CA-C-002230
ElevenLabs — ElevenLabs Privacy Policy
Entity
Date detected
May 21, 2026
Effective date
May 21, 2026
Severity
Low
Direction
Neutral
Affected users
all users EU users Brazil residents
Taxonomy
Disclosure requirement change
Changes
+2 sentences added · 9 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch ElevenLabs Get alerts when this policy changes.
Watch — Free

Event Summary

ElevenLabs updated its Privacy Policy on May 21, 2026 to add two new affiliate entities (Eleven Labs Auto India Private Limited and Eleven Labs Technology Middle East Limited), revise legal bases for data processing to encompass contract performance and legitimate interests alongside consent, simplify contact procedures for exercising privacy rights by removing physical mailing details from the main contact section, and replace references to 'state, province or country' with the broader term 'location' when describing residency. The practical effect is that the policy now explicitly permits processing based on multiple legal grounds beyond consent, establishes a clearer data protection contact mechanism via email and online form, and expands the organizational entities authorized to process personal data.

LOW

Consumer Impact

The updated terms establish that ElevenLabs may process personal data under multiple legal bases, including contract performance, compliance with legal obligations, and legitimate interests in fraud prevention and legal defense, rather than relying solely on user consent. The policy now identifies a Data Protection Office at legal@elevenlabs.io as the primary contact for privacy rights requests and clarifies the mechanism for exercising those rights. For Brazil residents, the policy specifically names Paulo Eduardo Lilia as the Data Protection Officer. You can submit privacy rights requests using the online form or by emailing the Data Protection Office.

Governance Analysis

The updated terms establish that ElevenLabs may process personal data under multiple legal grounds (contract, legitimate interests, legal obligation) rather than requiring explicit consent for all processing. This aligns the policy with standard GDPR practice and clarifies the organizational framework for data handling across new geographic entities. The streamlined privacy rights contact procedure makes it operationally simpler for users to exercise those rights.

Available Actions

Review the updated Data Protection Office contact information at legal@elevenlabs.io to know where to direct privacy rights requests.

If you are a Brazil resident, note that Paulo Eduardo Lilia is named as the Data Protection Officer for your jurisdiction.

If No Action Is Taken

Data processing will continue under the legal bases stated in the updated policy, including contract performance and legitimate interests, without requiring advance notice to individual users.

Key Clauses Affected

Legal bases for processing

Expanded from consent-only to include contract performance, legitimate interests, and legal obligation compliance.

Privacy rights contact mechanism

Simplified to direct email to Data Protection Office; removed physical mailing address from primary contact; added Brazil-specific DPO naming.

Affiliate entity list

Added Eleven Labs Auto India Private Limited and Eleven Labs Technology Middle East Limited to the list of authorized processing entities.

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch ElevenLabs — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
23ba6fbe35d3b0be9a23780309c3cb2b879f8ae3595b30a5ff07051f3eb5526e
May 19, 2026 16:06 UTC
✓ Verified
Current Version
8565223bcd6694ee5874e81e75eb125c6e51d7f4e88d3f06091629118a7474ea
May 21, 2026 00:46 UTC
✓ Verified
Change Detected
May 21, 2026 00:46 UTC
Analysis Methodology
✓ Verified
Source Document
https://elevenlabs.io/privacy
Citation Record
Entity: ElevenLabs
Document: ElevenLabs Privacy Policy
Record ID: CA-C-002230
Captured: 2026-05-21 00:46:04 UTC
URL: https://conductatlas.com/change/2026-05-21-elevenlabs-elevenlabs-privacy-policy-2230/
Accessed: July 8, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Impact Summary

1
Expanded
Consumers Expanded

ElevenLabs can now process your data for reasons beyond what you explicitly agreed to, including when necessary to deliver a service or comply with law.

For legal and compliance teams

Institutional Analysis

Assessment

ElevenLabs' updated privacy policy on May 21, 2026 expands the legal bases it may invoke for data processing beyond consent to include contract performance, legitimate interests, and legal obligations. This aligns with GDPR Article 6 lawful basis frameworks and reflects standard international privacy practice. The policy clarifies the Data Protection Officer contact mechanism and adds specific Brazil-jurisdiction guidance naming a DPO. Organizations using ElevenLabs services should confirm their data processing addenda reflect these expanded legal bases and updated contact mechanisms, particularly where cross-border data transfers or contract-driven processing occur.

