EU/EEA users and California residents have specific legal rights to see, correct, delete, and transfer their data, and California users can also opt out of their data being sold or shared.
This analysis describes what ElevenLabs's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights give EU and California users meaningful control over their personal data including voice recordings, but they only apply if users actively exercise them by contacting ElevenLabs.
If you are an EU/EEA user or California resident, you can request access to, deletion of, or restriction of processing of your personal data including voice recordings by contacting ElevenLabs, but these rights require active assertion and are not automatically applied.
Cross-platform context
See how other platforms handle User Rights for EU and California Residents and similar clauses.
Compare across platforms →Monitoring
ElevenLabs has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Union or European Economic Area, you have certain rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing of, and port your personal data. California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale or sharing of personal information.— Excerpt from ElevenLabs's ElevenLabs Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 15-21 (rights of data subjects) and CCPA/CPRA Sections 1798.100-1798.125. The relevant enforcement authorities are the data protection authorities of EU member states (and the Irish DPA as ElevenLabs' likely EU lead authority if established in Ireland), the UK ICO for UK users, and the California Privacy Protection Agency (CPPA) for California residents. The FTC retains concurrent jurisdiction over deceptive privacy practices for US users. GOVERNANCE EXPOSURE: Medium. The policy's disclosure of user rights is facially compliant with GDPR and CCPA transparency requirements, but the operational adequacy of the rights fulfillment process — including response timelines, identity verification procedures, and the handling of rights requests for voice model data — should be verified. GDPR requires responses to access and deletion requests within one month. JURISDICTION FLAGS: EU/EEA users have the broadest rights under GDPR, including the right to lodge complaints with their national supervisory authority. California users have CPRA rights including the right to correct inaccurate personal information and the right to limit use of sensitive personal information. UK users retain equivalent rights under UK GDPR post-Brexit. Other US state residents (Virginia, Colorado, Connecticut, Texas) may have analogous rights under their respective state privacy laws. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers who are controllers under GDPR must ensure their data processing agreements with ElevenLabs as a processor include adequate provisions for honoring data subject rights requests passed through from end users. The policy does not specify whether ElevenLabs acts as a controller or processor in API contexts, which is a material gap for B2B compliance. COMPLIANCE CONSIDERATIONS: Legal teams should verify that ElevenLabs' rights request handling process operates within GDPR's one-month response window and that identity verification does not create disproportionate barriers to rights exercise. The scope of deletion rights as applied to voice model data embedded in trained AI models should be assessed, as technical deletion from trained models may differ from deletion of source recordings.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights give EU and California users meaningful control over their personal data including voice recordings, but they only apply if users actively exercise them by contacting ElevenLabs.
If you are an EU/EEA user or California resident, you can request access to, deletion of, or restriction of processing of your personal data including voice recordings by contacting ElevenLabs, but these rights require active assertion and are not automatically applied.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ElevenLabs.