The policy states that personal data may be transferred to countries outside Australia and the EEA, and that the company states it uses mechanisms such as Standard Contractual Clauses for EEA transfers.
This analysis describes what Leonardo AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes international transfers of user personal data and asserts that transfer safeguards such as Standard Contractual Clauses are in place, but does not identify specific recipient countries or named third-party recipients for these transfers.
Interpretive note: The policy asserts SCC use but does not identify specific recipient countries or document transfer impact assessment procedures, leaving the completeness of the transfer framework uncertain.
This addition clarifies data transfer practices and safeguards for international transfers, which is critical for GDPR compliance and user protection in regulated jurisdictions.
View full change record →Under this clause, personal data including identifiers, usage activity, and payment information may be transferred to and processed in countries outside Australia and the EEA. The policy states that safeguards such as SCCs are applied for EEA transfers, but does not specify recipient jurisdictions.
How other platforms handle this
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers and partners operate. By using our Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, in...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Leonardo AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may transfer your personal information to countries outside of Australia and the European Economic Area. When we transfer personal information outside of the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.— Excerpt from Leonardo AI's Leonardo AI Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages GDPR Chapter V (restrictions on transfers to third countries), which requires an adequacy decision, SCCs, or other approved transfer mechanism for transfers from the EEA. For Australian users, the Australian Privacy Act 1988 APP 8 governs cross-border disclosures. The policy asserts SCCs are used but does not detail the specific transfer impact assessment documentation required post-Schrems II. GOVERNANCE EXPOSURE: Medium. The assertion of SCC use is a standard mechanism, but the absence of specific recipient country disclosure and transfer impact assessment documentation creates compliance exposure for EU/EEA users, particularly following Schrems II (Case C-311/18). JURISDICTION FLAGS: EU/EEA users have the highest exposure. Australian users are subject to APP 8, which requires accountability for overseas recipients. US-based recipients of transferred data may implicate additional state privacy law considerations. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor management teams should request documentation of the specific SCCs in place, the list of third-country recipients, and any transfer impact assessments conducted for high-risk destination jurisdictions. COMPLIANCE CONSIDERATIONS: Legal teams should audit the transfer mechanism documentation, confirm that SCCs are executed with all relevant third-party recipients, and assess whether transfer impact assessments are current and documented. A data mapping exercise to identify all third-country data flows is advisable.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes international transfers of user personal data and asserts that transfer safeguards such as Standard Contractual Clauses are in place, but does not identify specific recipient countries or named third-party recipients for these transfers.
Under this clause, personal data including identifiers, usage activity, and payment information may be transferred to and processed in countries outside Australia and the EEA. The policy states that safeguards such as SCCs are applied for EEA transfers, but does not specify recipient jurisdictions.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Leonardo AI.