HeyGen Privacy Policy

1. Introduction

HeyGen is an independent platform for creating synthetic media, allowing users to create their text to video. We understand that your privacy is important and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our websites and uses our platform, and only collect and use information in ways that are consistent with your rights and obligations under applicable laws.

‍

This Policy describes how HeyGen, Inc. (“HeyGen”, “our”, “we”, “us”) collects, uses and disclosures personal information about you when you use our websites (https://www.heygen.com and https://app.heygen.com) (“Site”), and our application programming interfaces, software, tools, data and documentation offered on the Site (collectively, “Services”). For purposes of this Privacy Policy, HeyGen is the data controller of your information, and “you” and “your” means you, the person using the Services.

‍

Please read this Privacy Policy carefully and ensure that you understand it. By using any of our Services, you agree to this Privacy Policy and our collection, use and disclosure of your information as described in this Privacy Policy. If you disagree with this Privacy Policy, you must stop using our Services immediately.

2. Scope – What Does This Policy Cover?

This Privacy Policy applies only to our collection and processing of information about users of the Services, including individuals who access and use the Services on behalf of a business customer. This Privacy Policy does not apply to our collection and processing of information on behalf of customers of our enterprise or business offerings, which is governed by our customer contracts. If you have questions about the use of information by a business customer, please reach out to the relevant customer directly.

‍

This Privacy Policy also does not extend to any websites or platforms operated by third parties that are linked to our Site (whether we provide those links or other users share them) nor does it apply to content, data, applications or materials from third parties, including other users. We are not responsible for the privacy or security of, or information found on, these sites or platforms, or the accuracy, completeness or reliability of third-party materials, and have no control over how your information is collected, stored, or used by other websites. We advise you to check the privacy policies of any third party website or platform before providing any information to them. Our inclusion of any links to third party websites or platforms does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

3. What Information Do We Collect?

We collect certain information about you from different sources, as described in this section.

‍

Information You Provide Us

Some features of the Services may require you to directly provide us with information. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Depending upon your use of our Services, we may collect some or all of the following information about you:

• Account and contact information. When you create an account, we collect your name, email address and account password. We may also collect other information associated with your account, such as your phone number, business/company name and position, mailing address and social media handles. Depending on the plan that you subscribe to, we may collect payment information and transaction history.
• User Input. When you use our Services, we collect personal information that is included in the text, voice, scripts, images, videos and other Input (as defined in our Terms) that you provide to generate videos, avatars and other forms of output, alongside metadata associated with the Input. As described below, we may use Input that you provide us to improve our services, for example, to train and enhance the models that power our Services. Some of the features of the Services require us to process parts of faces or bodies within a video or photo, and this may include face imagery. The information we use for this process is used to create and personalize avatars. It is not used to identify you.  We may also disclose Input to our vendors who help us provide the Services.
• Information posted to the Services. Certain features on the Services may enable you to share templates or make your videos and other content available to other users. We collect information that you choose to share or make available (“UGC”), and we, or others, may store, display, reproduce, publish or otherwise use UGC (including with your name and email address) and may or may not attribute it to you. Others, including other users, may also have access to UGC and may have the ability to share it with third parties.
• Communications information. We collect your name, email address and other information you provide in communications with us, including through the “Contact Sales” page or when interacting with us through our online chatbot.

‍

Information Collected Automatically

We automatically collect certain information about your interaction with the Services (“Usage Data”), including through cookies, web beacons and other technologies (“Tracking Technologies”). This information includes:

• Device information, such as device type, operating system, unique device identifier and IP address.
• Location information, such as approximate location based on IP address
• Other information regarding your interaction with the Services, such as your operating system, browser type, date and time stamps and clickstream data (including referring site, the types of content that you view or engage with, the features that you use and other actions you take on the Services, as well as the site you exit to).

‍

For more information on how we use Tracking Technologies and your choices, please see the "Cookies and Other Tracking Technologies" section below.

‍

Information From Third Parties

We may obtain information about you from outside sources, including:

• Integration partners. Information we receive when you connect HeyGen to an integration service.
• Login integrations. Information we receive when you choose to access the Services through a login integration or a Single Sign On service.
• Social media platforms. Information we receive from social media platforms, such as when you interact with us on YouTube, TikTok or Instagram.

