SYNTHESIA LIMITED

Synthesia STUDIO

Synthesia Studio is a SaaS platform that allows you to create videos directly in a web browser. Simply select an actor, type in the text and use AI to generate your video without needing actors, film crew or expensive equipment and post-production. You can create stunning business videos in minutes.

Features

• AI avatars
• Custom avatars
• One click translations
• Voice cloning
• Video editing
• Collaboration tools
• Integrations
• Closed captions
• Video embedding tools
• Video templates

Benefits

• Create personalised video content at scale
• Cost-effective video creation. No need for studio time.
• Videos can be created in minutes without leaving your desk.
• Synthesia makes video production accessible to businesses of all sizes.
• Synthesia Studio offers scalability to meet diverse production needs.
• Multilingual video production enabling creation of content for diverse audiences.

£7,020 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at questionnaires@synthesia.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

325691129237856

Contact

Stuart Reid
07725693016
questionnaires@synthesia.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Internet connection
  • Web browser

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: There is in-app support and in-app chat and there are support pages available on the website. Support hours are office hours 9-6pm UK & East coast US time zones via support@synthesia.io / Chat support. A Customer Success Manager will be assigned if the deal size permits. Support personnel are located in the EU, and support is available Monday through Friday.; ; Synthesia will assign a Customer Success Manager to any enterprise level customer. The initial engagement will be to complete an onboarding program within the first 30 days of usage that will allow your team to create videos at a professional level of quality. Once this is completed regular reviews are available with your customer success manager at a level of frequency that you desire (weekly/monthly/quarterly). During these sessions, your CSM will help provide feedback on your videos, showcase examples of how other customers have used Synthesia and help ensure you're meeting your business objectives with our tool.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Implementation takes only a matter of hours. You will be provided access to Synthesia STUDIO and can start making videos instantly.; ; Training resources are provided, including videos, webinars, and articles. If you are assigned a Customer Success Manager, they will also provide you with insights on how to get the most out of Synthesia STUDIO, best practice, how to use technical features and answer any questions that you may have.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Webpage
• End-of-contract data extraction: The user can request that a video is deleted, it can then take up to 30 days before it is permanently deleted from our system, including backups. If there is a request to delete specific video data or delete all video data on termination of an account, we will delete all copies permanently and provide confirmation of deletion. If there is no request for deletion after termination of an account, the information will automatically be deleted within 30 days.
• End-of-contract process: The end user manages the video data that is created on the platform. The user can request that a video is deleted, it can then take up to 30 days before it is permanently deleted from our system, including backups. If there is a request to delete specific video data or delete all video data on termination of an account, we will delete all copies permanently and provide confirmation of deletion. If there is no request for deletion after termination of an account, the information will automatically be deleted within 30 days. We use AWS services for erasure.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Synthesia provides a REST API for video generation. Videos can be exported from the web app or via the API as an MP4.; ; Our API documentation can be found here: https://docs.synthesia.io/docs
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Our infrastructure is scalable to avoid negative impact of higher than average loads. Load balancers are used to distribute traffic in a way that increases the reliability and availability of the system.

Analytics

• Service usage metrics: Yes
• Metrics types: Operational status is visible on http://status.synthesia.io/
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The data import / export functionality allows data to be exported via the API or as an MP4. The vendor also provides a REST API for video generation. Videos can be exported from the web app or via the API in MP4 format. It is also important to note that all video data generated on the platform can be downloaded or exported via the API in MP4 format prior to termination of the contract.
• Data export formats: Other
• Other data export formats: MP4
• Data import formats: Other
• Other data import formats: Direct upload

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% System Availability or above (standard SaaS Service Level).
• Approach to resilience: Our infrastructure uses AWS services with corresponding resilience to natural disaster and multiple availability zones. We have a documented BC/DR Policy. In the event that our video generation service becomes unavailable, the target for full system recovery is set at 72 hours with full point of time recovery.
• Outage reporting: In the event of a disruption to the service, we notify users via email and in-app notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Users can authenticate by logging into their accounts either via username/password or SAML SSO. AWS Cognito is used as a managed service to handle authentication. MFA is supported through SSO. For employees, Okta is used as an identity management solution. SAMLv2 Single Sign-On and authentication via Google are also supported. Administrators are required to use a password manager with a unique strong password and MFA
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2
• Information security policies and processes: Synthesia has an assigned security team responsible for information security management. The Head of Security, Martin Tschammer, is responsible for the implementation and delivery of the information security programme, reporting to the CEO. Our Information Security Management System is fully aligned with SOC2.; ; Please refer to attached SOC 2 Report for further details.; Information Security Policy is available at https://security.synthesia.io.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have documented procedures for configuration and change management for all applications. Change management is set out in our Operations Security Policy and Secure Development Policy. All operating procedures are documented for our infrastructure and the setup, deployment of new systems and installation of software must be authorised, tested and reviewed. All changes go through internal code review for release. Each change then needs to pass through 2 environments before being released to the production environment (development, staging) and thus becoming available to users. We review and run automated tests (unit, integration, and functional) on each stage.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Synthesia has implemented a vulnerability management program to detect and remediate system vulnerabilities in our infrastructure. In general, patches shall be applied to production servers as soon as a critical vulnerability is identified, otherwise patches shall be scheduled for critical systems every 30 days. For instances where vulnerabilities are found, but no patches are available, the procedure is to isolate where possible, add hotfixes where necessary and to increase detection and response vigilance for affected areas. https://security.synthesia.io/resources
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use market leading IDS/IPS/CNAPP tools to detect malicious activity on servers and within the infrastructure. We also perform operational logging, monitoring, and alerting on production systems.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All security incidents are reported to the Synthesia Information Security Officer (ISO). An incident response team is formed to respond to critical events with oversight from the ISO and CEO. We have a documented Incident Response Plan to manage incidents. The plan is reviewed at least annually. All incidents are documented in our Security Incident Register. All actions taken during an incident are documented and the whole process reviewed once the emergency is over. For incidents where Synthesia is the Data Controller, regulatory authorities and affected individual will be notified without undue delay, but in no more than 72 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  The Synthesia STUDIO tool puts the power of video creation in the hands of people who previously would never be able to afford the cost of traditional video production.

Pricing

• Price: £7,020 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can offer a 4 week trial of Synthesia STUDIO for new teams/departments.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at questionnaires@synthesia.io. Tell them what format you need. It will help if you say what assistive technology you use.