Regulatory Exposure

GDPR (lawful basis determination under Article 6); LGPD (Brazil-specific DPO naming satisfies Article 41 requirements); CCPA (notice and rights exercise mechanisms); jurisdictional privacy laws governing legitimate interest balancing.

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002230.

Clause-Level Changes

Provisions Removed
CCPA Rights for California Residents
High

Removal of dedicated CCPA provision eliminates explicit high-severity notice of California residents' specific consumer privacy rights, though some protections appear consolidated in location-dependent provision.

Removed clause text available with Compliance. See Compliance →
Policy Update and Notification
Low

Removal of policy update notification provision eliminates contractual commitment to notify users of material privacy changes, potentially reducing transparency about policy modifications.

Removed clause text available with Compliance. See Compliance →
Provisions Modified
Voice Recording Collection and AI Training Use
High

Language simplified and narrowed to focus on submitted recordings only; added explicit reference to 'account settings and applicable consent choices' providing user control over AI training use.

Before/after clause text available with Compliance. See Compliance →
Third-Party Data Sharing with Advertising and Analytics Partners
Medium

Added explicit confidentiality requirement for third parties ('agree to keep this information confidential') and consolidated separate vendor/analytics language into unified provision.

Before/after clause text available with Compliance. See Compliance →
Business Transfer Disclosure
Medium

Expanded scope to include 'financing due diligence, reorganization, bankruptcy, receivership' and 'transition of service to another provider'; added qualifier 'as permitted by law and/or contract'.

Before/after clause text available with Compliance. See Compliance →
Data Subject Rights for EU, UK, and California Users
Medium

Consolidated separate GDPR and CCPA provisions into single location-dependent provision; added CCPA 'opt out of sale or sharing' right; provided complete contact information.

Before/after clause text available with Compliance. See Compliance →
Cross-Border Data Transfer
High

Changed from conditional warning ('If you are accessing') to affirmative consent mechanism ('you consent to'); elevated severity from medium to high by explicitly stating users accept reduced legal protections.

Before/after clause text available with Compliance. See Compliance →
Cookies and Tracking Technologies
Medium

Removed 'referral URLs' from tracking list; expanded scope to explicitly include 'interactions with our Services and third-party sites'; removed stated purposes (analytics, advertising, improvement).

Before/after clause text available with Compliance. See Compliance →
Data Retention
Medium

Removed detailed retention decision factors ('amount, nature, sensitivity, risk of harm, purposes, alternative means'); simplified to basic necessity standard.

Before/after clause text available with Compliance. See Compliance →
Children's Data Restriction
Low

Removed user reporting mechanism ('If you believe we may have collected information from a child under 13, please contact us').

Before/after clause text available with Compliance. See Compliance →

Cross-platform context

See how other platforms handle similar provisions across the ConductAtlas archive.

Compare across platforms → Browse regulations →

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff — Monitor

Document Context

Version history → Policy drift analysis → Document page →
Document
ElevenLabs Privacy Policy
Entity
ElevenLabs
Captured
May 21, 2026
Source URL
https://elevenlabs.io/privacy
Other changes to ElevenLabs Privacy Policy
Previous change May 19, 2026
ElevenLabs removed two social media links from their privacy policy footer on May 19, 2026. The policy previously included separate …
Low Neutral
Next change May 30, 2026
ElevenLabs modified the footer navigation section of its privacy policy on May 30, 2026. The change removed a standalone link …
Low Neutral
View full version history →
More from ElevenLabs
Jun 26, 2026 Low
ElevenLabs Privacy Policy

ElevenLabs removed the phrase 'Contact Sales' from the initial paragraph of its Privacy Policy on June 26, 2026. This was …

Jun 26, 2026 Low
ElevenLabs Usage Policy

The detected change involves removal of the phrase 'Contact Sales' from the navigation or header section of ElevenLabs' Usage Policy …

Jun 26, 2026 Low
ElevenLabs Privacy Policy

ElevenLabs removed a call-to-action button labeled 'Contact Sales' from its privacy policy document on June 26, 2026. The substantive text …

Related Analysis
Platform Analysis · June 12, 2026
OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.

Track ElevenLabs policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 352+ platforms every Sunday.