23andMe updated its Privacy Statement on July 9, 2026 to change a single domain reference in the scope clause. The previous version specified that the privacy statement applies to www.23andme.com; the updated version now specifies www.23andme.org. This operational change narrows the explicitly named domain covered by the stated privacy statement, potentially affecting how users understand which web properties are governed by the policy's protections.
The updated Privacy Statement now applies specifically to www.23andme.org instead of www.23andme.com. This change affects which website domain is explicitly covered by the privacy protections stated in the policy. Users accessing 23andMe services should verify whether they use the domain specified in the updated statement, as the policy scope has been narrowed to reference a single domain rather than the previous one.
The updated Privacy Statement now applies specifically to www.23andme.org instead of www.23andme.com. Users accessing 23andMe services should be aware of which domain is explicitly referenced in the policy, although the catch-all language extending coverage to 'any other websites, pages, features, or content' suggests the privacy statement's protections continue to apply across 23andMe's web properties.
Domain reference changed from www.23andme.com to www.23andme.org while preserving catch-all language for other 23andMe-operated properties.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The change is a domain reference correction in the scope clause of the Privacy Statement. The update narrows the explicitly named primary domain from www.23andme.com to www.23andme.org. This is a low-severity clarification that does not materially alter regulatory obligations under CCPA, HIPAA, or GDPR, but organizations with this policy in their vendor stack may wish to verify that 23andMe's Privacy Statement continues to apply to all relevant service domains through the catch-all language 'any other websites, pages, features, or content we own or operate.' No new compliance action appears required unless the domain change affects your organization's specific service integration.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003564.
On May 21, 2026, 23andMe updated its Privacy Statement to reflect that the policy now applies to websites owned by …
23andMe removed a sentence that described separate privacy protections for telehealth services and updated references to the company name in …
23andMe restructured the opening section of its Terms of Service on May 5, 2026, making three operational changes: (1) The …
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.