Atlassian transfers personal data internationally, including from the EU/EEA to the United States and other countries, relying on mechanisms such as Standard Contractual Clauses to make those transfers lawful.
This analysis describes what Loom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
If you are based in the EU or UK, your Loom data may be transferred to and stored in the United States, and the legal adequacy of that transfer mechanism affects the protections your data receives.
Interpretive note: Specific transfer mechanism language and current SCC version could not be confirmed from the truncated HTML document; this provision reflects Atlassian's known international transfer framework applicable to Loom data.
EU and UK users' Loom data, including video recordings and account information, may be transferred to the US or other jurisdictions under Standard Contractual Clauses; the practical strength of those protections depends on whether Atlassian's SCCs reflect current EU requirements and whether supplementary measures are in place.
How other platforms handle this
OpenAI is based in the United States and the information we collect is governed by U.S. law. If you are accessing our services from outside of the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities in the United States and by tho...
When we transfer personal information from the European Economic Area, United Kingdom, or Switzerland to countries that have not been found to provide an adequate level of protection under applicable law, we take steps to provide appropriate safeguards, including through the use of Standard Contract...
We may transfer your personal information to countries other than the country in which you live. We transfer personal data from the European Economic Area, United Kingdom, and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level ...
Monitoring
Loom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
1) REGULATORY LANDSCAPE: Cross-border data transfers from the EU/EEA are governed by GDPR Chapter V, particularly Articles 44-49. Following the Schrems II decision (C-311/18), Standard Contractual Clauses must be supplemented by transfer impact assessments where US government surveillance risks apply. The EU-US Data Privacy Framework (2023) provides an alternative adequacy mechanism for qualifying US organizations. UK GDPR imposes parallel transfer restrictions under the UK's International Data Transfer Agreements. 2) GOVERNANCE EXPOSURE: Medium. Atlassian is a US-headquartered company and transfers of EU/UK personal data to the US are inherent to its service model. Compliance exposure arises if SCCs have not been updated to the 2021 EU Commission standard clauses or if transfer impact assessments have not been conducted for high-sensitivity data categories such as Loom video content. 3) JURISDICTION FLAGS: EU/EEA users face the most significant exposure from inadequate transfer mechanisms. Irish DPA (Atlassian's lead EU supervisory authority) enforcement posture on US transfers is relevant. UK users require assessment under the UK International Data Transfer Agreement framework separately from EU GDPR mechanisms. 4) VENDOR AND CONTRACT IMPLICATIONS: Enterprise customers should request confirmation that Atlassian's SCCs are current (post-2021 Commission standard clauses), that transfer impact assessments have been conducted for Loom data flows, and that sub-processor transfer chains are covered. Data residency options, where available, should be evaluated for organizations with strict localization requirements. 5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm Atlassian's EU-US transfer mechanism and whether Atlassian has self-certified under the EU-US Data Privacy Framework. For UK deployments, confirm whether Atlassian has executed UK ICO-compliant international transfer agreements. Organizations in sectors with heightened transfer restrictions (financial services, public sector) should conduct a specific transfer risk assessment for Loom.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
If you are based in the EU or UK, your Loom data may be transferred to and stored in the United States, and the legal adequacy of that transfer mechanism affects the protections your data receives.
EU and UK users' Loom data, including video recordings and account information, may be transferred to the US or other jurisdictions under Standard Contractual Clauses; the practical strength of those protections depends on whether Atlassian's SCCs reflect current EU requirements and whether supplementary measures are in place.
ConductAtlas has identified this type of provision across 78 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Loom.