These "privacy highlights" provide an overview of some core components of our
data handling practices. Please be sure to read our full privacy statement.
CONSENT TO THE USE OF SENSITIVE INFORMATION
We collect information when you register an account, self-report information
through surveys, forms, features or applications, use our Services, upload
your own content to our Services, use social media connections and features,
refer your contacts to us, share information through various interactions
with us and our partners, and via cookies and similar tracking technologies
We use information in general (i) to provide, analyze and improve our Services,
(ii) as we reasonably believe is permitted by laws and regulations, including
for marketing and advertising purposes, (iii) to protect the security and
safety of our company, employees, and customers as we reasonably believe is
permitted by laws and regulations, (iv) to comply with laws and regulations
we are subject to, and (v) when you consent, for research purposes, the
results of which could be used to develop therapeutics.
By agreeing to our Privacy Statement and Terms of Service, you consent to
sensitive information, such as information about your health, Genetic Information,
and Self-Reported Information such as racial and ethnic origin and sexual
orientation (where you provide it) being used by us to:
analyze and provide you with our Services;
analyze and provide you with information about your ancestry;
determine whether you would be suitable to take part in surveys, polls or
questionnaires that we are conducting; and
monitor and improve existing products or services that we offer or to develop
new products and services
We will not use your sensitive information without your consent unless: (i) the
information has been anonymized or aggregated so that you cannot reasonably be
identified as an individual; or (ii) a legal obligation requires us to use it in
some way e.g. a court order requires us to disclose the information.
CONSENT TO THE TRANSFER OF YOUR PERSONAL INFORMATION
By agreeing to our Privacy Statement and Terms of Service, you consent to the
storing and processing of your personal information, including sensitive
information, in the USA and countries outside of the country you live in. We
use a range of measures to safeguard information but these countries may have
laws that are different from those of your country of residence. You also
consent to your personal information, including sensitive information, being
transferred in the event of a business transition such as a merger,
acquisition by another company, or other transaction or proceeding. In such
a case, your information would be used as set out in any pre-existing Privacy
We will not sell, lease, or rent your individual-level information (i.e.,
information about a single individual's genotypes, diseases or other
traits/characteristics) to any third-party or to a third-party for research
purposes without your explicit consent.
We give you the ability to share information with other individuals through
features like DNA Relatives. You will always need to take a positive action
to share your information, for example, DNA Relatives is subject to an opt-in
requirement before we share your information with potential relative matches.
You may independently decide to disclose your information to friends and/or
family members, doctors, health care professionals, or other individuals
outside our Services, including through third-party services such as social
networks and third-party apps that connect to our website and mobile apps
through our application programming interface ("API"); always review the
privacy policies of third-party apps and services before sharing your
We may share anonymized and aggregate information with third-parties;
anonymized and aggregate information is any information that has been stripped
of your name and contact information and aggregated with information of others
or anonymized so that you cannot reasonably be identified as an individual.
We will use your information and share it with third-parties for scientific
research purposes only if you sign a
Consent Document. Note that we will disclose your individual-level
information only if we obtain additional explicit consent from you.
There may be some consequences of using 23andMe Services that you haven't
thought of, you should read our
guide of the surprising things you may find out from using the service
before submitting your saliva sample and personal information.
If you have any questions about our privacy practices, please email us at
firstname.lastname@example.org or send a letter
to the address provided at the
bottom of our full privacy statement.
Full Privacy Statement
This privacy statement applies to all websites owned and operated by 23andMe, Inc
("23andMe"), including www.23andme.com. Our Privacy Statement is designed to help
you better understand how we collect, use, store, process, and transfer your
information when operating our website, mobile apps, products, software and other
services (collectively "Service" or "Services").
