If you use Character.AI's voice features, the platform records and stores your voice, which may be used for model training and other stated purposes.
This analysis describes what Character.AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Voice recordings are a biometric-adjacent data type that receives heightened legal protection in several US states and under GDPR, and their collection for AI model training carries specific regulatory implications.
Interpretive note: The policy does not specify whether voice data is processed for speaker identification or biometric purposes, creating uncertainty about which biometric privacy statutes apply and whether consent requirements under those statutes are triggered.
Previous version had no excerpt; current version now clearly specifies that voice data includes recordings and is optional based on feature usage.
View full change record →Using Character.AI's voice features means your voice recordings are collected by the platform and may be used for AI model training, which may trigger biometric data protections depending on your location.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Character.AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Voice data, including recordings of your voice, if you chose to use certain voice features.— Excerpt from Character.AI's Character.ai Privacy Policy
REGULATORY LANDSCAPE: Voice data collection engages Illinois BIPA if voice recordings are used in ways that constitute collection of biometric identifiers or biometric information, Washington My Health MY Data Act, Texas CUBI, and similar state biometric laws. Under GDPR, voice data that allows identification of individuals may constitute biometric data under Article 4(14) if processed for the purpose of uniquely identifying individuals, triggering Article 9 special category protections. The FTC and relevant state attorneys general are enforcement authorities. The policy does not specify whether voice data is used solely for functional voice interaction or for speaker identification or biometric profiling. GOVERNANCE EXPOSURE: High. The collection of voice data combined with its use for AI model training creates significant exposure under state biometric privacy laws, particularly BIPA, which provides a private right of action and statutory damages of $1,000 to $5,000 per violation. The policy does not specify whether voice data is treated as biometric under any framework or whether state-specific biometric consent requirements are met. JURISDICTION FLAGS: Illinois users face the highest exposure given BIPA's private right of action and damages provisions. Texas and Washington have biometric privacy statutes enforced by state attorneys general. EU and UK users may have GDPR Article 9 claims if voice data is processed for identification purposes. California's CCPA includes voice data in its sensitive personal information category with specific opt-out rights. CONTRACT AND VENDOR IMPLICATIONS: If voice data is processed by third-party infrastructure providers, those vendors must be assessed for biometric data compliance under applicable state laws. Vendor contracts should specify restrictions on voice data use beyond the contracted purpose. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the voice feature's technical processing pipeline constitutes collection of biometric identifiers under BIPA and analogous state laws, and if so, ensure that written consent and data retention schedules required by those laws are implemented. A data protection impact assessment for voice data processing should be documented. The model training use of voice data should be specifically addressed in GDPR Article 13 disclosures for EU users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Voice recordings are a biometric-adjacent data type that receives heightened legal protection in several US states and under GDPR, and their collection for AI model training carries specific regulatory implications.
Using Character.AI's voice features means your voice recordings are collected by the platform and may be used for AI model training, which may trigger biometric data protections depending on your location.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Character.AI.