Back to top

Privacy Policy

Synthesia Legal Hub
Policies
Privacy Policy
Effective: June 26, 2024

Scope of this Privacy Policy

This Privacy Policy governs and explains how we collect and process your personal information when you (“you” or “User”) use our website, located at synthesia.io (“Site”), services and products accessible through the Site (“Services”), and the associated web-based software provided by Synthesia (“Software”). The Site, the Services, and the Software are jointly referred to as the “Platform”. If you are a purchaser of our Services, you are a "Customer". If you are authorized by a Customer to use our Services, or you are a Site visitor you are an "Authorized User".

We are Synthesia Limited, a company located at Kent House, 14/17 Market Place, London W1W 8AJ, United Kingdom, and we are the controller of your personal data processed in connection with this Privacy Policy. If you have any questions or concerns regarding your privacy, you can contact us at support@synthesia.io. Our Data Protection Officer can be contacted at dpo@synthesia.io. We have designated Synthesia ApS, Vesterbrogade 149, bygning 4, 1.tv, 1620 København V. Denmark as our EU GDPR representative to act on our behalf and serve as a direct contact for supervisory authorities and individuals in the European Union, and they can be contacted at gdpr.representative@synthesia.io

A separate agreement may govern the provision, access and use of the Services ("Agreement"), including the processing of (a) any content or information that an Authorized User submits to the Services, such as text and scripts used to prompt Avatars to speak and perform, and image and audio files uploaded to the Services; and (b) any videos created by Authorized Users using the Services (collectively, "Customer Data"). Customer Data excludes the Services, any content that Synthesia makes generally available to Customers through the Services (“Synthesia Content”) and Non-Synthesia Products. The Customer (e.g., your employer or another entity or person) that entered into the Agreement with Synthesia for the purchase of Services controls its instance of the Services and any associated Customer Data. If you have any questions about specific settings and privacy practices, please contact the Customer whose Service you use.   

Identifying the Data Controller and Data Processor

Certain jurisdictions distinguish between a "controller" or "processor" of personal data. A controller is the decision-maker and exercises overall control over how and why personal data is collected and used. In general, the Customer is the controller of Customer Data. A processor acts on behalf of, and only on the instructions of, the relevant controller. In general, Synthesia is the processor of Customer Data and the controller of Other Information (which is described in the ‘Personal data that we process’ section below).

Synthesia is the controller of Other Information and a processor of Customer Data.

In addition to the definitions provided for in the Agreement, the following words and abbreviations have the meaning provided below:

"personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of Synthesia.

Personal data that we process

Synthesia collects and receives the following information through the Platform and your other interactions with Synthesia. 

  • Customer Data. Customers or Authorized Users submit Customer Data to Synthesia when they use the Platform.
  • Other Information. Synthesia also collects, generates and/or receives the following categories of personal data ("Other Information"):
  1. Contact information: When you contact us or otherwise communicate with us, we will process your name, email address, phone number, and any additional information which you may provide such as your title and employer.
  2. Financial data: When you purchase our Services, we will collect the following transaction information: payment card details if payment is done using a payment card, bank account details is payment is done using a wire transfer or ACH, details of the amounts paid or refunded, dates of payments and the services purchased. 
  3. Account information: When you create an account on our services or Customer creates an account for you, we will process your email address, first and last name and depending on the log-in method, your password. You may also customize your user profile by adding a profile picture and changing the account settings.
  4. Usage information: During your interactions with the Platform, we will collect and process information about how Users use or interact with the Site and features and functionality of the Services and Software. For example, we will collect information about the most frequently visited pages, used functionalities, preferred voices and avatars, preferred voice performances and similar information relating to use and interaction, and performance and quality of the Platform.
  5. Technical data:  As with most websites and technology services delivered over the internet, our servers automatically collect information when you access or use our Platform and record it in log files. This log data may include your internet protocol (IP) address, the address of the web page you visited before using the Platform, browser type and settings, the date and time the Platform was used, information about browser configuration and plugins, and your language preferences. We also receive information from you, our Customers, and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer (who is our Customer) or an IP address received from your browser or device to determine approximate location to assist with localization or for security purposes.
  6. Cookie information: We use a variety of cookies and similar technologies in our Websites and Services to help us collect Other Information. For more details about how we use these technologies, and your opt-out controls and other options, please visit our Cookie Policy.
  7. Other information you choose to provide. We also receive Other Information when submitted to our Platform or in other ways, such as responses or opinions you provide if you participate in a focus group, contest, activity or event, feedback you provide about our products or services, information you provide if you apply for a job with Synthesia, enrol in a certification program or other educational program hosted by Synthesia or a vendor, request support, interact with our social media accounts or otherwise communicate with Synthesia.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Account information, is not provided, we may be unable to provide the Services. 

