Five key ways we ensure your privacy
The information presented here is meant to be a general guide to our privacy and security practices. For specific details about our practices, see our full privacy statement, terms of service, research consent document, sample storage consent document and frequently asked questions. Please contact us at privacy@23andMe.com if you have questions.
1. Meaningful Choice
23andMe gives you control over your genetic information. We want you to decide how your information is used and with whom it is shared.Learn about your choices
More on: meaningful choice
You decide how your information is stored, used and shared.
There are several important decisions you can make:
- Whether or not to store your saliva sample
- If you wish your account to be visible to other 23andMe members
- If you want to participate in our DNA Relatives tool connecting you with both known and unknown close and distant relatives
Your decisions concerning how your information is stored, used and shared can be changed at any time. Go to "account settings" when you are logged into your 23andMe account. For a more detailed description about these settings, see our terms of service, account settings: privacy/consent, and DNA Relatives: privacy settings.
2. Privacy by design
We took great care to design our product with privacy in mind. And we think it is important for you to understand how we handle your information. Below is an overview of the information we collect, how it is used and when it is disclosed.Learn more
More on: privacy by design
Types of information we collect
We collect personal information from you when you register and use the site, such as your name, credit card, email and web behavior information (such as your IP address). Through the saliva sample and the survey responses you provide to us, we collect genetic, phenotypic and familial information.
How we store your information
Your personal and registration information is stored separately from any genetic information to reduce the likelihood that you could be identified. Your personal information is assigned a randomized customer identification number for identification and customer support services. Your genetic information is only identified using a barcode system.
How we keep your research details private
If you provide responses to our online surveys and opt into our research program, your genetic information is stripped of personally identifying information and transferred into our research environment where it is stored with your survey response data and is assigned a randomized research identification number.
3. Third Party Sharing
We will not sell, lease or rent your individual-level information to any third party or to a third party for research purposes without your explicit consent. However, we do use and share aggregate information with third parties in order to perform business development, initiate research, send you marketing emails and improve our services.
Aggregate information has been stripped of your personal details (e.g., your name and contact information) and aggregated with the information of others so that you cannot reasonably be identified as an individual.See how we share
More on: third party sharing
We care strongly about protecting the information of children and other individuals who do not have the legal capacity to make decisions for themselves. In the case of children, a parent or guardian may collect a saliva sample from, create an account for, and provide information related to his or her child. The parent or guardian assumes full responsibility for ensuring that the information he or she provides to 23andMe about his or her child is kept secure and that the information submitted is accurate.
When a customer has lost capacity or passed away, we will only give their account information to individuals who are legally authorized to make decisions on their behalf, such as an executor, a personal representative, or a beneficiary of a deceased's estate. The person requesting the information must complete an authorization form and provide evidence and legal documentation indicating they are allowed to act on behalf of the individual before we will provide any information.
We work very hard to protect your information from unauthorized access from law enforcement. However, under certain circumstances, your information may be subject to disclosure pursuant to a judicial or other government subpoena, warrant or order, or in coordination with regulatory authorities. If such a situation arises, we have to comply with valid governmental requests and we will notify the affected individual(s) unless the legal request prevents us from doing so. Our transparency report details the government requests for data we receive and how we have responded.
23andMe will not provide any person's data (genetic or non-genetic) to an insurance company or employer.
We have been long-time supporters of legislative efforts intended to prevent genetic discrimination and to safeguard individuals' genetic privacy. In the US specifically, we were active in the development of the Genetic Information Nondiscrimination Act (GINA) enacted in 2008. GINA is federal legislation that protects Americans from discrimination in health insurance and employment decisions on the basis of genetic information. GINA does not cover life or disability insurance providers.
In addition, we have supported the California Genetic Information Nondiscrimination Act (Senate Bill No. 559), which was enacted in 2011.
4. Data security
23andMe believes genetic information deserves the highest levels of security.
23andMe employs software, hardware and physical security measures to protect the computers where customer data is stored. We use robust authentication methods to access our systems. Personal information and genetic data are stored in physically separate computing environments, which is in line with the industry standards for security.
It is important to note 23andMe cannot protect your information if you share it with others. In addition, despite using the most current technical and industry guidelines for protection of your information, it is never possible to fully guarantee against breaches in security.
Please help us by submitting any issues or vulnerabilities with the 23andme.com website, product experience or applications.
5. Research participation
23andMe offers customers the opportunity to participate in a new way of conducting research (at home and online). Participating in our research is completely voluntary. Customers can choose not to consent to research and doing so will not impact their 23andMe experience.Learn more
More on: research participation
If you choose to consent to participate in research, your data will be used to help power the work done by 23andMe scientists or third-party researchers working with 23andMe. Consenting allows our researchers, or approved third-party researchers, to use a customer's de-identified data in aggregate for a variety of studies.
23andMe has condition-specific research communities for Lupus, Parkinson's disease and Irritable Bowel Disease (IBD). Participants in condition-specific research communities may be invited to provide an additional level of consent that enables researchers to reference their de-identified, individual-level information for ongoing research.
Other research studies may require fully identified, information. In these instances, 23andMe will ask participants for explicit permission to use their fully identified, individual-level data for research.
Customers can opt in or opt out of our research at any time. If you opt out, we will discontinue using your information for research within 30 days.
Learn more about 23andMe Research here.
Two easy ways to discover you.
Get a breakdown of your global ancestry, connect with DNA relatives and more.add to cart
Health + Ancestry Service
Receive 75+ online reports on your ancestry, traits and health - and more.add to cart
Information that has been stripped of your registration information (e.g., your name and contact information) and aggregated with information of others so, that you cannot reasonably be identified as an individual.
Aggregate information is different from "individual-level" information. Individual-level genetic information or self-reported information consists of data about a single individual's genotypes, diseases or other traits and characteristics.