Synthesia · Synthesia Privacy Policy

Biometric Data Collection for Custom AI Avatars

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you create a custom AI avatar on Synthesia, the company collects video and audio recordings of your face and voice, which are biometric data protected by specific laws in several US states.

Consumer impact (what this means for users)

Creating a custom AI avatar means Synthesia stores biometric data — recordings of your face and voice — which triggers legal protections in Illinois, Texas, and California that require written consent and impose strict retention and deletion obligations.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@synthesia.io to request deletion of your biometric data (facial likeness and voice recordings) used to create your custom AI avatar. Specify that you are requesting deletion under applicable biometric privacy law (BIPA, CCPA, or GDPR as applicable to your location).

Cross-platform context

See how other platforms handle Biometric Data Collection for Custom AI Avatars and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Facial and voice data are among the most sensitive categories of personal information and are specifically regulated under Illinois BIPA, Texas CUBI, and CPRA's biometric provisions — violations can result in statutory damages and class action lawsuits.

View original clause language
When you create a custom AI avatar, we collect and process recordings of your facial likeness and voice. This data is used to generate your personalised AI avatar and may be retained for the duration of your account to enable avatar regeneration and improvement.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Illinois BIPA (740 ILCS 14/10–14/25) requires written informed consent before collecting biometric identifiers including facial geometry and voiceprints; Texas CUBI (Tex. Bus. & Com. Code §503.001) requires informed consent before capturing biometric identifiers; CCPA/CPRA defines biometric information as sensitive personal information requiring opt-in consent (Cal. Civ. Code §1798.140(ae)); GDPR Art. 9 classifies biometric data processed for identification as special category data requiring explicit consent or another Art. 9(2) basis. Enforcement by Illinois AG, Texas AG, California Privacy Protection Agency, and EU/UK DPAs. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    State Attorneys General in Illinois, Texas, and California have enforcement authority over biometric privacy violations under BIPA, CUBI, and CPRA respectively.
    File a complaint →

Provision details

Document information
Document
Synthesia Privacy Policy
Entity
Synthesia
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004283
Document ID
CA-D-00470
Evidence Provenance
Source URL
https://www.synthesia.io/privacy-policy
Wayback Machine
View archived versions →
SHA-256
7648d9071447f69ed848238281e6ab982ee2d650c8e20eb74c961b356314a183
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Synthesia | Document: Synthesia Privacy Policy | Record: CA-P-004283
Captured: 2026-04-30 07:49:32 UTC | SHA-256: 7648d9071447f69e…
URL: https://conductatlas.com/platform/synthesia/synthesia-privacy-policy/biometric-data-collection-for-custom-ai-avatars/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document