ElevenLabs updated its Privacy Policy on May 21, 2026 to add two new affiliate entities (Eleven Labs Auto India Private Limited and Eleven Labs Technology Middle East Limited), revise legal bases for data processing to encompass contract performance and legitimate interests alongside consent, simplify contact procedures for exercising privacy rights by removing physical mailing details from the main contact section, and replace references to 'state, province or country' with the broader term 'location' when describing residency. The practical effect is that the policy now explicitly permits processing based on multiple legal grounds beyond consent, establishes a clearer data protection contact mechanism via email and online form, and expands the organizational entities authorized to process personal data.
The updated terms establish that ElevenLabs may process personal data under multiple legal bases, including contract performance, compliance with legal obligations, and legitimate interests in fraud prevention and legal defense, rather than relying solely on user consent. The policy now identifies a Data Protection Office at legal@elevenlabs.io as the primary contact for privacy rights requests and clarifies the mechanism for exercising those rights. For Brazil residents, the policy specifically names Paulo Eduardo Lilia as the Data Protection Officer. You can submit privacy rights requests using the online form or by emailing the Data Protection Office.
The updated terms establish that ElevenLabs may process personal data under multiple legal grounds (contract, legitimate interests, legal obligation) rather than requiring explicit consent for all processing. This aligns the policy with standard GDPR practice and clarifies the organizational framework for data handling across new geographic entities. The streamlined privacy rights contact procedure makes it operationally simpler for users to exercise those rights.
→ Review the updated Data Protection Office contact information at legal@elevenlabs.io to know where to direct privacy rights requests.
→ If you are a Brazil resident, note that Paulo Eduardo Lilia is named as the Data Protection Officer for your jurisdiction.
→ Data processing will continue under the legal bases stated in the updated policy, including contract performance and legitimate interests, without requiring advance notice to individual users.
Expanded from consent-only to include contract performance, legitimate interests, and legal obligation compliance.
Simplified to direct email to Data Protection Office; removed physical mailing address from primary contact; added Brazil-specific DPO naming.
Added Eleven Labs Auto India Private Limited and Eleven Labs Technology Middle East Limited to the list of authorized processing entities.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
ElevenLabs can now process your data for reasons beyond what you explicitly agreed to, including when necessary to deliver a service or comply with law.
ElevenLabs' updated privacy policy on May 21, 2026 expands the legal bases it may invoke for data processing beyond consent to include contract performance, legitimate interests, and legal obligations. This aligns with GDPR Article 6 lawful basis frameworks and reflects standard international privacy practice. The policy clarifies the Data Protection Officer contact mechanism and adds specific Brazil-jurisdiction guidance naming a DPO. Organizations using ElevenLabs services should confirm their data processing addenda reflect these expanded legal bases and updated contact mechanisms, particularly where cross-border data transfers or contract-driven processing occur.
GDPR (lawful basis determination under Article 6); LGPD (Brazil-specific DPO naming satisfies Article 41 requirements); CCPA (notice and rights exercise mechanisms); jurisdictional privacy laws governing legitimate interest balancing.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002230.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorElevenLabs updated its website tagline on May 22, 2026, changing 'The most realistic voice AI platform' to 'AI Communication Platform'. …
ElevenLabs updated their Safety Policy navigation menu on May 21, 2026, adding a reference to 'Speech Engine' in the API …
The ElevenLabs Usage Policy was updated on May 21, 2026 with a minor navigation menu change. The revised navigation added …
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.