Purposes and legal basis for the processing of personal data

Customer Data will be processed by Synthesia in accordance with Customer's instructions, including any applicable terms in the Agreement, and as required by applicable law. As explained above, in general, Synthesia is a processor of Customer Data and the Customer is the controller.

Synthesia uses Other Information to operate our Platform and business. More specifically, Synthesia uses Other Information for the following purposes and under the following legal bases:

Legal bases for processing

We rely on different legal bases to process your personal data for the purposes described in this Privacy Policy. For each legal basis below, we describe the purposes of our processing (why we process your personal data) and our processing operations (how we process your personal data to achieve each purpose). We also list the categories of your personal data that we process for each purpose.

Performing our contract with you

We process personal data as necessary to conclude and perform our contract with you or the Customer. The categories of personal data used and why and how they are processed are set out below:

Why and how we process your personal data Category of data processed
To provide you with access to our Platform in accordance with the Agreement we process your personal data to:
  • allow you to access and use the Platform, including allowing you to create videos.
  • Contact information
  • Financial data
  • Account information
  • Technical data
To provide you with the Platform you request from us in accordance with the Agreement we process your personal data to:
  • provide you with products and services you purchase.
  • Contact information
  • Financial data
  • Account information
  • Technical data
To create and manage your account, we
  • check the browser type and version and other features of your device to provide the Platform via your device.
  • record your choices, including the terms you accepted, and your privacy settings.
  • change the email associated with your Synthesia account when you update it.
  • delete your Synthesia account, at your request or in accordance with the Agreement. We may take steps to ban your account if there is a breach of the Agreement.
  • enable you to re-register your Synthesia account when it has been deactivated or locked.
  • Contact information
  • Financial data
  • Account information
  • Technical data
To process payments when you purchase any product or service made available through the Platform.
  • Contact information
  • Financial data
  • Technical data
To provide you with customer support we:
  • process requests for support.
  • respond when you request our help such as assisting with your account login or investigating and resolving any issues you are experiencing.
We will also contact you via email in relation to Platform-related issues, or to let you know about our terms and policies.
  • Contact information
  • Financial data
  • Account information
  • Technical data
  • Usage information
  • Other information you choose to provide
To protect the integrity and security of our systems and Platform we process your personal data to:
  • Verify accounts and activity.
  • Find and address violations of the Agreement or our policies.
  • Investigate suspicious activity.
  • Detect, prevent and combat unlawful behavior.
  • Contact information
  • Financial data
  • Account information
  • Technical data
  • Usage information
  • Other information you choose to provide

Legitimate interests 

We rely on our legitimate interests or the legitimate interests of a third party, where they are not outweighed by your interests or fundamental rights and freedoms. 

