If Luma is sold, merges with another company, or goes through bankruptcy, your personal information may be transferred to the new owner as part of that transaction.
This analysis describes what Luma AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your personal data could end up under the control of a different company with different privacy practices, potentially without prior notice or the opportunity to opt out.
Text is identical; provision retained with no changes.
View full change record →In the event of a merger, acquisition, or bankruptcy, your personal information, including uploaded images, videos, and conversation history, may be transferred to a new entity whose privacy practices may differ from Luma's. This is a standard industry clause but has practical implications for users who upload sensitive content.
How other platforms handle this
We may disclose certain information, in connection with or during negotiations or closing of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
We may share your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, or dissolution, transaction, or proceeding involving all or a portion of our business.
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
Monitoring
Luma AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.— Excerpt from Luma AI's Luma AI Privacy Policy
REGULATORY LANDSCAPE: Business transfer clauses engage GDPR Article 6 (lawful basis for processing) and may require assessment of whether the transfer to a new controller requires fresh consent or updated transparency notices. Under CCPA, a business transfer may qualify as a sale of personal information depending on the structure of the transaction and applicable regulatory interpretation. The FTC Act is relevant if post-transfer data use materially deviates from original representations. GOVERNANCE EXPOSURE: Medium. This is a standard clause across the industry, but its application to AI training data, user-uploaded images, and conversation histories gives it particular weight given the sensitivity and volume of data Luma may hold. The policy does not commit to notifying users prior to a transfer or providing an opt-out at the time of transfer. JURISDICTION FLAGS: GDPR imposes obligations on the new controller following a transfer to maintain lawful processing; EU users may have rights to object or request deletion if the new controller's purposes differ materially. California users may have CCPA rights depending on how the transaction is structured. Cross-border transfers in the event of an acquisition by a non-EEA entity would engage GDPR Chapter V transfer mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should assess whether their data processing agreements with Luma address change-of-control scenarios and whether sub-processor notifications are required in the event of a business transfer. Contractual data localization or processing restrictions may be affected. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether a business transfer would trigger notification obligations to regulators or users under applicable law, and whether the incoming entity would need to execute a new data processing agreement with enterprise customers. Data mapping should account for the possibility that data may migrate to a new controller.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your personal data could end up under the control of a different company with different privacy practices, potentially without prior notice or the opportunity to opt out.
In the event of a merger, acquisition, or bankruptcy, your personal information, including uploaded images, videos, and conversation history, may be transferred to a new entity whose privacy practices may differ from Luma's. This is a standard industry clause but has practical implications for users who upload sensitive content.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Luma AI.