When you use certain Runway features to generate video or audio, the service collects your voice recordings and face scan data, which are classified as biometric identifiers under some state laws. Runway states it uses this data only to fulfill the service you requested.
This analysis describes what Runway's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes that biometric data collection occurs only upon user submission for specific product features and defines the scope of permissible use as limited to service delivery. This framing acknowledges that such data may fall under biometric information regulations in certain jurisdictions.
Interpretive note: The policy does not specify written consent procedures, retention periods, or destruction timelines for biometric data; whether current practices satisfy BIPA or analogous state statutes depends on implementation details not disclosed in the policy text.
Users who engage Runway's generative video and audio features submit biometric identifiers including voice data and face scans, which the policy states are used only to provide the requested service; however, the policy does not specify how long this data is retained or when it is destroyed, which matters for users in Illinois, Texas, and other states with biometric privacy statutes.
How other platforms handle this
"By clicking 'Next', you are indicating that you have read and agree to the TERMS OF USE AND PRIVACY POLICY"
We automatically collect certain information from your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Service, we collect information about the individual web pages or products th...
Location data. Data about your device's location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device's IP address...
Monitoring
Runway has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Biometric data, such as voice data and scans of faces that you submit when you use certain product features to create videos and audio using characteristics like voice and face. Such characteristics may be considered biometric identifiers or biometric information under certain laws including applicable privacy laws. When you choose to use these features, we use any biometric data submitted by you only to provide the service requested by you.— Excerpt from Runway's Runway Privacy Policy
(1) REGULATORY LANDSCAPE: This provision implicates the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (CUBI, Tex. Bus. & Com. Code Ch. 503), and the Washington My Health MY Data Act for biometric health data where applicable. The FTC and state attorneys general in Illinois, Texas, and Washington hold relevant enforcement authority. BIPA requires a written policy, written informed consent prior to collection, and a destruction schedule; the policy as written does not specify these elements, creating potential tension with BIPA requirements. (2) GOVERNANCE EXPOSURE: High. The collection of facial geometry and voice prints for AI generative features is among the highest-risk data practices under US state law, with BIPA authorizing statutory damages of $1,000 to $5,000 per violation. Enterprise customers deploying Runway to their own end users may face downstream exposure if they have not assessed whether their use of Runway's biometric features satisfies applicable consent and disclosure obligations in their users' jurisdictions. (3) JURISDICTION FLAGS: Illinois presents the highest exposure due to BIPA's private right of action. Texas and Washington impose similar collection and destruction requirements enforced by state attorneys general. Organizations with EU or UK users should assess whether voice and face data processing for AI generation satisfies GDPR requirements for processing special category data, which may require explicit consent under Article 9. California's CCPA classifies biometric data as sensitive personal information subject to opt-in consent requirements. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should request clarification from Runway regarding written consent workflows, data retention schedules, and destruction timelines for biometric data before deploying generative voice and face features to their user bases. Data processing agreements with Runway should explicitly address biometric data handling obligations. The policy's assertion that biometric data is used only to provide the requested service should be confirmed contractually. (5) COMPLIANCE CONSIDERATIONS: Legal and compliance teams should audit whether Runway's biometric data collection for generative features has been disclosed to users in Illinois, Texas, and Washington in a manner that satisfies applicable statutory consent requirements. A data mapping exercise should document which specific product features trigger biometric data collection and whether separate consent flows are required. Organizations should evaluate whether their terms with end users downstream of Runway adequately disclose biometric data processing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes that biometric data collection occurs only upon user submission for specific product features and defines the scope of permissible use as limited to service delivery. This framing acknowledges that such data may fall under biometric information regulations in certain jurisdictions.
Users who engage Runway's generative video and audio features submit biometric identifiers including voice data and face scans, which the policy states are used only to provide the requested service; however, the policy does not specify how long this data is retained or when it is destroyed, which matters for users in Illinois, Texas, and other states with biometric privacy …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Runway.