Why and how we process your personal data Category of data processed Legitimate Interests Relied On
To analyse and develop technical improvements to the Platform we:
  • Collect information about your use of the Platform (for example, when and how often you use the Platform and visit our Sites.
  • Collect and process any User feedback provided to us.
  • Collect information to monitor the performance and reliability of our Platform.
  • Collect information to resolve issues with the Platform or outages, technical User issues, to troubleshoot, run diagnostics and debug the Platform.
  • Account information
  • Technical data
  • Usage information
 It is in our interest and the interest of our Users to evaluate the use of the Platform to inform the development of improvements to ensure the Platform are continuously available and functioning optimally.
To improve our Platform and underlying technologies and for our internal research, we:
  • process the information relating to your use and interaction with the Services, and the performance and quality of the Services resulting from such use
  • Usage information
 It is in our interest to continuously improve our Platform for Users and enhance our models’ capabilities and safety.
To send you marketing communications, depending on your preferences, to introduce you to new Services, or provide general news about our Platform. We will obtain your consent to send you marketing communications where required by law.
  • Contact information
  • Account information
  • Technical data
 It is in our interests to keep you informed about the Platform and promote our new Services, which we believe might be interesting to you.
To promote safety, integrity and security in limited circumstances outside of the performance of our contract with you. Our Platform is delivered to ensure the safety, integrity and security of the Platform and those Users who use it. We apply automated processing to Technical data so we can scan it and prevent malicious signs such as too many password failures, seeking exploits, and similar, to maintain the integrity of our Platform and to promote safety, integrity and security.
  • Technical data
 It is in our interest to ensure the safety and integrity of our Platform.
To share personal data with others, including law enforcement and to respond to legal requests, where we are not under a legal obligation to do so. The categories of personal data that we access, preserve, use and share depend on the specific circumstances. For example, responses to legal requests where not compelled by law, will typically include limited personal data (such as contact details and login information).
  • Contact information
  • Financial data
  • Account information
  • Technical data
  • Usage information
  • Other information you choose to provide
 It is in our interest and in the interest of Synthesia Users to prevent and address fraud, unauthorised use of Synthesia, violations of our Terms and policies, or other harmful or illegal activity. It is in our interest to protect ourselves (including our rights, personnel, property or products), our Users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.

Compliance with a legal obligation 

We process personal data to comply with a legal obligation including, for example, to access, preserve, or disclose certain personal data if there is a valid legal request.

Why and how we process your personal data Category of data processed
Where we are under an obligation to disclose personal data such as, for example, if we receive a valid legal request for certain personal data (such as a search warrant), we will access, preserve and/or share your personal data with regulators, law enforcement or others. The way in which the personal data will be processed depends on the specific circumstances.
  • Contact information
  • Financial data
  • Account information
  • Technical data
  • Usage information
  • Other information you choose to provide

Consent

We process personal data as described below when you have given us your consent to do so, which we may ask through in-product experiences, to enable particular features or to enable device-based settings.

Why and how we process your personal data Category of data processed
To deliver you marketing materials and marketing communication where such communication requires your consent.
  • Contact information
To deliver the particular product or feature. More detailed description will be provided at the point of data collection.
  • Other information you choose to provide

Security

We have implemented security procedures and measures to ensure appropriate protection of the personal data we process against any misuse, unauthorised access, disclosure, or modification. More detailed information about our security is available on the Security Practices page on our Site. 

Children's privacy

Our Services are intended for a general audience and are not targeted at children under the age of 16 (“minors”). We do not knowingly collect or ask for information from minors and do not knowingly allow minors to use the Platform.

Sharing/Disclosure of personal data

The policies and practices for sharing and/or disclosure of Customer Data to third parties is determined by the Customer. Synthesia has no control over the Customer's or any other third parties' choice to share and/or disclose Customer Data. Synthesia may share and disclose Customer Data in accordance with a Customer's instructions, including any applicable terms in the Master Subscription Agreement and Data Processing Addendum. 

In certain circumstances we may share and/or disclose the personal data described in this Privacy Policy. 

  • Our affiliated companies - we will share your information with our affiliated companies in order to facilitate company business and as part of our regular reporting activities.
  • Our service providers - we will share your information with affiliated and unaffiliated service providers which assist us in carrying out the processing activities described in this Privacy Policy. Our service providers include payment processing providers, IT service providers, our auditors, and our legal, accounting and other professional advisors. 
  • Regulators, law enforcement, public or government authorities, or courts - we will share your information if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to (i) comply with applicable law; (ii) comply with a valid legal request or respond to claims against Synthesia; (iii) respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our Users to legal or regulatory liability; (iv) enforce and administer our Terms of Service; (v) respond to requests for or in connection with current or prospective legal claims or legal proceedings concerning Synthesia and/or third parties; or (vi) protect the rights, property or personal safety of Synthesia, our employees, our Users, or members of the public. 
  • Other entities as part of a business transfer - if Synthesia undertakes or is involved in any merger, acquisition, reorganisation, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including your personal data, in connection with such transaction or in contemplation of such transaction, such as due diligence. 

