ElevenLabs · ElevenLabs Privacy Policy

International Data Transfers

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you live outside the US, your personal data — including voice recordings — will be transferred to and stored in the United States, where privacy laws provide fewer protections than in the EU or UK.

Consumer impact (what this means for users)

EU and UK users' voice recordings and personal data are processed in the US, where they lose the direct protection of GDPR, and the policy's reliance on 'consent via using the service' as a transfer mechanism is legally questionable under GDPR Art. 49.

Cross-platform context

See how other platforms handle International Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

EU and UK users' biometric voice data is being transferred to the US, a country without an adequacy decision equivalent to EU standards for all contexts, and the policy attempts to use blanket consent via service use as the transfer mechanism — which GDPR does not permit as a primary transfer basis.

View original clause language
If you are located outside the United States, please be aware that information we collect, including personal data, may be transferred to and processed in the United States or other countries, which may not have the same data protection laws as your country. By using our Services, you consent to the transfer of your information to countries outside of your country of residence.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Chapter V (Arts. 44–49) governs international data transfers and requires an adequacy decision, Standard Contractual Clauses (SCCs), Binding Corporate Rules, or an Art. 49 derogation; the EU-US Data Privacy Framework (adopted July 2023) provides a current adequacy basis for certified US companies; UK GDPR Chapter V imposes analogous requirements; the policy's reliance on user consent as a transfer mechanism is only permissible under Art. 49(1)(a) for non-repetitive transfers, not for systematic processing of all user data. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU users can file complaints with their national data protection authority; US State AGs handle domestic aspects of international data transfer violations affecting residents.
    File a complaint →

Provision details

Document information
Document
ElevenLabs Privacy Policy
Entity
ElevenLabs
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004370
Document ID
CA-D-00450
Evidence Provenance
Source URL
https://elevenlabs.io/privacy-policy
Wayback Machine
View archived versions →
SHA-256
b75b1f8acd13a68881f4fcb9606d10a24499d50e9b26f218570263ebce7417e9
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: ElevenLabs | Document: ElevenLabs Privacy Policy | Record: CA-P-004370
Captured: 2026-04-30 09:06:47 UTC | SHA-256: b75b1f8acd13a688…
URL: https://conductatlas.com/platform/elevenlabs/elevenlabs-privacy-policy/international-data-transfers/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document