HeyGen Privacy Policy

Effective as of 22nd of October 2024

1. Introduction

HeyGen is an independent platform for creating synthetic media, allowing users to create their text to video. We understand that your privacy is important and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our websites and uses our platform, and only collect and use information in ways that are consistent with your rights and obligations under applicable laws.

‍

This Policy describes how HeyGen Technology Inc. (“HeyGen”, “our”, “we”, “us”) collects, uses and disclosures personal information about you when you use our websites (https://www.heygen.com and https://app.heygen.com) (“Site”), and our application programming interfaces, software, tools, data and documentation offered on the Site and our mobile apps, including access via mobile devices and apps (collectively, “Services”). We are a domestic corporation established in the United States.
‍

Our address and contact is:

12130 Millennium Drive Suite 300,

Los Angeles,

CA 90094,

[email protected]
‍

For purposes of this Privacy Policy, HeyGen is usually the processor of your personal data. We are the controller only if we process data for our own legitimate purposes, as described in point 4. When we refer to “you” and “your” it means you, the person using the Services. We refer interchangeably to “personal information” and “Personal Data”, which, depending on the jurisdiction, means the data or information based on which a person can be identified.
‍

HeyGen complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. HeyGen has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. HeyGen has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.
‍

This policy details the types of personal data we collect, the purposes for which they are collected, and how they are used. Please read this Privacy Policy carefully and ensure that you understand it. By using any of our Services, you agree to this Privacy Policy and our collection, use, and disclosure of your information as described in this Privacy Policy. If you disagree with this Privacy Policy, you must stop using our Services immediately.

2. Scope – What Does This Policy Cover?

This Privacy Policy applies only to our collection and processing of information about users of the Services, including individuals who access and use the Services on behalf of a business customer.

‍

This Privacy Policy does not apply to the collection and processing of information on behalf of customers of our enterprise or business offerings, which are governed by our customer contracts. If you have questions about the use of information by a business customer, please reach out to the relevant customer directly.

‍

This Privacy Policy also does not extend to any websites or platforms operated by third parties that are linked to our Site (whether we provide those links or other users share them), nor does it apply to content, data, applications, or materials from third parties, including other users. We are not responsible for the privacy or security of, or information found on these sites or platforms, or the accuracy, completeness, or reliability of third-party materials, and have no control over how your information is collected, stored, or used by other websites. We advise you to check the privacy policies of any third-party website or platform before providing any information to them. Our inclusion of any links to third-party websites or platforms does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

3. What Information Do We Collect?

We collect certain information about you from different sources, as described in this section.
‍

Information You Provide Us
‍

Some features of the Services may require you to provide us with information directly. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Depending upon your use of our Services, we may collect some or all of the following information about you:

Account and contact information. When you create an account, we collect your name, email address and account password. We may also collect other information associated with your account, such as your phone number, business/company name and position, mailing address and social media handles. Depending on the plan that you subscribe to, we may collect payment information and transaction history. All payment data is stored by Stripe. You may find their privacy notice link here.
User Input. When you use our Services, we collect personal information that is included in the text, voice, scripts, images, videos, and other Input (as defined in our Terms) that you provide to generate videos, avatars, and other forms of output, alongside metadata associated with the Input. As described below, we may use the input that you provide us to improve our services, for example, to train and enhance the models that power our Services. Some of the features of the Services require us to process parts of faces or bodies within a video or photo, and this may include face imagery. The information we use for this process is used to create and personalize avatars. See our Biometric Information Privacy Notice for further information about how we process information to create avatars.
Information posted to the Services. Certain features on the Services may enable you to share templates or make your videos and other content available to other users. We collect information that you choose to share or make available (“UGC”), and we, or others, may store, display, reproduce, publish or otherwise use UGC (including with your name and email address) and may or may not attribute it to you. Others, including other users, may also have access to UGC and may have the ability to share it with third parties.
Communications information. We collect your name, email address, and other information you provide in communications with us, including through the “Contact Sales” page or when interacting with our online chatbot.
‍

Information Collected Automatically
‍

We automatically collect certain information about your interaction with the Services (“Usage Data”), including through cookies, web beacons and other technologies (“Tracking Technologies”). This information includes:

Device information, such as device type, operating system, unique device identifier, and IP address.
Location information, such as approximate location based on IP address
Other information regarding your interaction with the Services, such as your operating system, browser type, date and time stamps, and clickstream data (including referring site, the types of content that you view or engage with, the features that you use, and other actions you take on the Services, as well as the site you exit to).