International Data Transfers

We may transfer your personal data to recipients located outside of the United Kingdom (“UK”) and European Economic Area (“EEA”).

When we transfer your personal data outside of the UK or EEA, we ensure it benefits from an adequate level of data protection by relying on:

  • Adequacy decisions. These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) which recognise that a country outside of the EEA offers an adequate level of data protection. 
  • Standard contractual clauses. The European Commission has approved contractual clauses under Article 46 GDPR that allow companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer personal data as described in this Privacy Policy to countries without an adequacy decision.

In certain situations, we rely on exceptions provided for under applicable law to transfer personal data to a third country.

You may obtain a copy of these adequacy decisions or standard contractual clauses by contacting us at support@synthesia.io.

Retention of personal data 

We will retain Customer Data in accordance with Customer’s instructions (including to perform any applicable terms in the Agreement and through Customer’s use of Platform functionality) and as required by applicable law. The deletion of Customer Data and other use of the Services by the Customer may result in the deletion and/or de-identification of certain associated Other Information. 

We may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy (such as to provide the Services, including any optional features you use, and to provide customer support). This may include keeping your Other Information after you have deleted your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.

User's Rights

We process all personal data in accordance with the principles of GDPR and especially having in mind your data protection rights, in particular your right, in certain circumstances, to:

  • Request access to any data held about you by Synthesia and information relating to how and why it is processed.
  • Receive the personal data which you have provided to us in a structured, commonly used and machine-readable format and transmit this personal data to another controller, where such personal data is processed on the basis of consent or contractual necessity and the processing is carried out by automated means. 
  • Request the restriction of processing of your personal data in certain circumstances.
  • Withdraw your consent at any time, where processing is based on your consent, without affecting the lawfulness of processing based on such consent before the consent is withdrawn.
  • Ask to have inaccurate personal data rectified, or completed if it is incomplete.
  • Request the erasure of your personal data where data is no longer required for the original purpose or where you have withdrawn your consent, and no other lawful processing grounds apply.
  • Object to the processing of your personal data in certain circumstances.
  • Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You may exercise these rights by contacting us at support@synthesia.io.

Where we are required to provide a copy of your personal data, this will be free of charge; however, any further copies requested may be subject to a reasonable fee based on administration costs.

Where we stop processing personal data or delete your personal data, it will possibly mean that you are unable to continue using or contributing to the provision of some of our Services, and you will be notified accordingly.

Where we rectify or erase your personal data or restrict any processing of such personal data, we may be required to notify certain third-parties to whom such personal data has been disclosed.

You have the right to lodge a complaint with the Information Commissioner's Office at 0303 123 1113 or via live chat at ico.org.uk/livechat or with your local supervisory authority.

We do not sell or rent personal information to any third-party.

Changes to the Privacy Policy

We reserve the right to change our Privacy Policy at any time. The current version of the Privacy Policy is available on the Website, indicating the effective date in the heading. We will notify you of any material changes, as appropriate, and update the effective date in the heading of this Privacy Policy. You are encouraged to check our Privacy Policy periodically.

HIGHLIGHTED VIDEO
HIGHLIGHTED VIDEO
HIGHLIGHTED VIDEO
HIGHLIGHTED VIDEO
HIGHLIGHTED VIDEO
HIGHLIGHTED VIDEO
Recommended videos

Need more help?

If you need assistance with Synthesia or have a question about our products or services, please contact our customer support team.

Get in touch

Ready to try our AI video platform?

Join over 1M+ users today and start making AI videos with 230+ avatars in 140+ languages.

Get started
Book demo