Your data may be transferred to and stored in the United States, and Writer uses Standard Contractual Clauses as the legal mechanism for EU and UK data transfers.
This analysis describes what Writer's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
EU and UK users should know their data is processed in the US and that SCCs are the legal basis for that transfer, which may require assessment under applicable data protection law.
Interpretive note: The adequacy of the SCC mechanism depends on the specific module used, whether a Transfer Impact Assessment has been completed, and evolving regulatory guidance; the policy does not specify SCC version or module.
If you are in the EU or UK, your data is transferred to the United States under Standard Contractual Clauses, which is the standard legal mechanism for such transfers but may require your organization to conduct a transfer impact assessment depending on applicable regulatory guidance.
How other platforms handle this
Customer authorized Mistral AI to transfer Personal Data to any country deemed to have an adequate level of data protection by the European Commission. Customer also authorizes Mistral AI to perform International Data Transfers to (a) on the basis of adequate safeguards in accordance with Applicable...
Personal data collected by Unity may be transferred to and processed in countries outside of the European Economic Area, including the United States, where data protection laws may differ from those in your country. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeg...
When we transfer personal data outside the European Economic Area, United Kingdom, or Switzerland, we use appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected.
Monitoring
Writer has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Writer is based in the United States. If you are located outside the United States, please be aware that information we collect may be transferred to and processed in the United States. By using the Services, you consent to this transfer. For transfers from the European Economic Area or United Kingdom, Writer relies on appropriate transfer mechanisms such as Standard Contractual Clauses.— Excerpt from Writer's Writer Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages GDPR Chapter V (international transfers) and UK GDPR equivalent provisions. Following Schrems II, organizations relying on SCCs must conduct Transfer Impact Assessments (TIAs) to assess whether the legal framework in the destination country (here, the US) provides equivalent protection. The EU-US Data Privacy Framework (DPF) may also be relevant if Writer participates in it, though the policy references SCCs rather than the DPF. The policy's statement that use of the Services constitutes consent to transfer is likely insufficient as a standalone GDPR transfer mechanism and should not be relied upon as the primary legal basis. GOVERNANCE EXPOSURE: High for EU and UK enterprise customers. The reliance on SCCs requires that enterprise customers confirm the version of SCCs in use (the 2021 EC SCCs replaced the prior versions), that a TIA has been conducted, and that supplementary measures are in place if the TIA identifies gaps. The consent-to-transfer language in the policy is not a compliant GDPR transfer mechanism and its inclusion alongside SCCs may create interpretive ambiguity. JURISDICTION FLAGS: EU member state supervisory authorities and the UK ICO have enforcement authority over international transfer compliance. Switzerland-based users should also assess Swiss FADP transfer requirements. Canadian organizations should assess PIPEDA cross-border transfer obligations. CONTRACT AND VENDOR IMPLICATIONS: The DPA should specify which module of the 2021 SCCs applies (controller-to-processor), confirm that Writer has completed its obligations as importer, and include or reference a completed TIA. Enterprise customers acting as controllers must ensure their own TIA documentation covers the Writer transfer. COMPLIANCE CONSIDERATIONS: EU and UK compliance teams should confirm SCC version and module in the DPA, conduct or obtain a TIA covering the US processing environment, assess supplementary measures, and verify that Writer's US operations provide an adequate level of protection for the data types transferred. This is a standing review obligation given ongoing regulatory evolution in this area.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
EU and UK users should know their data is processed in the US and that SCCs are the legal basis for that transfer, which may require assessment under applicable data protection law.
If you are in the EU or UK, your data is transferred to the United States under Standard Contractual Clauses, which is the standard legal mechanism for such transfers but may require your organization to conduct a transfer impact assessment depending on applicable regulatory guidance.
ConductAtlas has identified this type of provision across 48 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Writer.