Please see the "Cookies and Other Tracking Technologies" section below for more information on how we use tracking technologies and your choices.
‍

Information From Third Parties
‍

We may obtain information about you from outside sources, including:

Integration partners. Information we receive when you connect HeyGen to an integration service.
Login integrations. Information we receive when you choose to access the Services through a login integration or a Single Sign On service.
Social media platforms. Information we receive from social media platforms, such as when you interact with us on YouTube, TikTok or Instagram.

4. How Do We Use Your Information, and for what Purpose?

We use your personal information to provide you with the best possible products and services. Depending on the country in which you are located, we will only process your Personal Data based on a valid legal ground. In general, HeyGen acts as a data processor when processing personal data on behalf of our business customers in accordance with their instructions. However, HeyGen acts as a data controller when processing personal data for purposes such as marketing, service improvement, and regulatory compliance.
‍

Below, we list the purposes and appropriate legal grounds for processing:

Providing and managing your Account and access to and use of our Services. It is necessary to perform our obligations under the Terms of Service agreement between you and us.
Personalizing and tailoring your experience with our Services, including surfacing recommendations, enabling you to create Output and generating such output for you. It is necessary to perform our obligations under the services agreement between you and us.
Providing customer support, responding to communications from you, sending you emails that you have subscribed to, or announcements relating to your account. It is necessary to perform our obligations under the services agreement between you and us.
To train and enhance the models that power our products and services, including to make our avatar creation models more accurate. It is necessary for our legitimate interest and subject to appropriate safeguards. You may request to opt-out of this training and enhancement by contacting us at [email protected].
Providing customer support, responding to communications from you, sending you emails that you have subscribed to or announcements relating to your account. It is necessary to perform our obligations under the services agreement between you and us.
Understanding the usage of our services, understanding trends and preferences, improving and repairing errors in the services, and in this context developing new products, services, features, and functionalities. We have a legitimate interest in using your Personal Data for the purpose of understanding usage.
Enhancing the safety and security of our Services, such as conducting troubleshooting, data analysis, testing, evaluation and system reporting. We have a legitimate interest in using your Personal Data for the purpose of ensuring security and safety.
Complying with applicable legal obligations, enforcing our contractual arrangements and policies, and protecting or defending the Services, our rights and the rights of our users or others. We may need it to comply with a legal obligation, for instance, to comply with court order.
Enforcing our contractual arrangements and policies, and protecting or defending the Services, our rights, and the rights of our users or others. We have a legitimate interest in using your Personal Data to safeguard our contracts and legally recognized interests.
Sending you marketing communications, including news and offers on our products or services (with your permission/consent or where otherwise permitted by applicable law). Unless permitted by law, we will not send you unsolicited marketing communications. We will also take all reasonable steps to ensure that we comply with our obligations under applicable email marketing laws. You can unsubscribe from our emails at any time by using the unsubscribe function in the email communication to you. We will remove your email address from our subscriber list upon receipt of such a request.

Depending on the country in which you are located, we will only process your Personal Data based on a valid legal ground. For your convenience, the table below describes the legal grounds by purpose for data processing in compliance with the EU and UK GDPR, and Swiss FADP.

