If Luma is sold, merges with another company, or goes through bankruptcy, your personal information may be transferred to the new owner as part of that transaction.
This analysis describes what Luma AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your personal data could end up under the control of a different company with different privacy practices, potentially without prior notice or the opportunity to opt out.
In the event of a merger, acquisition, or bankruptcy, your personal information, including uploaded images, videos, and conversation history, may be transferred to a new entity whose privacy practices may differ from Luma's. This is a standard industry clause but has practical implications for users who upload sensitive content.
How other platforms handle this
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.
If Canva is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to your information becoming subject to a different privacy policy.
Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of ...
Monitoring
Luma AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.— Excerpt from Luma AI's Luma AI Privacy Policy
REGULATORY LANDSCAPE: Business transfer clauses engage GDPR Article 6 (lawful basis for processing) and may require assessment of whether the transfer to a new controller requires fresh consent or updated transparency notices. Under CCPA, a business transfer may qualify as a sale of personal information depending on the structure of the transaction and applicable regulatory interpretation. The FTC Act is relevant if post-transfer data use materially deviates from original representations. GOVERNANCE EXPOSURE: Medium. This is a standard clause across the industry, but its application to AI training data, user-uploaded images, and conversation histories gives it particular weight given the sensitivity and volume of data Luma may hold. The policy does not commit to notifying users prior to a transfer or providing an opt-out at the time of transfer. JURISDICTION FLAGS: GDPR imposes obligations on the new controller following a transfer to maintain lawful processing; EU users may have rights to object or request deletion if the new controller's purposes differ materially. California users may have CCPA rights depending on how the transaction is structured. Cross-border transfers in the event of an acquisition by a non-EEA entity would engage GDPR Chapter V transfer mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should assess whether their data processing agreements with Luma address change-of-control scenarios and whether sub-processor notifications are required in the event of a business transfer. Contractual data localization or processing restrictions may be affected. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether a business transfer would trigger notification obligations to regulators or users under applicable law, and whether the incoming entity would need to execute a new data processing agreement with enterprise customers. Data mapping should account for the possibility that data may migrate to a new controller.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your personal data could end up under the control of a different company with different privacy practices, potentially without prior notice or the opportunity to opt out.
In the event of a merger, acquisition, or bankruptcy, your personal information, including uploaded images, videos, and conversation history, may be transferred to a new entity whose privacy practices may differ from Luma's. This is a standard industry clause but has practical implications for users who upload sensitive content.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Luma AI.