Synthesia may share your personal data with service providers, partners, and other companies, including during a business transaction such as a merger, or when legally required.
This analysis describes what Synthesia's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data sharing with third-party service providers and in the context of corporate transactions means your personal data, including potentially avatar data, could be transferred to new entities with different privacy practices.
Interpretive note: The categories of business partners and other companies are not exhaustively defined in the available policy text, creating some uncertainty about the full scope of third-party sharing.
Your personal data may be shared with vendors and partners that power Synthesia's platform, and could be transferred to a new owner if Synthesia is acquired; reviewing the sub-processor list and understanding your deletion rights before any major corporate change is advisable.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Synthesia has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal data with third parties including service providers, business partners, and other companies in connection with our business operations. We may also share your personal data if required by law, or in connection with a business transaction such as a merger or acquisition.— Excerpt from Synthesia's Synthesia Privacy Policy
(1) REGULATORY LANDSCAPE: GDPR Article 28 requires that data sharing with processors be governed by a DPA meeting specified minimum requirements. Sharing with third-party controllers requires a lawful basis under Article 6. In the context of mergers and acquisitions, GDPR Article 14 may require notification to data subjects if their data is transferred to a new controller. CCPA and CPRA require disclosure of categories of third parties with whom personal information is shared and, in some cases, opt-out rights for sharing that constitutes a sale. (2) GOVERNANCE EXPOSURE: Medium. Third-party sharing for operational purposes is standard but the breadth of the categories described (service providers, business partners, other companies) requires scrutiny. M&A-related transfers are a specific area of GDPR compliance complexity because the acquiring entity must independently establish a lawful basis for continued processing. (3) JURISDICTION FLAGS: EU and UK users have the strongest protections governing third-party data transfers. California residents have rights to know which categories of third parties receive their personal information. In an M&A context, data protection regulators may need to be notified depending on the scale and nature of the transaction. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request Synthesia's current sub-processor list and confirm that changes are notified with adequate lead time. In due diligence for organizations considering acquisition of Synthesia or relying on it as a critical vendor, the sub-processor chain and DPAs with all processors should be reviewed. Enterprise customers should confirm whether their DPA includes a right to object to sub-processor changes. (5) COMPLIANCE CONSIDERATIONS: Legal teams should maintain a record of Synthesia's disclosed third-party sharing categories and verify alignment with their own privacy notices to employees and end users. Monitoring for corporate transactions involving Synthesia is advisable to identify whether a new controller notification obligation arises.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data sharing with third-party service providers and in the context of corporate transactions means your personal data, including potentially avatar data, could be transferred to new entities with different privacy practices.
Your personal data may be shared with vendors and partners that power Synthesia's platform, and could be transferred to a new owner if Synthesia is acquired; reviewing the sub-processor list and understanding your deletion rights before any major corporate change is advisable.
ConductAtlas has identified this type of provision across 25 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Synthesia.