Purpose (abbreviated)	Description	Legal ground (where required under applicable law)
Providing the services	We may process your Personal Data to provide the services described in the Terms	It is necessary to perform the Terms
Communicating with you	We may process your Personal Data to communicate with you about the Terms or our services, or for administrative purposes, including to reply to your comments and questions	It is necessary to perform the Terms
Billing	We may process your Personal Data to handle any payments to you as described in the Terms	It is necessary to perform the Terms
Preventing fraud	We may process your Personal Data to protect against and prevent fraud, and protect against malicious, deceptive, fraudulent, or illegal activity, including to prosecute those responsible for such activity	We, or a third party, have a legitimate interest in using your Personal Data for the purpose of protecting against and preventing fraud
Safety	We may process your Personal Data to safeguard our platform and services, and to ensure security and safety	We, or a third party, have a legitimate interest in using your Personal Data for the purpose of ensuring security and safety
Understanding usage	We may process your Personal Data to understand the usage of our services, to understand trends and preferences, to improve and repair errors in the services, and to develop new products, services, features, and functionalities	We, or a third party, have a legitimate interest in using your Personal Data for the purpose of understanding usage
Administrative and legal	We may use your Personal Data to address any administrative or legal issues pertaining to HeyGen, including but not limited to intellectual property infringement, defamation, rights of privacy issues, to enforce our Terms of Service or other legal rights, to facilitate transactions and payments, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency	We, or a third party, have a legitimate interest in using your Personal Data for the purpose of addressing administrative and legal issues
Compliance	We may process your Personal Data for compliance with legal obligations to which we are subject, for instance to comply with accounting and tax rules, or as mandated by a court order	We need it to comply with a legal obligation, for instance to comply with a court order
Research and development of AI models	We may process your Personal Data to research, develop and improve our AI models	We have a legitimate interest in using your Personal Data for the purpose of Research and development of AI models, to the extent that the balance between rights and interests is safeguarded. You may opt-out from such processing by contacting us at [email protected]
Verify identity to prevent fraud and misuse	We may process biometric data for the purpose of confirming your identity to prevent fraud and avoid malevolent and other uses of HeyGen, which are against our permitted use policies.	You explicitly consent to such processing upon setting up and signing up for HeyGen. You can withdraw your consent by contacting [email protected]. Withdrawal of consent for processing for this purpose may, however prevent the use of certain advanced features of HeyGen.
Other purposes	If we intend to use your Personal Data for other purposes, we will provide specific notice at the time the Personal Data is collected.	Please consult the relevant specific notice

Loading embed content...

We only disclose your personal information as described in this Privacy Policy. Unless otherwise described, we will never sell your personal information to anyone for monetary consideration. You are in control of your personal information at all times.

‍

In certain circumstances, we may disclose your personal information to third parties for the purposes described in this Privacy Policy, including:

Vendors and Service Providers. We may contract with third parties who help us provide the Services, including for payment processing, cloud storage, chatbot operation, voice transcriptions, image generation, system administration, security, customer relationship management, delivery of goods, search engine facilities, data analytics, advertising, and marketing. In some cases, these third parties may require access to some or all of your information. We will take all reasonable steps to ensure that your information will be handled safely and securely, such as through data protection agreements. In some cases we may be legally liable for such onward transfers to third-parties. You can access list of our subprocessors here.
With direction or consent. We may also disclose information to third parties, including other users of the Services, when you request, direct or consent to us doing so, such as when you make output or other content available to others, through your use of login integrations and social media widgets or with your consent.
Affiliates. We may disclose information to our affiliates or others within our corporate group.
Legal reasons. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings or where we are cooperating or complying with the requirements of legislation, a court order, a governmental authority or law enforcement. We may also disclose information to comply with applicable law, to enforce our contractual arrangements and policies, or protect or defend the Services, our rights and the rights of our users or others.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

‍

We may also compile statistics about the use of our Site, including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymized and will not include any personally identifying information. We may occasionally share such data with third parties, such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

6. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business, and this may involve the sale and/or the transfer of control of all or part of our business, which could take various forms, such as an asset sale, merger, bankruptcy or other business transaction. Personal information provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part, and the new owner or newly controlled party will, under the terms of this Privacy Policy, be permitted to use the information for the purposes for which it was originally collected by us. We may also disclose personal information to third parties assisting with such a business transaction, such as legal advisors involved in the due diligence process.

