our Services, you acknowledge that your personal information may be transferred to and processed in countries other than your own, including Australia and the United States, where our servers and central database are operated. These countries may have different data protection laws than your country.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Chapter V (Arts. 44–49) governs international transfers from the EU, requiring an adequacy decision, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or another derogation. The EU–US Data Privacy Framework (adequacy decision, July 2023) covers transfers to certified US organisations. Australia is not currently subject to an EU adequacy decision, meaning transfers to Leonardo AI's Australian entity require SCCs or equivalent. UK GDPR (UK IDTA) applies for UK-to-third-country transfers. Australian APP 8 imposes accountability for cross-border disclosures.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC enforces the EU–US Data Privacy Framework and has authority over deceptive representations about data transfer safeguards under FTC Act Section 5.
File a complaint →

Provision details

Document information

Document

Leonardo AI Privacy Policy

Entity

Leonardo AI

Document last updated

April 29, 2026

Tracking information

First tracked

April 30, 2026

Last verified

April 30, 2026

Record ID

CA-P-004196

Document ID

CA-D-00480

Evidence Provenance

Source URL

https://leonardo.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

ac60ef265e1e05c94b28dd719ab4d9bf7339502e5ad85457006b8f18e885cc23

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Leonardo AI | Document: Leonardo AI Privacy Policy | Record: CA-P-004196
Captured: 2026-04-30 06:59:23 UTC | SHA-256: ac60ef265e1e05c9…
URL: https://conductatlas.com/platform/leonardo-ai/leonardo-ai-privacy-policy/cross-border-data-transfers/
Accessed: May 2, 2026

Classification

Severity

High

Cross-Border Data Transfers