“Turn text into video with AI”
HeyGen is an AI video platform that enables the creation, localization, and personalization of avatar-based videos from text, images, audio, presentations, or templates.
The product includes, among other things, AI Studio, Video Translation, Digital Twins, Voice Cloning, Video Agent, as well as API, CLI, and MCP access. Officially, HeyGen states that it has 100,000+ teams on the web platform and 1,000,000+ developers on the developer platform.
HeyGen
Turn text into video with AI
Location: USA ⓘ HeyGen Technology, Inc., 12130 Millennium Drive, Suite/STE 300, Los Angeles, CA 90094, USA
Pro For advanced individuals; everything in Creator plus significantly more premium usage, faster processing, translation script editing, and 4K export.
Business For teams/businesses; everything in Creator plus more generative usage, multiple Custom Digital Twins, centralized billing, Auto-Reload Credits, team members, Workspace Collaboration, comments, interactive videos, Screen Recorder, SCORM export, LMS and automation integrations. Other Enterprise Custom offer with unlimited videos, no maximum video duration, 4K, fastest processing, multi-workspace control, role management, SCIM, MFA, commercial contract terms, priority support, dedicated CSM, and onboarding.
API Pricing Separate API access for developers and product teams; HeyGen refers to a separate API pricing overview.
Target audience
HeyGen is aimed at several clearly distinguishable target groups: individual creators and freelancers who want to create video content quickly without camera or production effort; marketing and sales teams that need personalized or localized campaign and outreach videos; L&D, HR, and enablement teams that want to roll out training and onboarding content at scale; as well as companies with global communication, customer success, or compliance requirements. Through its API, HeyGen also addresses developers and product teams that want to integrate video creation or video translation directly into their own workflows or products.
Outstanding features
The strongest differentiating features are Digital Twins, Voice Cloning, Video Translation with Lip-Sync, 175+ languages and dialects, the text-based editor AI Studio, PPT/PDF import, SCORM export, and LMS integrations. For developers, there is also API, CLI, and MCP; on the API side, HeyGen now covers Video Agent, Photo Avatar, Digital Twin, Translation, Lipsync, and TTS. For teams, central workspaces, brand kits, collaboration, role/access control, and in higher-tier plans SCIM, MFA, and enterprise support are also relevant.
Most important use cases
HeyGen is strongest wherever scalable video communication matters more than traditional video production: multilingual marketing campaigns, personalized sales outreach, product demos and tutorials, internal communication, customer onboarding, training and learning content, compliance training, and presentation/document-to-video workflows. A particular focus is on localization: a video created once can be converted into many language versions with Voice Cloning and Lip-Sync. In the business context, the focus also shifts more toward team collaboration, governance, and reusable brand/asset standards.
Usage & notes
The Free plan is sufficient for initial testing, but for real productive use, Creator is usually the realistic entry point. Anyone working in a team, rolling out learning content in a structured way, or needing central brand/security controls will quickly end up with Business or Enterprise. From a data protection perspective, special care should be taken when cloning real people or processing face/avatar-related content: HeyGen explicitly processes facial/body image data for this and refers to its own Biometric Privacy Notice. In addition, it is important to know that web and API subscriptions are separate and that US hosting or international transfers play a central role in the data protection assessment.
| Target audience | Assessment |
|---|---|
| Private individuals | Suitable – for short avatar videos, social clips, video ideas, and tests with AI video. |
| Creators / Freelancers | Very suitable – for marketing videos, explainer videos, product videos, Voice Cloning, avatar videos, and localization. |
| SMEs / Teams | Very suitable – for video production, training, sales, internal communication, dubbing, translation, and team collaboration. |
| Large enterprises | Very suitable – Enterprise offers unlimited videos, multi-workspace control, role management, SCIM, MFA, priority support, and enterprise security. |
| L&D, Marketing, Sales, E-Learning | Very suitable – HeyGen is strong in avatar videos, Video Translation, Lip-Sync, digital twins, and multilingual video production. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ❓ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-prem / local hosting: indirect / not available
An on-premises or local hosting option is not listed on the website. The documented deployment is public cloud on AWS in the U.S.
Private Cloud / Data Center: Unclear
A dedicated private cloud or isolated EU/EEA data center option is not specified on the website. Only logical data separation and public cloud operation on AWS in the U.S. are mentioned.
EU SaaS / Managed: Partially
HeyGen offers a managed SaaS service and mentions GDPR, SCCs, and the EU-US DPF. However, EU data residency or storage within the EU/EEA is not documented; instead, according to the website, all customer data is stored in the U.S.
Hybrid: Indirect / Not Available
A hybrid operating model involving partly internal, local, or private processing and partly external SaaS is not specified on the website.
T&C / DPA: Covered
A Data Processing Addendum is published on the website. The DPA is expressly incorporated into the Enterprise SaaS Agreement; Enterprise customers can enter into a DPA.
No Training: Partially
According to the Security page, Enterprise customer data is excluded from AI training by default. According to the Security page and Privacy Policy, non-Enterprise customers can object to training via email. At the same time, the Privacy Policy lists AI model training as a separate processing purpose of HeyGen.
Open Source / Transparency Path: Indirect / Not Available
Open-source components, open models, or self-hostable parts are not specified on the website. The only positively documented aspect is the return of customer data in a common format upon contract termination.