1. Key Definitions
information that has been combined with that of other users and analyzed or
evaluated as a whole, such that no specific individual may be reasonably
information that has been stripped of your Registration Information (e.g.,
your name and contact information) and other identifying data such that you
cannot reasonably be identified as an individual.
information about a single individual's genotypes, diseases or other
traits/characteristics, but which is not necessarily tied to Registration
information that can be used to identify you, either alone or in combination
with other information. 23andMe collects and stores the following types of
information you provide about yourself when registering for and/or
purchasing our Services (e.g. name, email, address, user ID and
password, and payment information).
information regarding your genotype (e.g. the As, Ts, Cs, and Gs at
particular locations in your genome), generated through processing
of your saliva by 23andMe or by its contractors, successors, or
assignees; or otherwise processed by and/or contributed to 23andMe.
all information about yourself, including your disease conditions,
other health-related information, personal traits, ethnicity, family
history, and other information that you enter into surveys, forms,
or features while signed in to your 23andMe account.
information about your health, Genetic Information, and certain
Self-Reported Information such as racial and ethnic origin and sexual
all information, data, text, software, music, audio, photographs,
graphics, video, messages, or other materials - other than Genetic
Information and Self-Reported Information-generated by users of
23andMe Services and transmitted, whether publicly or privately, to
or through 23andMe.
Web Behavior Information:
information on how you use the 23andMe website (e.g. browser type,
domains, page views) collected through log files, cookies, and web
Service or Services:
23andMe's products, software, services, and website (including but not
limited to text, graphics, images, and other material and information) as
accessed from time to time by the user, regardless if the use is in
connection with an account or not.
The following are our core privacy principles:
We collect and handle information (i) to provide, analyze and improve our
Services, (ii) as we reasonably believe is permitted by laws and regulations,
including for marketing and advertising purposes, (iii) to protect the
security and safety of our company, employees, customers, as we reasonably
believe is permitted by laws and regulations, (iv) to comply with laws and
regulations we are subject to, and (v) when you consent, for research purposes,
the results of which could be used to develop therapeutics.
We will not sell, lease, or rent your individual-level information (i.e.,
information about a single individual's genotypes, diseases or other
traits/characteristics) to any third-party or to a third-party for research
purposes without your explicit consent.
We understand and respect the sensitive nature of the information you may
provide to us, including information about your genetic characteristics,
disease conditions, racial and ethnic origin, etc. To that end, we strive
to be transparent in our collection, use and disclosure of this information
and to ask for your explicit consent to share such sensitive information with
third-parties. Please see below to learn more about our sharing and consent
We are committed to providing a secure and safe environment for our Services.
Please review this Privacy Statement and our
Terms of Service. By using our Services,
you agree to all of the policies and procedures described in the foregoing
documents. 23andMe, Inc. is headquartered at 899 West Evelyn Avenue, Mountain
View, CA 94041and is referred to herein as 23andMe (or "we," "us," "our") and
includes all of our commonly owned companies.
3. What information we collect
Information you provide directly to us
When you register an account with us or purchase our Services, we
collect personal information, such as your name, date of birth,
billing and shipping address, payment information (e.g., credit card)
and contact information such as your email and phone number and
You have the option to provide us with additional information about
yourself through surveys, forms, features or applications. For
example, you may provide us with information about your personal
traits (e.g., eye color, height), ethnicity, disease conditions (e.g.
Type 2 Diabetes), other health-related information (e.g. pulse rate,
cholesterol levels, visual acuity), and family history information
(e.g. information similar to the foregoing about your family members).
Where you are disclosing information about a family member, you
should make sure that you have permission from the family member
to do so.
User Content. Some of our Services allow you to
create and post or upload content, such as data, text, software,
music, audio, photographs, graphics, video, messages, or other
materials that you create or provide to us through either a public
or private transmission ("User Content"). For
example, User Content includes any post or message you place on
23andMe's community forums.
Blogs. Our website offers publicly accessible blogs
or community forums. You should be aware that any information you
provide in these areas may be read, collected, and used by others who
access them. To request that we remove or anonymize your personal
information from our blog or community forum, contact us at
note that whenever you post something publicly, it may sometimes be
impossible to remove the information, for example, if someone has
taken a screenshot of your posting. Please exercise caution before
choosing to share personal information publicly on our blogs,
community forums or in any other posting. Note also that you may be
required to register with a third-party application to post a
comment. To learn how the third-party application uses your
information, please review their privacy statement.