‍

If any of your personal information is transferred in this manner, you will be contacted in advance and informed of the changes.

7. Cookies and Other Tracking Technologies

As described above, the Site and Services may use certain Tracking Technologies to collect Usage Data, including first-party Tracking Technologies (those placed directly by us and are used only by us) and third-party Tracking Technologies (those placed by websites, services and/or parties other than us). These Tracking Technologies include those provided by Google Analytics, Datadog, DoubleClick and Meta.

‍

We use Tracking Technologies because it is in our legitimate interests to facilitate, improve and tailor your experience with the Services, run analytics, de-bug and to provide and improve our products and services. For example, we use Datadog to better understand our user’s experience (e.g., how much time is spent on pages, what features they use, what links they choose to click, etc.) and this enables us to build and maintain the Services with user feedback. We may associate Usage Data with the device you use to access the Services, or email accounts you use to engage with us. We also use Tracking Technologies for advertising related purposes, including for remarketing and to deliver targeted ads to you, and analyze and measure the effectiveness of our advertisements. We use cookies on our Site in accordance with current English and EU Cookie Laws, and if you are in the EU or UK, we request your consent before dropping Tracking Technologies that are not strictly necessary for the Services.

‍

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of Tracking Technologies. While you do not have to allow us to use Tracking Technologies, they do enable us to continually improve our Services, making it a better and more useful experience for you.

‍

If you so choose, you can choose to disable or delete cookies in your Internet browser at any time. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. For further details, please consult the help menu in your internet browser or the documentation that came with your device. Disabling or deleting cookies may cause some of the Services to work incorrectly, and you may lose any information that enables you to access our Site more quickly and efficiently, including login and personalization settings. While your browser may allow you to transmit a “do not track” / “opt-out preference” signal or other mechanism for exercising choices regarding the collection of information by Tracking Technologies, like many websites, our website is not designed to respond to such signals.

‍

Google and Meta also provide options to customize how your information is collected and used. For example, you can utilize Google Analytics’s Opt-Out Browser Add On here, or alter Facebook Ads Display options in your Facebook account. If you apply certain ad blockers or tools to restrict cookies, it may interfere with your ability to opt out.

8. How Long Do We Store Your Information?

We only keep your personal information for as long as we need to provide our products and services as described in this Privacy Policy and/or for as long as we have your permission to keep it. In determining the length of time we retain information, we consider various criteria, including whether we need the information to continue to administer your account, provide the Services, maintain output and content that you have generated, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property and products. We conduct reviews when appropriate to ascertain whether we still need to keep your information. After you delete the information or the account, it is kept in the backups for the purpose of disaster recovery and then automatically and permanently erased.

‍

If you submit a request to delete your information, we strive to take steps to delete that information within 72 hours of your request, unless we are required or permitted to retain such information under applicable law. For additional information, see “Summary of Your Rights” below.

9. How Do We Secure Your Information?

Data security is of great importance to us, and to protect your personal information, we have put in place suitable physical, electronic, and managerial procedures designed to safeguard and secure personal information collected through our Site. You can review them here.

‍

Notwithstanding any security measures that we take, it is important to remember that the transmission of data via the Internet may not be completely secure, and we cannot guarantee that the collection, transmission and storage of data will always be secure. Please take suitable precautions when transmitting data via the Internet to us.

‍

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
‍

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

In addition, if you choose to register an account with us, you are responsible for keeping your account credentials safe. We recommend that you do not share your access details with anyone. If you believe your account has been compromised, please contact us immediately.

10. Summary of Your Rights

When you submit information via our Site, you may be given options to restrict our use of your information. We aim to give you strong control on our use of your information. Depending on where you live, you may have certain rights in relation to your personal information. However, these rights are not absolute, and may only apply in certain circumstances.