4. How Do We Use Your Information?

We use your personal information to provide you with the best possible products and services. This includes:

• Providing and managing your Account, and access to and use of our Services.
• Personalizing and tailoring your experience with our Services, including surfacing recommendations, enabling you to create Output and generating such output for you.
• Providing customer support, responding to communications from you, sending you emails that you have subscribed to or announcements relating to your account.
• Conducting research and development, improving and developing our products and technology (including training the models that power our services), analyzing your use of our Services and gathering feedback to enable us to understand and improve. our Services and your user experience, and monitoring and analyzing trends
• Enhancing the safety and security of our Services, such as conducting troubleshooting, data analysis, testing, evaluation and system reporting.
• Complying with applicable legal obligations, enforcing our contractual arrangements and policies, and protecting or defending the Services, our rights and the rights of our users or others.
• Sending you marketing communications, including news and offers on our products or services (with your permission/consent or where otherwise permitted by applicable law). Unless permitted by law, we will not send you unsolicited marketing communications. We will also take all reasonable steps to ensure that we comply with our obligations under applicable email marketing laws. You can unsubscribe from our emails at any time by using the unsubscribe function in the email communication to you, or upon manual request to privacy@heygen.com. We will remove your email address from our subscriber list upon receipt of such a request.

5. How Do We Share Your Data?

We only disclose your personal information as described in this Privacy Policy. Unless otherwise described, we will never sell your personal information to anyone for monetary consideration. You are in control of your personal information at all times.

‍

In certain circumstances, we may disclose your personal information to third parties for the purposes described in this Privacy Policy, including:

• Vendors and Service Providers. We may contract with third parties who help us provide the Services, including for payment processing, cloud storage, chatbot operation, voice transcriptions, image generation, system administration, security, customer relationship management, delivery of goods, search engine facilities, data analytics, advertising, and marketing. In some cases, these third parties may require access to some or all of your information. We will take all reasonable steps to ensure that your information will be handled safely and securely.
• With direction or consent. We may also disclose information to third parties, including other users of the Services, when you request, direct or consent to us doing so, such as when you make output or other content available to others, through your use of login integrations and social media widgets or with your consent.
• Affiliates. We may disclose information to our affiliates or others within our corporate group.
• Legal reasons. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings or where we are cooperating or complying with the requirements of legislation, a court order, a governmental authority or law enforcement. We may also disclose information to comply with applicable law, to enforce our contractual arrangements and policies, or protect or defend the Services, our rights and the rights of our users or others.

‍

We may also compile statistics about the use of our Site, including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymized and will not include any personally identifying information. We may occasionally share such data with third parties, such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

6. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business, and this may involve the sale and/or the transfer of control of all or part of our business, which could take various forms, such as an asset sale, merger, bankruptcy or other business transaction. Personal information provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part, and the new owner or newly controlled party will, under the terms of this Privacy Policy, be permitted to use the information for the purposes for which it was originally collected by us. We may also disclose personal information to third parties assisting with such a business transaction, such as legal advisors involved in the diligence processor.

‍

If any of your personal information will be transferred in such a manner, you will be contacted in advance and informed of the changes.

7. Cookies and Other Tracking Technologies

As described above, the Site and Services may use certain Tracking Technologies to collect Usage Data, including first-party Tracking Technologies (those placed directly by us and are used only by us) and third-party Tracking Technologies (those placed by websites, services and/or parties other than us). These Tracking Technologies include those provided by Google Analytics, Datadog, DoubleClick and Meta.

‍

We use Tracking Technologies because it is in our legitimate interests to facilitate, improve and tailor your experience with the Services, run analytics, de-bug and to provide and improve our products and services. For example, we use Datadog to better understand our user’s experience (e.g., how much time is spent on pages, what features they use, what links they choose to click, etc.) and this enables us to build and maintain the Services with user feedback. We may associate Usage Data with the device you use to access the Services, or email accounts you use to engage with us. We also use Tracking Technologies for advertising related purposes, including for remarketing and to deliver targeted ads to you, and analyze and measure the effectiveness of our advertisements. We use cookies on our Site in accordance with current English and EU Cookie Laws, and if you are in the EU or UK, we request your consent before dropping Tracking Technologies that are not strictly necessary for the Services.

‍

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of Tracking Technologies. While you do not have to allow us to use Tracking Technologies, they do enable us to continually improve our Services, making it a better and more useful experience for you.

