If you create a custom AI avatar using your own face or voice, Synthesia collects and stores that likeness and voice data to build and operate the avatar.
This analysis describes what Synthesia's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your face and voice are among the most sensitive categories of personal data and may qualify as biometric data under Illinois, Texas, or Washington state law, triggering specific consent, retention, and deletion obligations.
Interpretive note: Whether personal likeness and voice data qualifies as biometric data under GDPR Article 9 or specific US state laws depends on regulatory interpretation and how the data is processed technically; classification is not settled across all jurisdictions.
Using the custom avatar feature means Synthesia processes your personal likeness and voice recordings; depending on your location, this may be governed by biometric privacy laws that give you specific rights to consent, limit use, and demand deletion.
How other platforms handle this
We use your personal data to develop, train, and improve our artificial intelligence and machine learning models. This includes using your transaction data, behavioral data, and interaction data to enhance our fraud detection, credit assessment, and personalization capabilities. We take steps to pro...
Writer does not use Customer Data to train its AI models without explicit customer permission. Customer Data means the data, content, and information that customers and their end users submit to or through the Services.
We are simplifying our Terms of Use, including clarifications around the use of AI tools, and their data use. We have moved the terms that describe AI Features, which were previously written for a Creator audience and located under the AI-Based Tools Supplemental Terms and Disclaimer, into the User ...
Monitoring
Synthesia has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you choose to create a Personal AI Avatar, we will collect and process your personal data including your physical appearance (likeness) and voice. This data is used to create and operate your personalised AI Avatar within our platform.— Excerpt from Synthesia's Synthesia Privacy Policy
(1) REGULATORY LANDSCAPE: Processing of personal likeness and voice for AI avatar generation engages GDPR Article 6 lawful basis requirements and potentially Article 9 if regulators classify such data as biometric data revealing identity. In the US, the Illinois Biometric Information Privacy Act requires informed written consent before collecting biometric identifiers including facial geometry and voiceprints; the Texas CUBI Act and Washington BIPA equivalent impose similar requirements. The FTC has enforcement authority over deceptive or unfair biometric data practices. The EU AI Act may impose additional transparency and human oversight requirements on AI systems using personal likeness. (2) GOVERNANCE EXPOSURE: High. The processing of personal likeness and voice data for AI avatar creation represents the highest-risk data processing activity in this policy. Unauthorized or insufficiently consented collection of biometric identifiers under BIPA carries statutory damages of $1,000 to $5,000 per violation without requiring proof of harm, creating significant class action exposure for organizations deploying this feature with employees or third parties. (3) JURISDICTION FLAGS: Illinois, Texas, and Washington create the highest exposure for biometric data collection without explicit informed consent. EU and UK users are protected by GDPR and UK GDPR, requiring a clearly documented lawful basis. California's CPRA does not treat facial recognition as biometric data in the same way as BIPA but does include it in the definition of sensitive personal information, triggering opt-out and limit-use rights. Organizations in healthcare or financial services contexts should assess whether additional sector-specific rules apply. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers using Synthesia's custom avatar features for employees or third parties should ensure their own consent mechanisms and internal policies satisfy applicable biometric privacy laws before uploading likeness or voice data. The DPA between Synthesia and enterprise customers should clearly delineate controller and processor responsibilities for this data type, including retention periods and deletion obligations. Standard commercial DPAs may not address biometric data specifically and may require amendment. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map all workflows involving custom avatar creation to identify whether employee or third-party likeness data is being processed; obtain BIPA-compliant written consent if operating in Illinois; update data inventories to classify likeness and voice data separately from standard personal data; and confirm that Synthesia's deletion processes for avatar data meet applicable statutory timelines upon contract termination.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your face and voice are among the most sensitive categories of personal data and may qualify as biometric data under Illinois, Texas, or Washington state law, triggering specific consent, retention, and deletion obligations.
Using the custom avatar feature means Synthesia processes your personal likeness and voice recordings; depending on your location, this may be governed by biometric privacy laws that give you specific rights to consent, limit use, and demand deletion.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Synthesia.