What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: The policy engages GDPR and UK GDPR for European and UK residents, CCPA and CPRA for California residents, and is subject to FTC Act oversight for unfair or deceptive data practices. The policy's disclosure that user message content is passed to third-party AI model providers raises questions under GDPR Article 28 (processor obligations) and Article 26 (joint controller arrangements) regarding the legal basis and contractual frameworks governing those transfers; the pol…

How does Poe's Poe Privacy Policy affect users?

The policy establishes that conversation content and user identifiers are transmitted to third-party bot operators, subjecting user data to those operators' respective privacy terms and practices. Poe also collects and shares usage data, device identifiers, and IP addresses with analytics and advertising partners. Users in applicable jurisdictions may exercise data subject rights by submitting requests to privacy@poe.com.

How often is Poe's Poe Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Poe updates this document?

Yes. Monitor subscribers ($19/month) can add Poe to their watchlist and receive same-day email alerts whenever this document or any other Poe document changes.

CA-D-000797

Poe Privacy Policy

Poe

Last change detected May 12, 2026 Privacy policy

SHA-256: 3f5ff2c5153b594d076… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Poe ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

2 High severity

5 Medium severity

1 Low severity

Summary

This document establishes Poe's data collection, use, and sharing practices for users of its AI chat platform. The policy authorizes transmission of user account information, conversation content, and device data to third-party AI service operators whose bots users interact with on the platform. The document specifies data subject rights for California residents and EU/UK users, including mechanisms to request access to, correction of, or deletion of personal data via privacy@poe.com.

Technical / Legal Breakdown

This document is Poe's Privacy Policy, governing the collection, use, and disclosure of personal information by Quora, Inc. (operating Poe) in connection with its AI aggregation platform, with the stated basis being user consent and legitimate business operations. The policy states that Poe collects account information (email address, phone number), usage data (messages sent, bots interacted with, features used), device and log data (IP address, browser type, operating system, referring URLs, device identifiers), payment information processed via third-party processors, and information from third-party sign-in services such as Google or Apple. The policy authorizes sharing of personal data with third-party AI model providers whose bots users interact with, analytics vendors, advertising partners, and service providers, as well as in the context of business transfers; the scope of data passed to third-party AI providers in the course of bot interactions is operationally distinct in that user message content may be transmitted to external model operators whose own privacy terms apply. The policy engages GDPR and UK GDPR for EU and UK residents, CCPA and CPRA for California residents, and general FTC Act consumer protection standards; the document provides region-specific rights disclosures for these populations but the adequacy of consent mechanisms and data transfer safeguards for EU/UK users warrants compliance evaluation. Poe operates internationally and the policy acknowledges cross-border data transfers, which under GDPR requires appropriate transfer mechanisms such as standard contractual clauses, though the specific mechanism in use is not identified in the accessible document text.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 2 provisions

Message Content Shared with Third-Party AI Providers Compare →

When you chat with a bot on Poe, the text of your messages may be sent to the company that built the underlying AI model powering that bot, and that company has its own separate privacy rules.

Added May 12, 2026 Standard Seen across 252 platforms
Cross-Border Data Transfers Compare →

Poe stores and processes data in the United States, and by using the service you are treated as consenting to your data being transferred to the US even if your local laws offer stronger protections.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Data Collection: Account, Usage, and Device Information Compare →

Poe collects your email address, phone number, the content of your messages, which bots you use, and technical information about your device and internet connection when you use the service.

Added May 12, 2026 Standard Seen across 284 platforms
Third-Party Sharing: Analytics, Advertising, and Service Providers Compare →

Poe can share your personal information with outside companies that help it run its business, including companies that handle payments, analyze data, send emails, host the service, and serve targeted ads.

Added May 12, 2026 Standard Seen across 252 platforms
User Rights: Access, Deletion, and Correction Compare →

Depending on your location, you may have the right to ask Poe to show you, correct, or delete the personal data it holds about you, and you can make these requests by emailing privacy@poe.com.

Added May 12, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

Poe and its advertising and analytics partners use cookies and similar tracking tools to monitor how you use the service, and this information may be used to show you targeted ads.

Added May 12, 2026 Standard Seen across 284 platforms
Children's Privacy Compare →

Poe's service is not intended for children under 13, and Poe states it will delete data if it discovers it has been collected from a child under that age.

Added May 12, 2026 Standard Seen across 284 platforms

Low — 1 provision

Business Transfer Disclosure Compare →

If Poe is sold, merges with another company, or goes through bankruptcy, your personal data may be transferred to the new owner as part of that business transaction.

Added May 12, 2026 Standard Seen across 252 platforms

Monitoring

Poe has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →