Synthesia

68/100

Partial disclosure · high confidence

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Strong biometric governance and a full GDPR rights set with named transfer safeguards and a DPO, held back by silence on a training opt-out, breach notification, and synthetic-output marking.

What the policy says

Biometric governance

The policy treats avatar Samples and Verification Recordings as biometric data under GDPR and the Illinois Biometric Privacy Act, requires explicit consent, says it permanently destroys verification biometrics once the comparison completes within a few minutes, and states it will not sell, lease, or trade biometric data.

Full rights and no sale

All GDPR rights are enumerated, covering access, erasure, rectification, objection, and portability in a structured machine-readable format, and the policy states that Synthesia does not sell or rent personal information to any third-party.

Vague general retention

Outside biometric data, Synthesia retains Other Information for as long as necessary for the purposes described, with no day-count and no fixed deletion timeline for ordinary account data.

Silent on breach and synthetic marking

The security section names no specific safeguard beyond a link to a Security Practices page, commits to no breach notification or timeframe, and the policy never addresses watermarking or labeling of AI-generated video output.

Score by area

Training-data use0 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inDisclosed

Names a way to opt out of or into trainingSilent

Says whether training use differs by plan or tierSilent

Lets the user keep ownership of generated outputsDisclosed

Data-subject rights5 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataDisclosed

Offers data portability in a usable formatDisclosed

Grants a right to correct your dataDisclosed

Grants a way to object to or opt out of processingDisclosed

Retention and deletion0 of 4 disclosed

States a retention period for your dataDisclosed

States a deletion timeline after closure or requestDisclosed

Sets a shorter retention for AI conversation logsDisclosed

Commits to collecting only the data it needsDisclosed

Third-party sharing4 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementDisclosed

Does not sell or share data for advertising, or offers opt-outDisclosed

Names a safeguard for international data transfersDisclosed

States a standard for government and law-enforcement accessDisclosed

Transparency3 of 5 disclosed

Discloses that you are interacting with AIDisclosed

Marks AI-generated or synthetic outputSilent

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesDisclosed

Is versioned and dated, with change noticeDisclosed

Sensitive data and children3 of 3 disclosed

Discloses automated decisions and a human-review pathNot applicable

Limits the use of special-category dataDisclosed

Governs biometric data specificallyDisclosed

States protections for children's dataDisclosed

Security and accountability1 of 3 disclosed

Describes its security safeguardsDisclosed

Commits to breach notificationSilent

Names a certification or a privacy contactDisclosed

DisclosedPartialSilentAdverseNot applicable

Details

Category: Image & video
Modalities: video
Processes biometrics: Yes
Policy last updated: 2025-01-30
Region scored: Global / US-default
Assessed: 2026-06-20

Read Synthesia's privacy policy

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.