Social Media Features and Widgets. Our website
includes Social Media Features, such as the Facebook Like or Share
button and Widgets, and the LinkedIn Open ID application ("Features").
These Features may collect your IP address, which page you are visiting
on our site, and may set a cookie to enable the Feature to function
properly. They may also allow third-party social media services to
provide us information about you, including your name, email address,
and other contact information. For example, if you use LinkedIn to
sign in to our career portal, LinkedIn may import personal
information from your LinkedIn profile in order to populate your job
application. The data we receive is dependent upon your privacy
settings with the social network. Features are either hosted by a
third-party or hosted directly on our site. Your interactions with
these Features are governed by the privacy statement of the company
providing it. You should always review, and if necessary, adjust your
privacy settings on third-party websites and services before linking
or connecting them to our website or Service.
Referral Information and Sharing. When you refer a
person to 23andMe or choose to share results information with another
person, we will ask for that person's email address. We will use the
email address solely, as applicable, to make the referral or to share
your results information, and we will let your contact know that you
requested the communication. By participating in a referral program
or by choosing to share information with another person, you confirm
that the person has given you consent for 23andMe to communicate
(e.g., via email) with him or her. The person you referred may contact
us at email@example.com
to request that we remove this information from our database. For
more information on our referral program, see
Address books. If you choose to use your computer's
or mobile device's address book in connection with our Services to
make referrals or to request that we communicate with another person,
we may collect the names and contact information of those persons
for these purposes only.
Third-party services (e.g., social media). If you
use a third-party site, such as Facebook or Twitter, in connection
with our Services to communicate with another person (e.g., to make
or post referrals or to request that we communicate with another
person), then in addition to that person's name and contact
information, we may also collect other information (e.g., your profile
picture, network, gender, username, user ID, age range, language,
country, friends lists or followers) depending on your privacy
settings on the third-party site. We do not control third-party
site's information practices, so please review their privacy policies
and your settings on those sites carefully.
Gifts. If you provide us personal information about
others, or if others give us your information for purposes of
ordering the Service as a gift, we will only use that information
for the specific reason for which it was provided to us. Once a gift
recipient registers for his or her Services and agrees to our
Privacy Statement, our
Terms of Service, and if
applicable, Consent Document,
his or her information will be used consistent with this Privacy
Statement and those agreements, and we will not share any of the gift
recipient's personal information with the user who purchased the gift.
Customer service. When you contact our
Care center or correspond with us about our Service, we
collect information to: track and respond to your inquiry;
investigate any breach of our
Terms of Service,
Privacy Statement or applicable laws or regulations; and
analyze and improve our Services.
Saliva sample and bio-banking. To use our genetic
testing services, you must purchase, or receive as a gift, a 23andMe
Personal Genome Service® testing kit, register an online account, and
ship your saliva sample to our third-party laboratory. Once received,
your saliva sample will be identified by its unique barcode, along
with your gender and your date of birth. The barcode label
identifies you to us but not to our third-party laboratory. Unless
you choose to store your sample with 23andMe (called consent to
"bio-banking", which can be found here and changed in your settings), your saliva samples and DNA
are destroyed after the laboratory completes its work, unless the
laboratory's legal and regulatory requirements require it to maintain
Genetic Information refers to features of your DNA that distinguish
you from other people (e.g. the As, Ts, Cs, and Gs at particular
locations in your genome) and is generated when we analyze and process
your saliva sample, or when you otherwise contribute or access your
Genetic Information through our Services. Genetic Information includes
the 23andMe Results information reported to you as part of our
Services, and may be used for other purposes, as outlined in Section
Information collected through tracking technology
(e.g. from cookies and similar technologies)
Web Behavior Information.
(such as web beacons, tags, scripts and device identifiers) to help us
recognize you, customize and improve your experience, provide security,
analyze usage of our Services (such as to analyze your interactions with
the results, reports, and other features of the Service), gather
demographic information about our user base, to offer our products and
services to you, to monitor the success of marketing programs, and to
serve targeted advertising on our site and on other sites around the
Internet. We and our third-party partners do not use your sensitive
information, such as Genetic
Self-Reported Information, for targeted advertising. We may receive
reports based on the use of these technologies by these companies on an
individual as well as aggregated basis. Users can control the use of
cookies at the individual browser level. If you reject cookies, you may
still use our site, but your ability to use some features or areas of
our site may be limited. For more information, including the types of
As is true of most websites, we gather certain information automatically
and store it in log files. This information may include internet protocol
(IP) addresses, browser type, internet service provider (ISP),
referring/exit pages, operating system, date/time stamp, and/or clickstream
data. We may combine this automatically collected log information with
other information we collect about you, such as your user profile ID or
order number. We do this to improve services we offer you, and to improve
marketing, analytics, and site functionality.
When you access our Service by or through a mobile device, we may receive
or collect and store a unique identification numbers associated with your
device or our mobile application (including, for example, a UDID, Unique
ID for Advertisers ("IDFA"), Google Ad ID, or Windows Advertising ID),
mobile carrier, device type, model and manufacturer, mobile device
operating system brand and model, phone number, and, depending on your
mobile device settings, your geographical location data, including GPS
coordinates (e.g. latitude and/or longitude) or similar information
regarding the location of your mobile device.
Because 23andMe relies on third-party ad networks who may track you
across websites over time for advertising purposes, we are not able to
respond to your selection of the "Do Not Track" option provided by your
browser. We cannot advise on whether your selection of "Do Not Track"
option will have any effect on the collection of cookie information by
the third-parties who collect such cookie information on our site. Please
see Section 4.d.ii, below, to learn more about our third-party
advertising partners, and visit our
Third-parties with whom we partner to provide certain features on our
site or to display advertising based upon your Web browsing activity use
Flash Cookies (Local Shared Objects) to collect and store information.
To learn how to manage privacy and storage settings for Flash cookies
Google Analytics. Google Analytics is used to perform many of the tasks
listed above. We use the User-ID feature of Google Analytics to combine
behavioral information across devices and sessions (including authenticated
and unauthenticated sessions). We have enabled the following Google
Analytics Advertising features: Remarketing, Google Display Network
Impression Reporting, Google Analytics Demographics and Interest Reporting,
and DoubleClick Campaign Manager integration. We do not merge information
collected through any Google advertising product with individual-level
information collected elsewhere by our service. Learn more about how Google
collects and uses data here. To opt out of Google Analytics Advertising
Features please use Google Ad Settings
or the links provided in section 2.b.c.ii ("Targeted advertising" service
providers). To opt out of Google Analytics entirely please use this link.
Other Types of Information.
We are always working to enhance our Services with new products,
applications and features that may result in the collection of new and
different types of information. We will update our privacy statement,
23andMe will use and share your personal information with third-parties only in
the ways that are described in this privacy statement.
Using information to provide, analyze and improve our Services
We use the information described above in Section 3 to operate, provide,
analyze and improve our Services. These activities may include, among
other things, using your information in a manner consistent with other
commitments in this privacy statement, to:
open your account, enable purchases and process payments,
communicate with you, and implement your requests (e.g., referrals);
host our website, run our mobile application(s), authenticate your
visits, provide custom, personalized content and information, and
track your usage of our Services;
conduct analytics to improve and enhance our Services;
offer new products or services to you, including through emails,
promotions or contests;
implement online marketing campaigns and targeted advertising,
including by utilizing third-party ads (subject to your cookie
settings and preferences), and to measure the effectiveness of our
marketing and targeted advertising;
conduct surveys or polls, and obtain testimonials;
process and deliver your genetic testing results;
perform research & development activities, which may include,
for example, conducting data analysis and research in order to
develop new or improve existing products and services, and performing
quality control activities.
