What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR (for EU/EEA users), UK GDPR, CCPA/CPRA (for California residents), and potentially Illinois BIPA, Texas Capture or Use of Biometric Identifier Act, and Washington My Health My Data Act given the collection and processing of voice recordings that may constitute biometric identifiers under applicable state law. The FTC exercises general consumer protection jurisdiction over ElevenLabs' U.S. data practices. The EU data protection authorities, incl…

How often is ElevenLabs's ElevenLabs Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when ElevenLabs updates this document?

Yes. Monitor subscribers ($19/month) can add ElevenLabs to their watchlist and receive same-day email alerts whenever this document or any other ElevenLabs document changes.

CA-D-000450

ElevenLabs Privacy Policy

ElevenLabs

Last change detected May 30, 2026 Privacy policy

SHA-256: 31c620f1a2505c315bf… 4 versions captured 3 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at ElevenLabs ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

5 Medium severity

2 Low severity

Summary

This is ElevenLabs' privacy policy, governing how the company collects and uses personal data from users of its AI voice cloning and text-to-speech platform. The policy discloses that ElevenLabs collects voice recordings and generated voice models from users and states that this data may be used to train and improve ElevenLabs AI systems, subject to user consent where legally required. The policy also authorizes sharing of user data including identifiers, usage data, and payment information with advertising, analytics, and service provider partners.

Technical / Legal Breakdown

This document is ElevenLabs' privacy policy governing the collection, use, storage, and sharing of personal data across its AI voice generation platform, with legal bases including consent, contractual necessity, and legitimate interests as applicable under GDPR and equivalent frameworks. The policy states that ElevenLabs collects identifiers, contact information, payment data, usage data, device and browser information, voice recordings and voice models, and user-generated content, and the terms authorize sharing this data with service providers, analytics partners, advertising partners, payment processors, and business partners. The policy includes provisions authorizing the use of user-submitted voice data to train and improve ElevenLabs AI models, subject to consent where required; the scope of this authorization and its interaction with biometric data regulations (such as Illinois BIPA and similar state-level laws) warrants legal review, as the document asserts broad rights over voice data that may be constrained by applicable law. The policy engages GDPR for EU/EEA users, CCPA/CPRA for California residents, and potentially Illinois BIPA, Texas CUBI, and Washington MY Health MY Data Act given the biometric and voice data dimensions; material compliance considerations include whether consent mechanisms for voice model training satisfy the specificity requirements under GDPR Article 7 and BIPA Section 15, and whether cross-border data transfers to the United States are supported by adequate transfer mechanisms such as Standard Contractual Clauses.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

3 important changes detected

4 versions captured · Last updated: May 2026

May 30, 2026

low

What changed ElevenLabs modified a single sentence in their privacy policy on May 30, 2026, removing a reference to the EU Digital Services Act (DSA) from the footer navigation while reorganizing the policy footer links. Previously, the policy footer listed 'EU Digital Services Act (DSA)' as a standalone link between 'Brand & Press Kit' and 'Terms'. The updated footer now groups 'ElevenLabs Summit' under a 'Policies' category and repositions the DSA link after 'EU Digital Services Act (DSA)' appears now after 'EU Digital Services Act (DSA)' in the sequence. This is a formatting and navigation reorganization with no substantive change to ElevenLabs' stated data governance practices or privacy commitments.

Why this matters This change does not materially affect consumer privacy rights, data processing practices, or operational terms. The updated policy footer reorganizes navigation links by consolidating policy-related items under a 'Policies' section and repositioning the EU Digital Services Act reference. The underlying privacy commitments and data governance frameworks described in the policy remain unchanged.

View full change record →

May 21, 2026

low

What changed ElevenLabs updated its privacy policy on May 21, 2026, making several modifications to how it describes legal bases for data processing and contact procedures for exercising data rights. The policy now references multiple legal bases for processing (contract performance, legal compliance, legitimate interests) instead of relying primarily on consent, and reorganized contact instructions to designate a Data Protection Office with specific email and mailing address. The policy also added Brazil-specific contact information naming Paulo Eduardo Lilia as the Data Protection Officer for Brazilian residents. These changes clarify ElevenLabs' organizational structure, formalize data protection contacts, and broaden the stated legal justifications for data processing.

Why this matters The updated policy clarifies that ElevenLabs may process your personal data based on multiple legal grounds: contract performance, legal compliance, legitimate interests, and other applicable legal bases, rather than relying primarily on your consent. The policy also reorganizes contact procedures for exercising data rights, designating a formal Data Protection Office accessible by email at legal@elevenlabs.io and by mail at the stated address. For Brazilian residents, the policy names Paulo Eduardo Lilia as the designated Data Protection Officer. You can exercise data rights using the online form or by emailing the Data Protection Office with your request in the subject line.

View full change record →

May 19, 2026 low

ElevenLabs removed two social media platform links from their privacy policy footer on May 19, 2026. The updated policy no longer includes direct links to X-Developers and YouTube-Developers accounts in …

View change record →

Recent Provision Changes May 30, 2026

8 provisions unchanged.

View full change record →

High — 1 provision

Voice Data Collection and AI Model Training Compare →

ElevenLabs collects voice recordings and AI-generated voice models submitted by users and states that this data may be used to train and improve its AI systems, with consent obtained where legally required.

Added May 21, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Data Sharing with Advertising and Analytics Partners Compare →

ElevenLabs authorizes sharing of user personal information with advertising partners, analytics providers, service providers, and business partners for platform operation and business purposes.

Added May 21, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

ElevenLabs states that personal data may be transferred and processed in countries outside the user's country of residence, including countries with different data protection standards.

Added May 21, 2026 Standard Seen across 284 platforms
CCPA Rights for California Residents Compare →

California residents are granted rights under CCPA/CPRA to know, delete, opt-out of sale or sharing, and be free from discrimination for exercising privacy rights regarding their personal information held by ElevenLabs.

Added May 21, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

ElevenLabs deploys cookies, web beacons, and pixel tags to collect browsing activity, device information, and user interaction data, which is used for analytics and advertising purposes.

Added April 30, 2026 Standard Seen across 284 platforms
Data Retention Compare →

ElevenLabs retains personal information for the duration necessary to fulfill stated collection purposes and to comply with legal, accounting, and reporting obligations, without specifying fixed retention periods for individual data categories.

Added April 30, 2026 Standard Seen across 284 platforms

Low — 2 provisions

GDPR Individual Rights Compare →

The policy grants EU/EEA, UK, and Swiss users rights of access, rectification, erasure, restriction, objection, and data portability under applicable data protection law, exercisable by contacting ElevenLabs directly.

Added May 21, 2026 Standard Seen across 284 platforms
Children's Privacy and Age Restriction Compare →

ElevenLabs states its services are not directed at children under 13 and that it does not knowingly collect personal information from children under 13, with a remediation commitment to delete such data if collected.

Added May 21, 2026 Standard Seen across 284 platforms