If OpenAI is sold, merged, or acquires another company, your personal data may be transferred to the new entity as part of that transaction, including during the negotiation phase before any deal closes.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes transfer of personal data during corporate transactions, including during the negotiation phase, without requiring individual user notification prior to the transfer, which may affect the continuity of the privacy protections users accepted.
The updated policy no longer explicitly states that OpenAI receives information from advertisers and other data partners for ad measurement and improvement, nor does it mention that users can control…
The updated policy now explicitly authorizes OpenAI to promote products and services to users through direct marketing on third-party properties and to share limited information with select marketing…
The updated policy removes explicit language describing how OpenAI shares personal data with marketing partners through cookies and similar technologies. The policy previously stated that 'some of th…
The policy states that personal data including conversation history, account information, and usage data may be transferred to an acquiring or merging entity; users are not guaranteed advance individual notice of such a transfer under this provision's terms.
How other platforms handle this
Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of ...
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share or transfer personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.— Excerpt from OpenAI's OpenAI Privacy Policy
REGULATORY LANDSCAPE: This provision engages CCPA and CPRA, which require that consumers be notified if their personal data is transferred to a successor entity and that the successor be bound by the original privacy policy's terms or obtain fresh consent for materially different uses. The FTC Act applies where a corporate transaction results in data being used in ways materially inconsistent with representations made at the time of collection. State privacy laws in Virginia, Colorado, and Connecticut also impose requirements regarding notice of material changes to data processing following a business transfer. GOVERNANCE EXPOSURE: Medium. The inclusion of 'during negotiations' as a transfer trigger is notable because it potentially authorizes sharing personal data with a prospective acquirer before any transaction is finalized, which could precede any user notification. The practical scope of this exposure depends on what data categories are shared during due diligence processes. JURISDICTION FLAGS: California creates heightened exposure given CPRA's requirements for successor entities. The EU GDPR, while not addressed in this US policy, would impose additional notification and lawful basis requirements for EU-resident users if a transaction affected their data processing. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should assess whether their data processing agreements with OpenAI include provisions requiring notification of corporate transactions and successor entity obligations. The 'during negotiations' language may create a disclosure to a third party before users or enterprise customers are aware of the potential transaction. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the policy's successor entity language adequately commits the acquirer to honor existing privacy commitments, or whether a material change notice and re-consent obligation would be triggered. Data mapping documentation should flag conversation content and account data as categories subject to potential corporate transaction transfer.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes transfer of personal data during corporate transactions, including during the negotiation phase, without requiring individual user notification prior to the transfer, which may affect the continuity of the privacy protections users accepted.
The policy states that personal data including conversation history, account information, and usage data may be transferred to an acquiring or merging entity; users are not guaranteed advance individual notice of such a transfer under this provision's terms.
ConductAtlas has identified this type of provision across 18 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.