Synthesia keeps your personal data as long as needed to provide its services or meet legal requirements, and deletes or anonymizes it when your account closes or the data is no longer needed.
This analysis describes what Synthesia's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Open-ended retention language tied to business necessity can mean data is kept for extended periods; users who close their accounts should confirm deletion of sensitive data including avatar likeness and voice recordings.
Interpretive note: The policy does not specify concrete retention periods for individual data categories; the adequacy of open-ended retention language under GDPR storage limitation and CPRA retention disclosure requirements depends on whether a more detailed retention schedule exists as a supplementary document.
Your personal data, including any uploaded likeness or voice data, may be retained for the duration of your account and potentially longer for legal or dispute purposes; proactively requesting deletion after closing your account is advisable if you have created custom avatar content.
How other platforms handle this
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. The criteria used to determine our retention periods include: the length of ...
We may retain de-identified or aggregated information that can no longer be used to identify you for any period of time, including indefinitely.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as otherwise permitted or required by applicable law.
Monitoring
Synthesia has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain your personal data for as long as necessary to provide our services to you, comply with our legal obligations, resolve disputes, and enforce our agreements. When your account is closed or your data is no longer needed, we will delete or anonymise your personal data in accordance with applicable law.— Excerpt from Synthesia's Synthesia Privacy Policy
(1) REGULATORY LANDSCAPE: GDPR Article 5(1)(e) establishes the storage limitation principle, requiring that personal data be kept no longer than necessary for the purposes for which it is processed. UK GDPR mirrors this requirement. CCPA does not impose specific retention limits but requires disclosure of retention periods or the criteria used to determine them, which the CPRA amended to make more explicit. Biometric data retention under BIPA is limited to three years or the earlier of the fulfillment of the purpose, with destruction obligations. (2) GOVERNANCE EXPOSURE: Medium. The policy uses standard open-ended retention language tied to service provision and legal obligations, which is common industry practice but may not satisfy the specificity requirements of GDPR's storage limitation principle or CCPA's retention disclosure obligations without more specific timeframes in a supplementary retention schedule. Biometric data retention specifically requires more precise compliance under BIPA. (3) JURISDICTION FLAGS: Illinois imposes a hard three-year maximum retention period for biometric identifiers under BIPA, which would apply to voice and likeness data if classified as biometric identifiers. EU and UK supervisory authorities have taken enforcement action against indefinite or insufficiently specified retention policies. California's CPRA requires disclosure of the period for which each category of personal information will be retained or the criteria used to determine that period. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should request Synthesia's data retention schedule as a supplementary document and confirm it aligns with their own data governance obligations. DPAs should specify what happens to personal data upon contract termination, including whether Synthesia will delete or return data and within what timeframe. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that a documented data retention schedule exists and is available upon request, that retention periods for avatar and biometric-adjacent data specifically comply with BIPA timelines where applicable, and that deletion processes are technically verified rather than assumed. Account closure procedures should be tested to confirm data is actually deleted within stated timelines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Open-ended retention language tied to business necessity can mean data is kept for extended periods; users who close their accounts should confirm deletion of sensitive data including avatar likeness and voice recordings.
Your personal data, including any uploaded likeness or voice data, may be retained for the duration of your account and potentially longer for legal or dispute purposes; proactively requesting deletion after closing your account is advisable if you have created custom avatar content.
ConductAtlas has identified this type of provision across 115 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Synthesia.