Is HeyGen safe for work?
Medium risk · 28HeyGen · Video · facts (high-confidence)
HeyGen is medium-risk for default at-work use (28/100): it trains on your data unless you opt out, and holds SOC 2 Type II.
28
Medium risk
Watch out: HeyGen holds SOC 2 Type II and stays US only. On consumer plans HeyGen may use your inputs to improve its models unless you email to opt out, and there is no BAA, so keep PHI out of it.
Data and compliance facts
- Trains on consumer-tier data
- Opt-out
- Trains on business-tier data
- No
- Training opt-out available
- Yes
- SOC 2 Type II
- Yes
- ISO 27001
- Unverified
- ISO 42001 (AI management)
- Unverified
- GDPR Data Processing Addendum
- Yes
- HIPAA BAA
- Unverified
- EU data residency
- No
- SSO / SAML
- Yes
- Data retention
- After account deletion, data is kept in backups about 30 days then permanently erased; Enterprise customer data deleted within 60 days of termination.
- Safer tier
- Enterprise (excluded from training, DPA, SSO and SCIM, contractual deletion terms)
Why it scores 28 out of 100
- +18Trains on your data. Training is on by default on the consumer tier; you must find and set the opt-out.
- +10EU data residency. Whether data can be kept in the EU.