Data Processing
HeyGen describes itself as either a data processor or a data controller, depending on the context of the processing. For customer data in the service context, HeyGen processes data as a data processor in accordance with customer instructions and the DPA. According to the Security page, the technical infrastructure is hosted in the public cloud on AWS in the U.S. According to the website, transfers to third countries for EU/EEA customers are to be safeguarded via the EU-US DPF and SCCs. Subprocessors are provided for and referenced via the security portal; new subprocessors are to be announced, with customers having the option to object in the DPA. For Enterprise customers, AI training using customer data is excluded by default; for non-Enterprise customers, there is an opt-out option via email.
Conclusion
From a GDPR perspective, HeyGen can be conditionally classified as an EU/EEA tool: legal and organizational components are documented, but data processing remains U.S.-centric according to the website. Those with strict requirements regarding EU data residency, EU/EEA hosting, or sovereign operating models will find no documented path to meet these requirements on the website. For less stringent scenarios, use of the service—with a DPA, SCCs/DPF, and careful configuration—may be more justifiable, particularly in an enterprise context.
Sources
| On-prem / local hosting | ❓ |
| Private cloud / data center | ❓ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-prem / local hosting: indirect / not available
An on-premises or local hosting option is not listed on the website. The documented deployment is public cloud on AWS in the U.S.
Private Cloud / Data Center: Unclear
A dedicated private cloud or isolated EU/EEA data center option is not specified on the website. Only logical data separation and public cloud operation on AWS in the U.S. are mentioned.
EU SaaS / Managed: Partially
HeyGen offers a managed SaaS service and mentions GDPR, SCCs, and the EU-US DPF. However, EU data residency or storage within the EU/EEA is not documented; instead, according to the website, all customer data is stored in the U.S.
Hybrid: Indirect / Not Available
A hybrid operating model involving partly internal, local, or private processing and partly external SaaS is not specified on the website.
T&C / DPA: Covered
A Data Processing Addendum is published on the website. The DPA is expressly incorporated into the Enterprise SaaS Agreement; Enterprise customers can enter into a DPA.
No Training: Partially
According to the Security page, Enterprise customer data is excluded from AI training by default. According to the Security page and Privacy Policy, non-Enterprise customers can object to training via email. At the same time, the Privacy Policy lists AI model training as a separate processing purpose of HeyGen.
Open Source / Transparency Path: Indirect / Not Available
Open-source components, open models, or self-hostable parts are not specified on the website. The only positively documented aspect is the return of customer data in a common format upon contract termination.
Data Processing
HeyGen describes itself as either a data processor or a data controller, depending on the context of the processing. For customer data in the service context, HeyGen processes data as a data processor in accordance with customer instructions and the DPA. According to the Security page, the technical infrastructure is hosted in the public cloud on AWS in the U.S. According to the website, transfers to third countries for EU/EEA customers are to be safeguarded via the EU-US DPF and SCCs. Subprocessors are provided for and referenced via the security portal; new subprocessors are to be announced, with customers having the option to object in the DPA. For Enterprise customers, AI training using customer data is excluded by default; for non-Enterprise customers, there is an opt-out option via email.
Conclusion
From a GDPR perspective, HeyGen can be conditionally classified as an EU/EEA tool: legal and organizational components are documented, but data processing remains U.S.-centric according to the website. Those with strict requirements regarding EU data residency, EU/EEA hosting, or sovereign operating models will find no documented path to meet these requirements on the website. For less stringent scenarios, use of the service—with a DPA, SCCs/DPF, and careful configuration—may be more justifiable, particularly in an enterprise context.
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Very strong focus on scalable AI video creation rather than just individual files. | • According to the official GDPR page, all data is stored in the USA; EU data residency is not mentioned as a standard feature. |
| • Strong in multilingualism/localization with voice cloning and lip-sync. | • Non-Enterprise customers are not excluded from AI training by default; opting out is required. |
| • Well suited for marketing, sales, L&D, internal communication, and customer success. | • Many governance/security features such as SCIM, SSO/MFA, and multi-workspace controls are only available in higher Business/Enterprise tiers. |
| • Team/business features such as workspace collaboration, centralized billing, team management, SCORM/LMS, and admin/security features. | • Web plans and API plans are separate; API credits are not included in standard web subscriptions. |
| • Developer access via API, CLI, and MCP. | • As of February 2026, there are no longer any free API credits for the API. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
For users in the EU/EEA, GDPR-compliant use of HeyGen is only plausible under certain conditions that are properly documented; it is not considered standard use that is entirely unproblematic. Positive aspects include an available DPA, SCCs, the EU-US Data Privacy Framework, a European DPO, and documented sub-processor arrangements. However, a negative aspect is that, according to the website, all customer data is stored on AWS in the U.S., and the website does not specify any EU/EEA data residency, any EU data center, or any on-premises/self-hosting option. For standard SaaS in the EU/EEA, a third-country transfer to the U.S. therefore remains an inherent part of the service.
Positive
The website documents a privacy policy, a Data Processing Addendum, SCC information for EU/UK/Switzerland transfers, EU-US DPF certification, a DPO based in Europe, SOC 2 Type II, and an opt-out from AI training. For Enterprise customers, data use for AI training is excluded by default.
Negative
The website states that all HeyGen customer data is stored in the U.S. on AWS. The website does not specify EU data residency, EU/EEA data centers, a private cloud option in the EU/EEA, a hybrid model, or on-premises/self-hosting. Furthermore, according to the privacy policy, HeyGen reserves the right to process data for its own purposes, including service improvement and AI model training; for non-enterprise customers, the only option mentioned is to opt out by contacting the company.
Server Location
According to the website, the services are hosted on AWS in the U.S.; all customer data is stored in the U.S. EU/EEA server locations are not specified on the website.