You may be able to opt-in, opt-out or otherwise adjust your preferences
of having your information used for certain of these activities. Please
see below to learn more.
We use mobile analytics software to allow us to better understand the
functionality of our Mobile Software on your phone. This software may
record information such as how often you use the application, the events
that occur within the application, aggregated usage, performance data,
and where the application was downloaded from. We do not link the
information we store within the analytics software to any personally
identifiable information you submit within the mobile application.
Using information with your consent
You have the choice to participate in 23andMe Research by providing your
consent. "23andMe Research" refers to research aimed at publication in
peer-reviewed journals and other research funded by the federal government
(such as the National Institutes of Health - NIH) conducted by 23andMe.
23andMe Research may be sponsored by, conducted on behalf of, or in
collaboration with third-parties, such as non-profit foundations, academic
institutions or pharmaceutical companies. 23andMe Research may study a
specific group or population, identify potential areas or targets for
therapeutics development, conduct or support the development of drugs,
diagnostics or devices to diagnose, predict or treat medical or other
health conditions, work with public, private and/or non-profit entities
on genetic research initiatives, or otherwise create, commercialize, and
apply this new knowledge to improve health care. 23andMe Research uses
your aggregate or individual-level
Information as specified in the Consent Document.
Consent process for research.
Your Genetic and Self-Reported Information may be used for 23andMe
Research only if you have consented to this use by completing a
Consent Document. If you have completed a Consent Document:
23andMe may use individual-level
and Self-Reported Information
internally at 23andMe for Research purposes. In addition, we
may allow select third-party research contractors to access
your individual level Genetic and/or Self-Reported Information
onsite at 23andMe's offices for the purpose of conducting
scientific research, provided that all such research
contractors will be supervised by 23andMe and subject to
23andMe's access rules and guidelines.
When your Genetic Information
and/or Self-Reported Information
is being used for research purposes, it will not be linked to
your Registration Information.
Withdrawing your Consent.
withdraw your consent to participate in Research at any time by
changing your consent status within your 23andMe Account Settings.
If you experience difficulties changing your consent status, contact
the Human Protections Administrator at
hpa@23andMe.com. 23andMe will
not include your Genetic
Self-Reported Information in new research occurring after 30 days
from the receipt of your request. Any research involving your data
that has already been performed or published prior to our receipt of
your request will not be reversed, undone, or withdrawn. You may also
discontinue your participation in research by closing your Personal
Genome Service account. If you withdraw your consent for research your
Genetic Information and
may still be used by us and shared with our third-party service
providers to provide and improve our Services (as described in Section
4.a), and shared as Aggregate Information that does not identify you
as an individual (as described in Section 4.d).
What happens if you do NOT consent to 23andMe Research?
If you do not complete a Consent Document or any additional consent
agreement with 23andMe, your information will not be used for 23andMe
Research. However, your Genetic Information
Information may still be used by us and shared with our third-party
service providers to provide and improve our Services (as described in
Section 4.a), and shared as Aggregate or Anonymous Information that
does not reasonably identify you as an individual (as described in
Recruiting for external research
Academic institutions, healthcare organizations, and other groups are
always conducting interesting new research projects. We want to make you
aware of these opportunities. While we do not share individual-level
Genetic Information or
with third-parties without your consent, from time to time we may inform
you of third-party research opportunities for which you may be eligible.
For example, if a university tells us about a new cancer research project,
we may send an email to 23andMe members who potentially fit the relevant
eligibility criteria based on their
to make them aware of the research project and provide a link to
participate with the research organization conducting the study. If you
do not wish to receive these alerts, you can manage them in your settings.
