Data Sharing with Business Partners

What it is

ElevenLabs may share your personal data not just with companies that help run its platform, but also with business partners who may use it for their own marketing or business purposes.

Why it matters (compliance & governance perspective)

Sharing data with partners for their own marketing purposes goes beyond operational service delivery and may constitute a 'sale' or 'sharing' of personal information under CCPA/CPRA, triggering opt-out rights for California residents.

Consumer impact (what this means for users)

Your account data and usage information may be shared with third-party business partners who can use it for purposes beyond delivering ElevenLabs services, potentially including targeted advertising or business analytics by those partners.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision directly engages CCPA/CPRA, which defines 'sharing' broadly to include disclosures for cross-context behavioral advertising and requires businesses to honor opt-out requests. GDPR requires that any data sharing with third parties for their own purposes be grounded in a specific legal basis and that users receive transparent information about those recipients. The FTC's unfair or deceptive practices authority is also relevant if the scope of 'business partners' is not sufficiently disclosed. GOVERNANCE EXPOSURE: Medium. The breadth of the 'business partners' category creates ambiguity about whether specific disclosures constitute a 'sale' or 'sharing' under CCPA/CPRA. If ElevenLabs receives any value — monetary or otherwise — in exchange for sharing user data with partners, CCPA opt-out mechanisms must be available and honored. JURISDICTION FLAGS: California presents the clearest statutory exposure given CPRA's expanded definition of 'sharing.' EU/EEA users are protected under GDPR's data minimization and purpose limitation principles, which may constrain sharing with partners for purposes unrelated to the original collection purpose. Virginia, Colorado, and Connecticut privacy laws contain analogous provisions. CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should request a list of current business partners receiving user data and assess whether data processing agreements or standard contractual clauses are in place. The distinction between 'service providers' (who process data on ElevenLabs' behalf) and 'business partners' (who may process for their own purposes) is material to CCPA compliance and vendor risk assessment. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether a 'Do Not Sell or Share My Personal Information' link is prominently displayed and functional. The policy's description of 'business partners' should be reviewed to determine whether a more granular disclosure of partner categories is required under applicable state privacy laws. Data flow mapping should distinguish between service provider relationships and partner relationships.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Voice Data Use for AI Model Training high
• Corporate Transaction Data Transfer medium
• User Rights for EU and California Residents medium
• Data Retention medium
• Cookies and Tracking Technologies low
• Children's Data and Age Restriction medium

Related Analysis

• Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

  ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.

• 23andMe Is Bankrupt. What Happens to Your DNA Now?

  Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.