Poe stores and processes data in the United States, and by using the service you are treated as consenting to your data being transferred to the US even if your local laws offer stronger protections.
This analysis describes what Poe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy asserts user consent to international data transfers through continued use of the service; however, under GDPR, consent obtained in this manner (through terms of service acceptance rather than explicit, informed consent) may not constitute a valid transfer mechanism, and the specific lawful transfer mechanism for EU/UK users is not identified.
Interpretive note: The specific lawful transfer mechanism for EU and UK data subjects is not identified in the accessible document text; enforceability of consent-based transfer authorization under GDPR is uncertain and depends on regulatory interpretation.
EU, UK, and other non-US users' personal data, including message content and account information, may be transferred to and stored in the United States, where different data protection standards apply; the adequacy of legal protections for this transfer depends on mechanisms not fully specified in the accessible policy text.
Cross-platform context
See how other platforms handle Cross-Border Data Transfers and similar clauses.
Compare across platforms →Monitoring
Poe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Poe is based in the United States and the information we collect is governed by U.S. law. By accessing or using our services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries, where you may not have the same rights and protections as you do under local law.— Excerpt from Poe's Poe Privacy Policy
1) REGULATORY LANDSCAPE: GDPR Chapter V and UK GDPR Chapter V require that personal data transferred outside the EEA or UK be protected by an adequate transfer mechanism, such as standard contractual clauses, an adequacy decision, or binding corporate rules. Asserting consent via terms of service acceptance has been found insufficient under GDPR guidance in multiple regulatory contexts. The EU-US Data Privacy Framework may be relevant if Poe is certified, but this is not stated in the accessible policy text. 2) GOVERNANCE EXPOSURE: High for EU and UK operations. Absence of a specified transfer mechanism creates regulatory exposure before EU Data Protection Authorities and the UK Information Commissioner's Office, particularly following Schrems II and the subsequent EU-US Data Privacy Framework developments. 3) JURISDICTION FLAGS: EU/EEA users and UK users face the highest exposure. Swiss users may also be affected under the Swiss Federal Act on Data Protection. Any jurisdiction with adequacy-based protections that restricts onward transfers to third countries without safeguards is implicated. 4) CONTRACT AND VENDOR IMPLICATIONS: B2B customers and enterprise users governed by GDPR should evaluate whether Poe's data processing agreements specify the transfer mechanism and include appropriate standard contractual clauses. Vendor assessment questionnaires should request confirmation of the applicable transfer mechanism. 5) COMPLIANCE CONSIDERATIONS: The policy should be updated or supplemented to identify the specific legal mechanism used for cross-border transfers from the EU and UK. A records-of-processing-activities entry should document the transfer basis. If the EU-US Data Privacy Framework is the mechanism, Poe's certification status should be verified and documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy asserts user consent to international data transfers through continued use of the service; however, under GDPR, consent obtained in this manner (through terms of service acceptance rather than explicit, informed consent) may not constitute a valid transfer mechanism, and the specific lawful transfer mechanism for EU/UK users is not identified.
EU, UK, and other non-US users' personal data, including message content and account information, may be transferred to and stored in the United States, where different data protection standards apply; the adequacy of legal protections for this transfer depends on mechanisms not fully specified in the accessible policy text.
ConductAtlas has identified this type of provision across 78 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Poe.