X · X Privacy Policy · View original document ↗

Corporate Transaction Data Transfer

Medium severity High confidence Explicitdocumentlanguage Uncommon · 23 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for X Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

If X is acquired, merges with another company, or undergoes a bankruptcy or asset sale, your personal data may be transferred to the acquiring entity as part of that transaction.

This analysis describes what X's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision authorizes the transfer of personal data to a new corporate entity in connection with a corporate transaction, meaning control over your data could shift to a different company with its own privacy practices, potentially under a revised privacy policy.

Clause Stability Stable

0
Changes
3
Months Monitored
May 12, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 1153 other provisions on other platforms.

Consumer impact (what this means for users)

In a merger, acquisition, or bankruptcy involving X, your personal data including account information, posts, direct messages, and behavioral data may be transferred to a new company. The policy states that the new entity may adopt its own privacy policy and may update the terms under which your data is used.

How other platforms handle this

Discord Medium

We may share your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, or dissolution, transaction, or proceeding involving all or a portion of our business.

Figma Medium

By using our Services, you agree to be bound by this Privacy Policy.

MetaMask Medium

We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.

See all platforms with this clause type →

Monitoring

X has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal information may be sold or transferred as part of that transaction. This Privacy Policy will apply to your personal information as transferred to the new entity, although the new entity may have its own privacy policy and may update the Privacy Policy.

— Excerpt from X's X Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Corporate transaction data transfers engage GDPR Article 6 lawful basis requirements and may require data subject notification depending on the nature and scale of the transfer. Under CCPA, transfers of personal information in a merger or acquisition are subject to the requirement that the transferee be contractually bound to use the data only in accordance with the original policy or notify users and provide opt-out rights. FTC guidance on data transfers in bankruptcy proceedings is also relevant. GOVERNANCE EXPOSURE: Medium. Corporate transaction transfers are a standard disclosure in consumer privacy policies. Governance exposure arises if the acquiring entity materially changes the terms under which personal data is used without adequate notice and an opportunity to opt out, particularly for sensitive data categories. JURISDICTION FLAGS: EU and UK users benefit from GDPR's requirements that lawful basis and data subject rights be maintained through corporate transactions. California residents retain CCPA/CPRA rights against the successor entity. In bankruptcy proceedings, the FTC has historically asserted that consumer data constitutes an asset subject to specific protections. CONTRACT AND VENDOR IMPLICATIONS: Organizations that have data processing agreements with X should include change-of-control provisions specifying how such agreements are affected by a corporate transaction involving X. COMPLIANCE CONSIDERATIONS: Legal teams should monitor X's corporate structure and ownership for material changes that could trigger data transfer obligations, and assess whether existing agreements with X include adequate protections in the event of a sale or restructuring.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has oversight of consumer data transfers in corporate transactions, including mergers, acquisitions, and bankruptcy proceedings, under Section 5 of the FTC Act.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
X Privacy Policy
Entity
X
Document last updated
May 5, 2026
Tracking information
First tracked
May 8, 2026
Last verified
May 12, 2026
Record ID
CA-P-011133
Document ID
CA-D-00030
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
0f23df42ef3cddb4de37fa368ab31f32853cb55b59dcc25c699bf64703e25d81
Analysis generated
May 8, 2026 12:18 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: X
Document: X Privacy Policy
Record ID: CA-P-011133
Captured: 2026-05-08 12:18:24 UTC
SHA-256: 0f23df42ef3cddb4…
URL: https://conductatlas.com/platform/x/x-privacy-policy/corporate-transaction-data-transfer/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does X's Corporate Transaction Data Transfer clause do?

This provision authorizes the transfer of personal data to a new corporate entity in connection with a corporate transaction, meaning control over your data could shift to a different company with its own privacy practices, potentially under a revised privacy policy.

How does this clause affect you?

In a merger, acquisition, or bankruptcy involving X, your personal data including account information, posts, direct messages, and behavioral data may be transferred to a new company. The policy states that the new entity may adopt its own privacy policy and may update the terms under which your data is used.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 23 platforms. See the full comparison.

Is ConductAtlas affiliated with X?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by X.