Data Request Policy

Not unlike other technology companies, Synthesia receives requests from users and government agencies to disclose or delete data other than in the ordinary operation and provision of the Services. This Data Request Policy addresses those issues and outlines Synthesia’s policies and procedures for responding to such requests for Customer Data. Any capitalized terms used in this Data Request Policy that are not defined will have the meaning set forth in the Customer Terms of Service. In the event of any inconsistency between the provisions of this Data Request Policy and the Customer Terms of Service, the provisions of the Customer Terms of Service will control.

Requests for Customer Data by Individuals

Individuals who want access to Customer Data or want Customer Data to be removed should contact Customer regarding such requests. Customer owns the Customer Data and generally gets to decide what to do with all Customer Data put into the Synthesia services. While Synthesia does defer to Customer for most decisions regarding the removal of Customer Data, as described in the Customer Terms of Service, Synthesia reserves the right to remove Customer Data that violates its policies or applicable law. For example, Synthesia may remove avatars used in misinformation or disinformation campaigns. It may also remove images involving sexual exploitation of children and report such images to the National Center for Missing and Exploited Children. 

Requests for Customer Data by Legal Authority

All requests by courts, government agencies, or parties involved in litigation for Customer Data disclosures should be sent to legal@synthesia.io and include the following information: (a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Customer Data being requested, including the relevant Customer’s name and relevant User’s name (if applicable). Requests should be prepared and served in accordance with applicable law. All requests should be narrow and focused on the specific Customer Data sought. All requests will be construed narrowly by Synthesia, so please do not submit unnecessarily broad requests.

Except as expressly permitted by the Contract or in cases of emergency to avoid death or physical harm to individuals, Synthesia will not disclose Customer Data, unless it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body. Synthesia will notify Customer before disclosing any of Customer’s Customer Data so that the Customer may seek protection from such disclosure, unless Synthesia is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm to people or property associated with the use of such Customer Data. If legally permitted, Customer will be responsible for any costs arising from Synthesia’s response to such requests. 

Synthesia requires that any individual issuing legal process or legal information requests (e.g., discovery requests, warrants, or subpoenas) to Synthesia properly domesticate the process or request and serve Synthesia in a jurisdiction where it is resident or has a registered agent to accept service on its behalf.  Requests directed to Synthesia Limited, a UK company, must be issued out of or domesticated in the UK. Foreign law enforcement agencies should proceed through a Mutual Legal Assistance Treaty or other diplomatic or legal means to obtain data through a court in the UK.