‍

If you so choose, you can choose to disable or delete cookies in your Internet browser at any time. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. For further details, please consult the help menu in your internet browser or the documentation that came with your device. Disabling or deleting cookies may cause some of the Services to work incorrectly, and you may lose any information that enables you to access our Site more quickly and efficiently, including login and personalization settings. While your browser may allow you to transmit a “do not track” / “opt-out preference” signal or other mechanism for exercising choices regarding the collection of information by Tracking Technologies, like many websites, our website is not designed to respond to such signals. To learn more about “do not track” signals, you can visit http://www.allaboutdnt.com/.

‍

For information about interest-based ads, and to opt out of targeted advertising by companies that participate in the Digital Advertising Alliance, visit http://optout.aboutads.info/ or https://www.youronlinechoices.com/. You can also use the Network Advertising Initiative opt-out at https://thenai.org/opt-out/. Google and Meta also provide options to customize how your information is collected and used. For example, you can utilize Google Analytics’s Opt-Out Browser Add On here, or alter Facebook Ads Display options in your Facebook account. If you apply certain ad blockers or tools to restrict cookies, it may interfere with your ability to opt out.

8. How Long Do We Store Your Information?

We only keep your personal information for as long as we need to provide our products and services as described in this Privacy Policy and/or for as long as we have your permission to keep it. In determining the length of time we retain information, we consider various criteria, including whether we need the information to continue to administer your account, provide the Services, maintain output and content that you have generated, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property and products. We conduct reviews when appropriate to ascertain whether we still need to keep your information.

‍

If you submit a request to delete your information, we strive to take steps to delete that information within 24 hours of your request, unless we are required or permitted to retain such information under applicable law. For additional information, see “Summary of Your Rights” below.

9. How Do We Secure Your Information?

Data security is of great importance to us, and to protect your personal information, we have put in place suitable physical, electronic, and managerial procedures designed to safeguard and secure personal information collected through our Site.

‍

Notwithstanding any security measures that we take, it is important to remember that the transmission of data via the Internet may not be completely secure, and we cannot guarantee that the collection, transmission and storage of data will always be secure. Please take suitable precautions when transmitting data via the Internet to us.

‍

In addition, if you choose to register an account with us, you are responsible for keeping your account credentials safe. We recommend that you do not share your access details with anyone. If you believe your account has been compromised, please contact us immediately.

10. Summary of Your Rights

When you submit information via our Site, you may be given options to restrict our use of your information. We aim to give you strong control on our use of your information. Depending on where you live, you may have certain rights in relation to your personal information. However, these rights are not absolute, and may only apply in certain circumstances.

• Access. You may have the right to request access to the information we hold about you, how we use it, and who we share it with.
• Delete. You may have the right to request that we delete information we hold about you.
• Correct. You may have the right to request that we correct inaccurate information we maintain about you.
• Opt out of targeted advertising. You may have a right to opt-out of the processing of your information for the purposes of targeted advertising. For more information, please see the “Cookies and Other Tracking Technologies” section above.
• Portability. You may have the right to receive a copy of personal information we hold about you and request that we transfer it to a third party.
• Restriction of processing to storage only. You may have the right to ask us to stop, suspend or restrict our processing of personal information.
• Objection. You may have the right to object to our processing of personal information. You can also object to marketing at any time by using the unsubscribe/opt-out function displayed in our communications to you.
• Withdrawal of consent. Where we rely on consent to process your personal information, you may have the right to withdraw this consent at any time. If you confirm that you wish to withdraw your consent, we will delete your information from our systems. However, you acknowledge this may limit our ability to provide you with the best possible products and services.

‍

To submit a request to exercise any of the foregoing rights, please contact us using the details set out in the “Contacting Us” section below.

‍

We will not discriminate against you for exercising any of these rights. Further information may be needed to verify your identity before exercising these rights, such as your email address or government issued ID. You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. If we deny your request, you may appeal our decision by contacting us through the methods described below.

11. Children's Privacy

Our Services are not intended for minors under the age of 18, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian of a child under 13 years old who has provided us with personal information, please contact us at privacy@heygen.com. If we become aware that we have unknowingly collected personal information from a child under age 13, we take steps to remove that information from our servers.

12. Social Features

Certain features of the Services allow you to initiate interactions between the Services and third-party services or platforms, such as YouTube, TikTok, Instagram and email integrations (“Social Features”). Social Features include features that allow you to access our pages on third-party platforms, and from there “like” or “share” our content, or to access our Services through a login integration. Use of Social Features may allow a third party to collect and/or use your information. If you use Social Features, information you post or make accessible may be publicly displayed by the third-party service. Both we and the third party may have access to information about you and your use of both the Services and the third-party service. For more information, see the section below.

