Do I need to disclose ElevenLabs in my privacy policy?

Yes. ElevenLabs processes personal data including text inputs, generated audio, and voice samples, making it a required disclosure. If you offer voice cloning features, you must explicitly notify users that voice samples constitute biometric data under GDPR and state voice privacy laws (like Illinois BIPA, Texas HB 4, Colorado SB21-169). Include ElevenLabs' privacy policy link and data processing practices.

What data does ElevenLabs collect and process?

ElevenLabs collects: text inputs submitted for speech synthesis, generated audio outputs, voice samples uploaded for voice cloning (which are biometric data), and API usage metadata. For voice cloning specifically, the voice sample creates a digital voice print used to generate synthetic speech matching that voice's characteristics.

Do I need a cookie banner for ElevenLabs?

No cookie consent banner is specifically required for ElevenLabs itself, as the service does not document cookie usage. However, you must still obtain explicit informed consent before collecting voice samples for cloning, as voice biometrics trigger heightened privacy requirements under GDPR Article 9 and state biometric laws.

Who processes my data and where is it stored?

ElevenLabs Inc., a United States-based company, acts as the data processor. Data is transferred to and processed in the United States. You should ensure you have a lawful basis for international data transfers (Standard Contractual Clauses or adequacy decision) and reference ElevenLabs' privacy policy at https://elevenlabs.io/privacy in your own policy.

AI & Machine Learning

Privacy policy clauses for ElevenLabs

ElevenLabs is an AI text-to-speech platform that converts written text into natural-sounding audio using machine learning. Websites integrate ElevenLabs to provide automated voice synthesis, audio content generation, or voice cloning capabilities to users.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data ElevenLabs collects

Your privacy policy must disclose each of the following data types when you use ElevenLabs.

Text inputs for speech synthesis

Voice samples for voice cloning

Generated audio outputs

API usage metadata

When does ElevenLabs trigger privacy obligations?

Installation Triggers Immediate Obligations

The moment you integrate ElevenLabs API into your site or app, text inputs and voice samples begin flowing to ElevenLabs servers in the United States. This triggers GDPR Article 6 (lawful basis) and Article 28 (processor obligations) immediately if any user is in the EU. You must have a signed Data Processing Agreement (DPA) with ElevenLabs before processing begins—not after launch.

Voice Cloning = Biometric Data = Heightened Consent

If your feature uses voice cloning, you are processing biometric data under GDPR Article 4(14). This requires explicit consent under GDPR Article 9(2)(a), *not* the soft opt-in model used for regular analytics. Additionally, voice biometric laws in California (CCPA Section 1798.100 + regulations), Illinois (BIPA), Texas (DTPA), and other states require affirmative, informed written consent *before* any voice sample is collected or stored. Simply embedding consent in your general terms is insufficient.

Privacy policy clauses for ElevenLabs

What data ElevenLabs collects

When does ElevenLabs trigger privacy obligations?

Installation Triggers Immediate Obligations

Voice Cloning = Biometric Data = Heightened Consent

First Concrete Step

Where data goes

Common compliance pitfalls

Pitfall 1: Treating Voice Cloning Consent as Standard Opt-In

Pitfall 2: No Processor Agreement or Wrong Processor Terms

Pitfall 3: Failing to Disclose Data Retention and Deletion Rights

Legal note

Sample privacy policy clause

What regulators look for

DPA Audit Priorities

Frequently asked questions

Do I need to disclose ElevenLabs in my privacy policy?

What data does ElevenLabs collect and process?

Do I need a cookie banner for ElevenLabs?

Who processes my data and where is it stored?

Don't ship without Bandit.