ElevenLabs updated its privacy policy on May 21, 2026, making several modifications to how it describes legal bases for data processing and contact procedures for exercising data rights. The policy now references multiple legal bases for processing (contract performance, legal compliance, legitimate interests) instead of relying primarily on consent, and reorganized contact instructions to designate a Data Protection Office with specific email and mailing address. The policy also added Brazil-specific contact information naming Paulo Eduardo Lilia as the Data Protection Officer for Brazilian residents. These changes clarify ElevenLabs' organizational structure, formalize data protection contacts, and broaden the stated legal justifications for data processing.
The updated policy clarifies that ElevenLabs may process your personal data based on multiple legal grounds: contract performance, legal compliance, legitimate interests, and other applicable legal bases, rather than relying primarily on your consent. The policy also reorganizes contact procedures for exercising data rights, designating a formal Data Protection Office accessible by email at legal@elevenlabs.io and by mail at the stated address. For Brazilian residents, the policy names Paulo Eduardo Lilia as the designated Data Protection Officer. You can exercise data rights using the online form or by emailing the Data Protection Office with your request in the subject line.
The updated policy clarifies the legal grounds under which ElevenLabs processes personal data, moving beyond consent-based justification to cite contract performance, legal compliance, and legitimate interests. This formalization helps users and regulators understand when and why ElevenLabs may process data without requiring explicit affirmative consent, which is operationally significant under GDPR, CCPA, and LGPD frameworks.
→ Review the updated policy to understand the legal bases under which ElevenLabs processes your data.
→ If you wish to exercise your data rights (access, deletion, portability, or objection), submit a request via the online form or email legal@elevenlabs.io using the designated subject line format.
→ The updated terms will apply as written; ElevenLabs will process your data under the stated legal bases without requiring consent for all processing activities.
→ If you do not submit a data rights request, the terms do not obligate ElevenLabs to provide you access to or delete your personal data outside of legal obligations.
Policy now cites contract performance, legal compliance, and legitimate interests as bases for processing, replacing reliance on consent as primary justification.
Formalized contact mechanism through named Data Protection Office at legal@elevenlabs.io and physical mailing address for submitting data rights requests.
Added designation of Paulo Eduardo Lilia as DPO for Brazilian residents, signaling localized compliance governance.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The policy revision clarifies ElevenLabs' legal bases for data processing and formalizes its data protection governance structure by establishing a named Data Protection Office. The change expands stated legal grounds for processing from consent-based framing to include contract performance, legal compliance, and legitimate interests, which aligns with standard GDPR and CCPA operational practice. The addition of Brazil-specific contact information suggests ElevenLabs operates a Brazil entity and may signal compliance with Brazilian data protection frameworks (LGPD). No immediate compliance action appears required; the changes primarily clarify existing operational and organizational structures.
GDPR (legal bases under Article 6), CCPA (processing justifications), LGPD (Brazil-specific governance and DPO designation)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002227.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorElevenLabs updated its website tagline on May 22, 2026, changing 'The most realistic voice AI platform' to 'AI Communication Platform'. …
ElevenLabs updated its Privacy Policy on May 21, 2026 to add two new affiliate entities (Eleven Labs Auto India Private …
ElevenLabs updated their Safety Policy navigation menu on May 21, 2026, adding a reference to 'Speech Engine' in the API …
How Meta, TikTok, and Supabase restructured governance language across documents, jurisdictions, and consent frameworks through incremental…
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.