13. Third-party Websites and Materials

As described above, we are not responsible for the privacy or security of, information found on, or any practices employed by any third-party applications, websites, or services linked to or from our Service. Although we may provide links to third-party websites or platforms, or display content, data, applications or materials from third parties, our Privacy Policy does not apply to those third-party sites or materials, and your browsing and interaction on any third-party site, application, or service, including those that have a link on our Services, are subject to that third party's own terms and policies.

14. Additional U.S. State Disclosures

This section provides additional information to residents of California, Colorado or other U.S. states that have passed a law similar to the California Consumer Privacy Act (“CCPA”). For purposes of this section, “personal information” also includes “sensitive personal information” as those terms are defined under the CCPA.

‍

The following table sets out the categories of personal information (sensitive information denoted by *) we collect and disclose (if applicable), including our practices over the past 12 months.

‍

For information regarding the specific purposes for which we collect and disclose your personal information and the categories of sources from which we collect your personal information, please see section 3 “What Information Do We Collect?” and section 4 “How Do We Use Your Information” above. Information about our retention of personal information is described in section 8, “How Long Do We Store Your Information”. We only use and disclose sensitive  personal information for the purposes specified in the CCPA or otherwise with your consent.

‍

We do not “sell” or “share” (as those terms are defined in the CCPA) personal information, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we sell or share personal information about California residents under 16 years of age.

‍

California residents under the age of 18 who have registered to use the Services and posted UGC to the Services can request that their UGC be removed by contacting us at privacy@heygen.com. Such a request must state that they personally posted such UGC or information and detail where the UGC is posted. We will make reasonable good faith efforts to remove the content from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control.

‍

15. Third-party Websites and Materials

Our Services are designed for users in the United States only and are not intended for users located outside the United States. By using our Services, you understand that your personal information may be processed and stored on servers, and transferred to third parties, outside your country of residence, including the United States.

‍

The personal information that you provide to us and that we collect from you will be transferred to, stored at, or processed in, countries outside your country of residence, such as to the United States. Your personal information is also processed by staff operating outside the EEA, UK or Switzerland who work for us or one of our third-party service providers or partners. We process the personal information that you provide to us in countries outside your country of residence in order to provide our Services, perform our contract with you, and provide our website’s functionality. We also use standard contractual clauses as relevant for certain transfers of personal information to third countries, unless the transfer is to a country that has been determined to provide an adequate level of protection for individuals’ rights and freedoms for their personal information.

‍

If you are in the EEA, UK or Switzerland, our legal bases for processing your personal information include:

• Performance of a contract with you. We process certain account and contact information, information, application information, user content and Usage Data to provide and maintain your account and our Services. If you do not provide some of this information, we may not be able to provide our Services to you.
• Our legitimate interests. We process certain account and contact information, application information, user content, communications information and Usage Data where it is in our legitimate interest, and those interests are not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include us processing information in order to be responsive to you, protect our Services from fraud, security or abuse, and to develop, improve and provide effective products and services, including for training and enhancing our models.
• Your consent. If we ask for your consent to process your personal information for a specific purpose, such as to send marketing communications to you. You can withdraw your consent at any time.
• Compliance with legal obligations. We may process information to comply with applicable law, to enforce our contractual arrangements and policies, or to protect or defend the Services, our rights, the rights of our users or others.

‍

Our representative in the European Economic Area and the UK is:

‍

As described in section 1 “Introduction”, HeyGen, Inc. is the relevant data controller for the processing of your information, and we are a domestic corporation established in the United States.

‍

16. Changes to our Privacy Policy

We may change this Privacy Policy from time to time, in which case we will update the “Effective” date at the top of this Privacy Policy and post the updated Privacy Policy  on our Site. If we make material changes to the way in which we use personal information collected about you, we will use commercially reasonable efforts to notify you and take additional steps as required by applicable law. We recommend that you check this page regularly to keep up-to-date. If you do not agree to any updates to this Privacy Policy, please do not use or access any of the Services.

17. Contacting Us

If you have any questions about our Services or this Privacy Policy, please contact us by email at privacy@heygen.com.

‍

Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you. If you think we have infringed applicable data privacy or protection laws, you can complain to your local data protection supervisory authority in which you are based or where you think we have infringed data protection laws. Of course, we hope you will contact us first so we can resolve any issues.