When you chat with a bot on Poe, the text of your messages may be sent to the company that built the underlying AI model powering that bot, and that company has its own separate privacy rules.
This analysis describes what Poe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision means your conversation content is not solely governed by Poe's privacy policy; it may also be processed by external AI companies whose data practices and retention policies differ and are not fully disclosed within Poe's own policy.
Interpretive note: The exact scope of data transmitted to third-party AI providers and whether those providers act as processors or independent controllers is not fully specified in the accessible document text.
Users' message content, which may include personal or sensitive information shared in conversation, can be transmitted to third-party AI model operators whose privacy policies and data retention practices are independent of Poe's commitments.
Cross-platform context
See how other platforms handle Message Content Shared with Third-Party AI Providers and similar clauses.
Compare across platforms →Monitoring
Poe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you interact with a bot on Poe, the messages you send to that bot may be transmitted to the third-party operator of that bot's underlying AI model. These third-party operators have their own privacy policies and terms of service that govern how they handle your information.— Excerpt from Poe's Poe Privacy Policy
1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 26 (joint controllers) and 28 (processor contracts), as well as CCPA requirements regarding disclosure of third parties to whom personal information is disclosed. The FTC Act's prohibition on unfair or deceptive practices is also relevant. The legal characterization of the third-party AI provider as a processor or independent controller is not specified, creating regulatory ambiguity. If third-party providers act as independent controllers, separate lawful bases under GDPR Article 6 may be required for each transfer. 2) GOVERNANCE EXPOSURE: High. The transmission of user-generated message content, which may include personal, sensitive, or confidential information, to multiple external entities whose individual privacy practices are not enumerated creates material compliance exposure. The policy does not identify which AI providers receive data, making user consent and data mapping difficult to operationalize. 3) JURISDICTION FLAGS: EU and UK users face heightened exposure under GDPR and UK GDPR, particularly if third-party AI providers are located outside the EEA or UK without adequate transfer mechanisms. California users may have CCPA rights to know the specific third parties receiving their data. Jurisdictions with sector-specific protections (healthcare, legal) could be implicated if users share such information in conversations. 4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should audit whether data processing agreements or joint controller agreements exist with each third-party AI model provider. The policy's reference to each provider's own terms suggests these may be independent controller relationships, which would require users to separately consent under GDPR and may limit Poe's ability to fulfill data subject access or erasure requests for data held by those providers. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should develop a registry of all third-party AI model providers receiving user data, assess the legal basis for each transfer, and evaluate whether privacy notices adequately inform users. Data subject request workflows should account for data held by third-party providers. GDPR data protection impact assessments may be warranted given the volume and sensitivity of conversational data transmitted.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision means your conversation content is not solely governed by Poe's privacy policy; it may also be processed by external AI companies whose data practices and retention policies differ and are not fully disclosed within Poe's own policy.
Users' message content, which may include personal or sensitive information shared in conversation, can be transmitted to third-party AI model operators whose privacy policies and data retention practices are independent of Poe's commitments.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Poe.