General service providers. We share the information
described above in Section 3 with our service providers, as necessary
to provide their services to us. Service providers are third-parties
(other companies or individuals) that help us to provide, analyze
and improve our Services. For example, we work with third-party
laboratories and contractors to process and analyze your saliva
sample for purposes of generating your
NOTE: Our service providers act on 23andMe's behalf. While we
implement procedures and contractual terms to protect the
confidentiality and security of your information, we cannot
guarantee the confidentiality and security of your information
due to the inherent risks associated with storing and transmitting
When you purchase a testing kit from 23andMe, you are instructed
to send a saliva sample to our third-party laboratory with a
unique barcode label. The unique barcode identifies you to us
but not to the laboratory. We are also required to provide to the
laboratory, your sex and date of birth or age pursuant to clinical
laboratory requirements such as the Clinical Laboratory Improvement
Amendments (CLIA). No other
Registration Information (such as your name, address, email,
phone number or other contact information) is required or provided
to the laboratory. The receiving personnel at the laboratory will
remove and discard your "sender information" from the packaging
(e.g., name, address) before testing personnel receive the samples
for processing. Receiving personnel do not perform testing, and
testing personnel handle saliva samples that are labeled only
with the unique barcode. Unless you choose to store your sample,
DNA and saliva samples are destroyed after the laboratory
completes its work, provided that laboratory legal and regulatory
requirements no longer require the actual samples to be maintained.
A de-identified copy of genotyping data will be kept in accordance with CLIA.
The laboratory securely sends the resulting
Genetic Information to us along with your unique barcode.
is stored securely on our servers; the laboratory also stores
your Genetic Information,
but again, labeled only with the barcode.
"Targeted advertising" service providers.
We permit third-party advertising networks and providers to collect
Web Behavior Information on our Service to help us to deliver targeted
location data, and clear gifs) to compile information about your
browser's or device's visits and usage patterns on our Services and
on other websites over time, which helps to better personalize ads
to match your interests, and to measure the effectiveness of ad
If you wish to not have this information used for the purpose of
serving you targeted ads, you may be able to opt-out of many
advertising networks by visiting here and here
(if you are located in Canada, click here; or if you are
located in the European Union click here). Please note
this does not mean that you have opted-out of being served
advertising. You will continue to receive generic ads.
For more information about our advertising and marketing practices,
please review our Cookie
Aggregate information. We may share aggregate
information with third-parties, which is any information that has
been stripped of your
Registration Information (e.g., your name and contact information)
and aggregated with information of others so that you cannot reasonably
be identified as an individual ("Aggregate Information"). This
Aggregate Information is different from "individual-level" information.
Self-Reported Information consists of data about a single
individual's genotypes, diseases or other traits/characteristics
information. For example, Aggregate Information may include a
statement that "30% of our female users share a particular genetic
trait," without providing any data or testing results specific to
any individual user. We may provide such Aggregate Information in
commercial arrangements with our business partners. In contrast,
individual-level Genetic Information could reveal whether a specific
user has a particular genetic trait, or all of the Genetic Information
about that user. 23andMe will ask for your consent to share
individual-level Genetic Information or Self-Reported Information
with any third-party, other than our service providers as necessary
for us to provide the Services to you.
Information we share with commonly owned entities.
We may share some or all of your information with other companies
under common ownership or control of 23andMe, which may include our
subsidiaries, our corporate parent, or any other subsidiaries owned
by our corporate parent in order to provide you better service and
improve user experience. We may provide additional notice and ask
for your consent if we wish to share your information with our commonly
owned entities in a materially different way than discussed in this
Disclosures required by law
Under certain circumstances your information may be subject to disclosure
pursuant to judicial or other government subpoenas, warrants, or orders,
or in coordination with regulatory authorities, we may be required to
disclose personal data in response to lawful requests by public
authorities, including to meet national security or law enforcement
requirements. 23andMe will preserve and disclose any and all information
to law enforcement agencies or others if required to do so by law or in
the good faith belief that such preservation or disclosure is reasonably
necessary to: (a) comply with legal or regulatory process (such as a
judicial proceeding, court order, or government inquiry) or obligations
that 23andMe may owe pursuant to ethical and other professional rules,
laws, and regulations; (b) enforce the 23andMe Terms of Service and other
policies; (c) respond to claims that any content violates the rights of
third-parties; or (d) protect the rights, property, or personal safety
of 23andMe, its employees, its users, its clients, and the public.
