CA-C-003564
23andMe — 23andMe Privacy Statement
Entity
Date detected
July 9, 2026
Effective date
July 9, 2026
Severity
Low
Direction
Neutral
Affected users
all users
Changes
1 sentence modified
Share 𝕏 Share in Share 🔒 PDF
Watch 23andMe Get alerts when this policy changes.
Watch — Free

Event Summary

23andMe updated its Privacy Statement on July 9, 2026 to change a single domain reference in the scope clause. The previous version specified that the privacy statement applies to www.23andme.com; the updated version now specifies www.23andme.org. This operational change narrows the explicitly named domain covered by the stated privacy statement, potentially affecting how users understand which web properties are governed by the policy's protections.

LOW

Consumer Impact

The updated Privacy Statement now applies specifically to www.23andme.org instead of www.23andme.com. This change affects which website domain is explicitly covered by the privacy protections stated in the policy. Users accessing 23andMe services should verify whether they use the domain specified in the updated statement, as the policy scope has been narrowed to reference a single domain rather than the previous one.

Governance Analysis

The updated Privacy Statement now applies specifically to www.23andme.org instead of www.23andme.com. Users accessing 23andMe services should be aware of which domain is explicitly referenced in the policy, although the catch-all language extending coverage to 'any other websites, pages, features, or content' suggests the privacy statement's protections continue to apply across 23andMe's web properties.

Key Clauses Affected

Privacy Statement Scope Clause

Domain reference changed from www.23andme.com to www.23andme.org while preserving catch-all language for other 23andMe-operated properties.

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch 23andMe — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
9f05d028e6874d9f14009f97aab94515eb5cfac429a038d9e1c3b790efe1a73f
May 21, 2026 00:16 UTC
✓ Verified
Current Version
84a7d427df1aaecf20068443719f4fe644ec63786924fac774f611468fc0435b
July 9, 2026 00:21 UTC
✓ Verified
Change Detected
July 9, 2026 00:21 UTC
Analysis Methodology
✓ Verified
Source Document
https://www.23andme.com/legal/privacy/
Citation Record
Entity: 23andMe
Document: 23andMe Privacy Statement
Record ID: CA-C-003564
Captured: 2026-07-09 00:21:17 UTC
URL: https://conductatlas.com/change/2026-07-09-23andme-23andme-privacy-statement-3564/
Accessed: July 11, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
For legal and compliance teams

Institutional Analysis

Assessment

The change is a domain reference correction in the scope clause of the Privacy Statement. The update narrows the explicitly named primary domain from www.23andme.com to www.23andme.org. This is a low-severity clarification that does not materially alter regulatory obligations under CCPA, HIPAA, or GDPR, but organizations with this policy in their vendor stack may wish to verify that 23andMe's Privacy Statement continues to apply to all relevant service domains through the catch-all language 'any other websites, pages, features, or content we own or operate.' No new compliance action appears required unless the domain change affects your organization's specific service integration.

Regulatory Exposure

CCPA, HIPAA, GDPR

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003564.

Full Changes

View complete diff →

Document Context

Version history → Policy drift analysis → Document page →
Document
23andMe Privacy Statement
Entity
23andMe
Captured
July 9, 2026
Source URL
https://www.23andme.com/legal/privacy/
Other changes to 23andMe Privacy Statement
Previous change May 21, 2026
On May 21, 2026, 23andMe updated its Privacy Statement to reflect that the policy now applies to websites owned by …
Low Neutral
View full version history →
More from 23andMe
May 21, 2026 Low
23andMe Privacy Statement

On May 21, 2026, 23andMe updated its Privacy Statement to reflect that the policy now applies to websites owned by …

May 5, 2026 Medium
23andMe Privacy Statement

23andMe removed a sentence that described separate privacy protections for telehealth services and updated references to the company name in …

May 5, 2026 Medium
23andMe Terms of Service

23andMe restructured the opening section of its Terms of Service on May 5, 2026, making three operational changes: (1) The …

Related Analysis
Privacy · April 16, 2026
23andMe Is Bankrupt. What Happens to Your DNA Now?

Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…

Track 23andMe policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 352+ platforms every Sunday.