GDPR and data residency
Learn how ElevenLabs supports GDPR compliance and offers European data residency for enhanced data sovereignty.
Overview
ElevenLabs is committed to robust data protection and compliance with regulations such as the General Data Protection Regulation (GDPR). For organizations operating in the EEA or Switzerland, ElevenLabs offers European data residency as a feature for Enterprise customers. This allows businesses to leverage our advanced voice AI technology while ensuring that their data is processed and stored in compliance with local data sovereignty requirements limiting the processing of data outside of the EEA.
Enabling European data residency may also provide the benefit of reduced latency for users located in Europe due to localized data processing
European data residency is an Enterprise-specific feature. For details on enabling this for your organization, please see the “Getting Access” section below.
Core Compliance Features
European data residency complements ElevenLabs’ existing suite of security and compliance measures designed to safeguard customer data:
- GDPR Compliance: Our platform and practices are designed to align with GDPR principles, including measures designed to ensure lawful data processing, adherence to data subject rights, and the implementation of appropriate security measures.
- SOC2 Certification: ElevenLabs maintains SOC2 certification, demonstrating our commitment to high standards for security, availability, processing integrity, confidentiality, and privacy.
- Zero Retention Mode (Optional): Customers can enable Zero Retention Mode, ensuring that sensitive content and data processed by our models are not retained on ElevenLabs servers. This is a powerful feature for minimizing data footprint.
- End-to-End Encryption: Data transmitted to and from ElevenLabs models is protected by end-to-end encryption, securing it in transit.
- HIPAA Compliance: For qualifying healthcare enterprises, ElevenLabs offers Business Associate Agreements (BAAs) and HIPAA-compliant configurations for its HIPAA-eligible services.
How European Data Residency Works
When European data residency is enabled for an Enterprise account:
- Data Localization: Relevant customer data associated with the use of our voice AI services is processed and stored within data centers located in the European Union.
- Compliance with Sovereignty: This localization is designed to help organizations meet regional data sovereignty mandates and regulatory obligations.
- Standard Functionality: European data residency operates seamlessly with ElevenLabs’ core platform features, ensuring you receive the same high-quality AI audio generation and capabilities.
In some instances, data may nevertheless be processed outside of the EEA or Switzerland. The specific scope of data covered by European data residency will be detailed in your Enterprise agreement. Configuration of this feature is managed at the organizational level by ElevenLabs.
Getting Access
European data residency is an exclusive feature available to ElevenLabs Enterprise customers.
- Existing Enterprise Customers: If you are an existing Enterprise customer, please contact your dedicated Customer Success Manager or reach out to our support team to discuss enabling European data residency for your account.
- New Customers: Organizations interested in ElevenLabs Enterprise and requiring European data residency should contact our sales team to discuss specific needs and implementation.
Developer Considerations
For developers, the implementation of European data residency is primarily a back-end configuration managed by ElevenLabs for your Enterprise account.
- API Endpoints: Standard API endpoints and integration methods remain the same. Your application code typically does not require changes to benefit from European data residency once enabled for your account.
- Data Handling: While ElevenLabs manages the residency of data on our servers in accordance with your Enterprise agreement, developers should continue to adhere to best practices for data handling and GDPR compliance within their own applications and systems. This includes aspects like obtaining user consent, managing data subject rights requests, and ensuring data minimization.
- Zero Retention Mode: Consider using Zero Retention Mode in conjunction with European data residency if minimizing data storage on ElevenLabs servers is a critical requirement for your use case.
FAQ
What specific data is covered by European data residency?
The scope of data subject to European data residency typically includes content processed by our AI models (e.g., text submitted for TTS, audio generated) and associated metadata. Specific details are provided in the Enterprise agreement.
Does European data residency impact API performance?
For users in Europe, data residency may potentially reduce latency due to localized processing. For users outside Europe, performance should remain consistent with our global infrastructure. The primary aim is compliance and data sovereignty.
Is Zero Retention Mode automatically enabled with European data residency?
No, Zero Retention Mode is an optional feature that can be enabled separately, even for accounts with European data residency. It provides an additional layer of data minimization by preventing storage of content on our servers.
How does this relate to GDPR compliance?
European data residency directly supports GDPR compliance by helping organizations meet requirements related to data localization and cross-border data transfers. GDPR compliance itself is a broader commitment involving various data protection principles and practices that ElevenLabs adheres to.
Do I need to change my API calls or SDK usage?
No, typically no changes are required in your application code or API integration. European data residency is configured at the account level by ElevenLabs.