NOTE: If you are participating in 23andMe Research, 23andMe will withhold
disclosure of your personal information involved in such research in
response to judicial or other government subpoenas, warrants or orders
in accordance with any applicable Certificate of Confidentiality that
23andMe has obtained from the National Institutes of Health (NIH). There
are limits to what the Certificate of Confidentiality covers so please
Certificates of Confidentiality Kiosk (
5. Your choices
Access to your account
If your Registration
Information changes, you may access, correct or update most of it
from your Account Settings page. You may also modify and delete certain
of your information, or update your consent status and biobanking options.
You may be able to correct or reset Self-Reported Information entered
into a survey, form, or feature from your account on the surveys page.
Please note that you may not be able to delete User Content that has been
shared with others through the Service and that you may not be able to
delete information that has been shared with third-parties, though we
can work with you to prohibit your data from being shared with third-parties
in the future. We will respond to your request to access within 30 days.
Upon request 23andMe will provide you with information about whether we
hold, or process on behalf of a third party, any of your personal
information. To request this information please contact us at
By registering for an account, you are agreeing that we may send you
promotional emails about our Services. You can opt-out of receiving certain
messages or notifications from us by visiting your Account page (go to
Account, Settings, Notifications) or by contacting our Privacy Administrator
at privacy@23andMe.com. You can also click the "unsubscribe" button at
the bottom of promotional email communications. Please note that you may
not opt-out of receiving non-promotional messages regarding your account,
such as technical notices, purchase confirmations, or Service-related
For more information about our online advertising, please also refer to
Section 4.d.ii above under the heading "Targeted
23andMe gives you the ability to share information with other individuals
who have 23andMe accounts through (i) our community forums, (ii) relative
finding features (e.g., "DNA Relatives"), and (iii) other sharing features
(such information is "User Content"). Please refer to your settings. You
may be required to opt-in to some of this sharing, but some features
require an opt-out. For example, we provide the ability to opt-in to our
ancestry DNA Relatives Database where your information will be shared
with potential relative matches. Alternatively, if you were participating
in the DNA Relatives Database you may opt-out or change the visibility
of your profile data by visiting your Settings. Also, please note that
certain types of your User Content may be viewable by other 23andMe users
and once posted, you may not be able to delete or modify such content.
You may decide to disclose your personal information to friends and/or
family members, doctors or other health care professionals, and/or other
individuals outside of our Services, including through third-party
services such as social networks and third-party apps that connect to
our website and mobile apps through our application programming interface
("API"). These third-parties may use your personal information differently
than we do under this Privacy Statement. Please make such choices carefully
and review the privacy policies of all other third-parties involved in
the transaction. For example, if you have enabled a 23andMe sharing
feature with another person who downloads a third-party app that uses
our API, your information may also be obtained by that third-party app
developer and, potentially, by other users of that third-party app.
In general, personal information, once shared or disclosed, can be
difficult to contain or retrieve. 23andMe will have no responsibility or
liability for any consequences that may result because you have released
or shared personal information with others. Likewise, if you are reading
this because you have access to the personal information of a 23andMe
customer through a multi-profile account, we urge you to recognize your
responsibility to protect the privacy of each person within that account.
It is incumbent upon all users to share personal information and account
access only with people they know and trust. Users with multi-profile
accounts (e.g., where family member accounts are linked) should use
caution in setting profile-level privacy settings.
If you no longer wish to participate in our Services or no longer wish
to have your personal information be used, you may close your account
by sending a request to Customer
Care. When closing an account, we remove all
Genetic Information within your account (or profile) within thirty
(30) days of our receipt of your request. As stated in any applicable
Consent Document, however,
Genetic Information and/or
Self-Reported Information that you have previously provided and for
which you have given consent to use in 23andMe Research cannot be removed
from ongoing or completed studies that use the information. Our
contracted genotyping laboratory may also retain your
Genetic Information as
required by local law and we may retain backup copies for a limited
period of time pursuant to our data protection policies. In addition,
we retain limited
Registration Information related to your order history (e.g., name,
contact, and transaction data) as long as your account is active or as
needed to provide you services, as well as for accounting, audit and
6. Important Information
23andMe participates in and has certified its compliance with both the EU-U.S. and
Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce
regarding the collection, use, and retention of personal information transferred from the
European Union and Switzerland to the United States, respectively. 23andMe is committed to
subjecting all personal data received from European Union (EU) member countries and
Switzerland, in reliance on the Privacy Shield Frameworks, to the Framework's applicable
Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about
the Privacy Shield program, and to view our certification, please visit U.S. Department of Commerce's Privacy Shield List.
