What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR as primary frameworks, with Synthesia acting as both a data controller for direct users and a data processor for enterprise customers under Data Processing Agreements. CCPA and CPRA apply to California residents, requiring disclosure of data sale or sharing practices and honoring opt-out requests. The collection of personal likeness and voice recordings for AI avatar generation may engage the Illinois Biometric Information Privacy A…

How does Synthesia's Synthesia Privacy Policy affect users?

Users who create custom avatars authorize Synthesia to collect and process voice recordings and facial likeness data as part of the service. Enterprise customers uploading employee or third-party likeness data assume responsibilities as data controllers under GDPR and equivalent frameworks in applicable jurisdictions. The policy establishes procedures through which account holders may request access to, correction of, deletion of, or portability of personal data by contacting the designated pri…

How often is Synthesia's Synthesia Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Synthesia updates this document?

Yes. Monitor subscribers ($19/month) can add Synthesia to their watchlist and receive same-day email alerts whenever this document or any other Synthesia document changes.

CA-D-000470

Synthesia Privacy Policy

Synthesia

Last change detected June 5, 2026 Privacy policy

SHA-256: f21ea5f4d7b3c20365b… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Synthesia ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

6 Medium severity

0 Low severity

Summary

Synthesia's privacy policy establishes the company's collection, processing, and retention procedures for personal data generated through its AI video creation platform. The policy specifies that custom avatar creation results in collection of biometric-adjacent data including voice recordings and facial likeness, with processing governed by applicable data protection frameworks in the EU, UK, and California. The policy establishes that users may submit requests to privacy@synthesia.io to exercise data subject rights including access, correction, deletion, and portability.

Technical / Legal Breakdown

This document is Synthesia's Privacy Policy, governing the collection, use, and disclosure of personal data in connection with its AI video generation platform and associated services, with GDPR and UK GDPR cited as primary legal frameworks alongside CCPA and other applicable laws. The policy states that Synthesia collects account information, usage data, content data (including uploaded images and voice recordings used to generate AI avatars), technical identifiers, and marketing data, and that the agreement authorizes use of this data for service delivery, product improvement, safety enforcement, and marketing communications. Notably, the policy addresses the collection and processing of biometric-adjacent data in the form of personal likeness and voice recordings for custom AI avatar creation, which creates processing obligations that engage specialist data protection regimes including the Illinois Biometric Information Privacy Act and similar state biometric laws in the United States, as well as GDPR Article 9 considerations depending on how such data is classified by regulators. The policy engages GDPR, UK GDPR, CCPA/CPRA, and potentially BIPA and other US state biometric privacy laws; compliance obligations vary materially by jurisdiction and the policy's adequacy under these frameworks may depend on how regulators classify AI-generated likeness and voice data. Material considerations include the dual role Synthesia occupies as both a data controller for its own users and a data processor for enterprise customers, cross-border data transfer mechanisms, and the adequacy of consent obtained for biometric or likeness data processing.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: June 2026

June 5, 2026

low

What changed Synthesia's privacy policy footer was updated on June 5, 2026, changing one navigation link in the company information section. The previous link to 'Ethics Guidelines' was replaced with a link to 'Responsible AI'. This is a structural change to the policy's navigation and messaging framework but does not alter the substantive privacy protections, data handling procedures, or user rights stated in the policy itself.

Why this matters This change does not materially affect the privacy protections, data collection practices, or user rights stated in Synthesia's privacy policy. The update reorganizes footer navigation by replacing a link to 'Ethics Guidelines' with a link to 'Responsible AI'. The substantive privacy terms remain unchanged.

View full change record →

Recent Provision Changes Jun 5, 2026

7 provisions unchanged.

View full change record →

High — 1 provision

Personal Likeness and Voice Data for AI Avatar Creation Compare →

If you create a custom AI avatar using your own face or voice, Synthesia collects and stores that likeness and voice data to build and operate the avatar.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Dual Role as Data Controller and Data Processor Compare →

Synthesia acts as the data controller for individual users and as a data processor for business customers who use the platform on behalf of their own users or employees, with a separate legal agreement governing each relationship.

Added May 10, 2026 Standard Seen across 284 platforms
Data Subject Rights and Exercise Process Compare →

Depending on where you live, you may have rights to see, correct, or delete your personal data held by Synthesia, and you exercise those rights by emailing privacy@synthesia.io.

Added May 10, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

Synthesia may transfer your personal data outside the EU or UK and states it uses Standard Contractual Clauses or equivalent legal mechanisms to protect it during those transfers.

Added May 10, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

Synthesia uses cookies and similar tools to track your activity on its website, including for advertising purposes, and provides a separate Cookie Policy with details and opt-out options.

Added April 30, 2026 Standard Seen across 284 platforms
Data Retention Compare →

Synthesia keeps your personal data as long as needed to provide its services or meet legal requirements, and deletes or anonymizes it when your account closes or the data is no longer needed.

Added May 10, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing Compare →

Synthesia may share your personal data with service providers, partners, and other companies, including during a business transaction such as a merger, or when legally required.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Synthesia has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI Model Training Use of Uploaded Content and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured June 5, 2026 18:39 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000470

Version ID CA-V-003473

Source URL https://www.synthesia.io/privacy-policy

Wayback Machine View external archival references →

SHA-256 f21ea5f4d7b3c20365b85c1c75a936579ab1ca57579e86749f2ea3c79fe60ed9

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Synthesia Privacy Policy

June 5, 2026

Recent Provision Changes Jun 5, 2026

Monitor governance changes across the platforms you rely on.