Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over data transfers in M&A contexts where consumer privacy representations are not honoured by acquiring entities.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Business Transfer Data Disclosure clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Business Transfer Data Disclosure clauses across approximately 2 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Business Transfer Data Disclosure — Stability AI

Share 𝕏 Share in Share 🔒 PDF

What it is

If Stability AI is sold, merged, or acquires financing, your personal data may be transferred to the new owner or acquiring company, potentially before any deal is finalised.

Consumer impact (what this means for users)

In the event of a merger or acquisition, your account data, usage history, and AI-generated content history could be transferred to a new corporate owner whose data practices you have not agreed to.

Cross-platform context

See how other platforms handle Business Transfer Data Disclosure and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Your personal data could be transferred to an entirely different company with different privacy practices, and this can occur during deal negotiations — not just after a completed transaction.

View original clause language

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 6 requires a valid lawful basis for data transfers in M&A contexts; legitimate interests or contractual necessity are typically claimed but may require a new privacy notice. The UK ICO has published specific guidance on data protection in M&A transactions. CCPA §1798.140 requires that acquiring entities honour existing privacy commitments. FTC consent orders have historically required acquirers to maintain predecessor privacy policies.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over data transfers in M&A contexts where consumer privacy representations are not honoured by acquiring entities.
File a complaint →

Provision details

Document information

Document

Stability AI Privacy Policy

Entity

Stability AI

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003726

Document ID

CA-D-00330

Evidence Provenance

Source URL

https://stability.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

ab8463c1a698bccc246c55dd2af2b3ea094ea7c70c2ca61b926c6b9eac014966

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Stability AI | Document: Stability AI Privacy Policy | Record: CA-P-003726
Captured: 2026-04-28 05:31:08 UTC | SHA-256: ab8463c1a698bccc…
URL: https://conductatlas.com/platform/stability-ai/stability-ai-privacy-policy/business-transfer-data-disclosure/
Accessed: May 2, 2026

Classification

Severity

Medium

Business Transfer Data Disclosure