23andMe is responsible for the processing of personal data it receives, under the Privacy
Shield Frameworks, and subsequently transfers to a third party acting as an agent on its
behalf. 23andMe complies with the Privacy Shield Principles for all onward transfers of
personal data from the EU and Switzerland, including the onward transfer liability
With respect to personal data received or transferred pursuant to the Privacy Shield
Frameworks, 23andMe is subject to the regulatory enforcement powers of the U.S. Federal
Trade Commission. In certain situations, 23andMe may be required to disclose personal data
in response to lawful requests by public authorities, including to meet national security
or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed
satisfactorily, please contact TRUSTe, our U.S.-based third party dispute resolution
provider, free of charge here.
If you are a customer located in an EU Member State there are certain conditions, more
fully described on the Privacy Shield
website, under which you may invoke binding arbitration when other dispute resolution
procedures have been exhausted.
23andMe takes seriously the trust you place in us. To prevent unauthorized
access or disclosure, to maintain data accuracy, and to ensure the
appropriate use of information, 23andMe uses a range of physical, technical,
and administrative measures to safeguard your Personal Information. In
particular, all connections to and from our website and mobile application
are encrypted using Secure Socket Layer (SSL) technology.
Please recognize that protecting your Personal Information is also your
responsibility. We ask you to be responsible for safeguarding your
password, secret questions and answers, and other authentication
information you use to access our Services. You should not disclose your
authentication information to any third-party and should immediately
notify 23andMe of any unauthorized use of your password. 23andMe cannot
secure Personal Information that you release on your own or that you
request us to release.
Your information collected through the Service may be stored and processed
in the United States or any other country in which 23andMe or its
subsidiaries, affiliates or service providers maintain facilities and,
therefore, your information may be subject to the laws of those other
jurisdictions which may be different from the laws of your country of
In the event that 23andMe goes through a business transition such as a
merger, acquisition by another company, or sale of all or a portion of
its assets, your information will likely be among the assets transferred.
In such a case, your information would remain subject to the promises
made in any pre-existing Privacy Statement.
23andMe provides links to third-party websites operated by organizations
not affiliated with 23andMe. 23andMe does not disclose your information
to organizations operating such linked third-party websites. 23andMe
does not review or endorse, and is not responsible for, the privacy
practices of these organizations. We encourage you to read the privacy
statements of each and every website that you visit. This Privacy
Statement applies solely to information collected by 23andMe.
23andMe is committed to protecting the privacy of children as well as
adults. Neither 23andMe nor any of its Services are designed for, intended
to attract, or directed toward children under the age of 13. A parent or
guardian, however, may collect a saliva sample from, create an account
for, and provide information related to, his or her child. The parent or
guardian assumes full responsibility for ensuring that the information
that he/she provides to 23andMe about his or her child is kept secure
and that the information submitted is accurate.
Changes to this Privacy Statement
Whenever this Privacy Statement is changed in a material way, a notice
will be posted as part of this Privacy Statement and on our customers'
account login pages for 30 days. After 30 days the changes will become
effective. In addition, all customers will receive an email with
notification of the changes prior to the change becoming effective.
7. Contact Information
If you have questions about this Privacy Statement, please email 23andMe's
Privacy Administrator at firstname.lastname@example.org,
or send a letter to:
899 West Evelyn Avenue
Mountain View, CA 94041
*This Privacy Statement was last updated on September 29, 2016.