‍

Access. You may have the right to request access to the information we hold about you, how we use it, and who we share it with.
Delete. You may have the right to request that we delete information we hold about you. You can do it yourself by deleting data from your account or deleting the account.
Correct. You may have the right to request that we correct inaccurate information we maintain about you.
Opt out of targeted advertising. You may have a right to opt-out of the processing of your information for the purposes of targeted advertising. For more information, please see the “Cookies and Other Tracking Technologies” section above.
Portability. You may have the right to receive a copy of personal information we hold about you and request that we transfer it to a third party.
Restriction of processing to storage only. You may have the right to ask us to stop, suspend or restrict our processing of personal information.
Objection. You may have the right to object to our processing of personal information, including to object to (i.e., opt out of) your information being used to train our models, by contacting us at [email protected] You can also object to marketing at any time by using the unsubscribe/opt-out function displayed in our communications to you.
Withdrawal of consent. Where we rely on consent to process your personal information, you may have the right to withdraw this consent at any time. If you confirm that you wish to withdraw your consent, we will delete your information from our systems. However, you acknowledge this may limit our ability to provide you with the best possible products and services.

‍

In general, you also have the right to opt-out of our sharing your personal data with third parties or using your data for purposes other than those for which it was originally collected.

To exercise these rights above, please contact us at [email protected].

‍

We will not discriminate against you for exercising any of these rights. Further information may be needed to verify your identity before exercising these rights, such as your email address or government issued ID. You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. If we deny your request, you may appeal our decision by contacting us through the methods described below.

11. Children's Privacy

Our Services are not intended for minors under the age of 18, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian of a child under 13 years old who has provided us with personal information, please contact us at [email protected]. If we become aware that we have unknowingly collected personal information from a child under age 13, we take steps to remove that information from our servers.

Certain features of the Services allow you to initiate interactions between the Services and third-party services or platforms, such as YouTube, TikTok, Instagram and email integrations (“Social Features”). Social Features include features that allow you to access our pages on third-party platforms, and from there “like” or “share” our content, or to access our Services through a login integration. Use of Social Features may allow a third party to collect and/or use your information. If you use Social Features, information you post or make accessible may be publicly displayed by the third-party service. Both we and the third party may have access to information about you and your use of both the Services and the third-party service. For more information, see the section below.

13. Subprocessors and Third-Party Websites And Materials

As described above, we are not responsible for the privacy or security of, information found on, or any practices employed by any third-party applications, websites, or services linked to or from our Service. Although we may provide links to third-party websites or platforms, or display content, data, applications or materials from third parties, our Privacy Policy does not apply to those third-party sites or materials, and your browsing and interaction on any third-party site, application, or service, including those that have a link on our Services, are subject to that third party's own terms and policies.

‍

The current list of sub-processors can be found here. We reserve the right to engage new sub-processors, provided that they meet a high level of security and data protection. We enter into Data Protection Agreements with all of our sub-processors.

14. Additional U.S. State Disclosures

This section provides additional information to residents of California, Colorado or other U.S. states that have passed a law similar to the California Consumer Privacy Act (“CCPA”). For purposes of this section, “personal information” also includes “sensitive personal information” as those terms are defined under the CCPA.

‍

The following table sets out the categories of personal information (sensitive information denoted by *) we collect and disclose (if applicable), including our practices over the past 12 months.
‍

Category of Personal Information	Recipient(s)
Identifiers, such as name, contact information, IP address and other device identifiers	Vendors and service providers, with your direction or consent (e.g., to other users), with our affiliates.
Personal information under the California Customer Records statute, such as name
Internet and similar network activity information, such as information regarding your interactions with the Services, Input and UGC
Geolocation information, such as IP address	Vendors and service providers, with our affiliates.
Commercial information, such as your subscription transaction history
Characteristics of protected classifications, such as race, color, sex and age
Professional-related information, such as your business/company name
Information drawn from other personal information provided to us, which could include your preferences, interests, and other information used to personalize your experience.
Account access credentials, such as username and password*

Loading embed content...

For information regarding the specific purposes for which we collect and disclose your personal information and the categories of sources from which we collect your personal information, please see section 3 “What Information Do We Collect?” and section 4 “How Do We Use Your Information” above. Information about our retention of personal information is described in section 8, “How Long Do We Store Your Information”. We only use and disclose sensitive personal information for the purposes specified in the CCPA or otherwise with your consent.

‍

We do not “sell” or “share” (as those terms are defined in the CCPA) personal information, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we sell or share personal information about California residents under 16 years of age.

‍

California residents under the age of 18 who have registered to use the Services and posted UGC to the Services can request that their UGC be removed by contacting us at [email protected]. Such a request must state that they personally posted such UGC or information and detail where the UGC is posted. We will make reasonable good faith efforts to remove the content from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control.

‍

HeyGen is subject to the investigatory and enforcement powers of the Federal Trade Commission.

‍

15. Data Transfers,Third-party Websites and Materials

By using our Services, you understand that your personal information may be processed and stored on servers, and transferred to third parties, outside your country of residence, including the United States.

‍

The personal information that you provide to us and that we collect from you will be transferred to, stored at, or processed in, countries outside your country of residence, such as to the United States. Your personal information is also processed by staff operating outside the EEA, UK or Switzerland who work for us or one of our third-party service providers or partners. We process the personal information that you provide to us in countries outside your country of residence in order to provide our Services, perform our contract with you, and provide our website’s functionality.
‍

We also use standard contractual clauses (SCCs) as relevant for certain transfers of personal information to third countries, unless the transfer is to a country that has been determined to provide an adequate level of protection for individuals’ rights and freedoms for their personal information.
‍

We require that third parties to whom we transfer personal data comply with the Data Privacy Framework principles. We use standard contractual clauses (SCCs) to ensure adequate protection for personal data transferred outside the EU, UK, and Switzerland.

Our Data Protection Officer and representative in the European Economic Area, UK and Switzerland is:

‍

Jan Czarnocki

[email protected]
‍

Our relevant supervisory authority in the European Economic Area and the European Union is the Irish Data Protection Commission, accessible here.
‍

As described in section 1 “Introduction”, HeyGen, Inc. is usually the processor of your personal data. We are the controller only if we process data for our own legitimate purposes.
‍

We are a domestic corporation established in the United States.

Our address and contact is:

12130 Millennium Drive

Suite 300, Los Angeles, CA 90094

[email protected]

17. Changes to our Privacy Policy

We may change this Privacy Policy from time to time, in which case we will update the “Effective” date at the top of this Privacy Policy and post the updated Privacy Policy on our Site. If we make material changes to the way in which we use personal information collected about you, we will use commercially reasonable efforts to notify you and take additional steps as required by applicable law. We recommend that you check this page regularly to keep up-to-date. If you do not agree to any updates to this Privacy Policy, please do not use or access any of the Services.

18. Right to Lodge a Complaint

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), HeyGen commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact HeyGen’s Data Protection Officer: [email protected].
‍

HeyGen has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by HeyGen, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you.
‍

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Below are the contact details for the relevant authorities depending on your location:
‍

European Economic Area (EEA) and European Union (EU)

If you are located within the EEA or the EU, you can contact the the Irish Data Protection Commission, accessible here.
‍

United Kingdom (UK)

If you are located in the UK, you can contact the Information Commissioner's Office:

Information Commissioner's Office (ICO) Website
‍

Switzerland

If you are located in Switzerland, you can contact the Federal Data Protection and Information Commissioner:

Federal Data Protection and Information Commissioner (FDPIC) Website

19. Contacting Us

If you have any questions about our Services or this Privacy Policy, please email us at [email protected].

‍

Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you. If you think we have infringed applicable data privacy or protection laws, you can complain to your local data protection supervisory authority in which you are based or where you think we have infringed data protection laws. Of course, we hope you will contact us first so we can resolve any issues.

‍

In addition, if you are a HeyGen customer and wish to enter into a Data Processing Agreement with HeyGen, please contact us at [email protected].