6 Total
2 High severity
4 Medium severity
0 Low severity
Summary

This is Ancestry's Privacy Statement, covering how the company collects and uses personal data across its genealogy research platform, DNA testing service (AncestryDNA), and associated apps and websites. Ancestry states it collects genetic data, family tree content, contact and payment information, device identifiers, browsing activity, and location-related data, and authorizes sharing this information with service providers, advertising and analytics partners, and research institutions, with DNA data subject to separate consent for research participation. California residents and EU/UK users are provided specific rights including the ability to request deletion of personal data, opt out of the sale or sharing of personal information, and in the case of DNA data, separately withdraw consent for research use through the AncestryDNA settings.

Technical / Legal Breakdown

This document is Ancestry's Privacy Statement governing the collection, use, sharing, and retention of personal information across Ancestry's genealogy, DNA testing, and related digital services, with stated legal bases including consent, contractual necessity, and legitimate interests depending on jurisdiction. The agreement states that Ancestry collects a broad range of data including name, contact information, payment details, family tree content, communications, device identifiers, browsing and clickstream activity, IP addresses, and genetic data submitted through AncestryDNA, and authorizes use of this data for product delivery, personalization, advertising, research, and sharing with third-party service providers, business partners, and affiliated companies. The collection and processing of genetic and health-related data represents an operationally distinct element of this policy relative to standard consumer digital services, as the agreement asserts rights to store, analyze, and share DNA data with research partners, subject to separate consent mechanisms described in the AncestryDNA Terms and Conditions; the agreement's asserted authority over such sensitive biological data may interact with state-level genetic privacy statutes and federal frameworks in ways that applicable law may constrain. The policy engages GDPR for EU and UK users, CCPA and California Genetic Information Privacy Act for California residents, and general FTC Act consumer protection principles applicable to US users; jurisdiction-specific rights including access, deletion, portability, correction, and opt-out of sale or sharing of personal information are disclosed with region-specific mechanisms, though the practical enforceability of certain cross-border data transfer provisions and research consent terms depends on evolving regulatory guidance.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

8 important changes detected

9 versions captured · Last updated: July 2026

What changed Ancestry added a footer link labeled 'Do Not Sell or Share My Personal Information' to their Privacy Statement as of July 1, 2026. This link was not present in the previous version. The addition appears to implement a disclosure mechanism related to consumer data rights, though the operational scope and functionality of the link itself are not detailed in the change summary provided.
Why this matters Ancestry added a 'Do Not Sell or Share My Personal Information' link to the footer of their Privacy Statement. This link provides access to data rights controls, though the specific functionality and scope of the link are not detailed in the change summary. Users can access this link from the privacy statement footer if they wish to review or exercise data rights.
View full change record →

June 21, 2026

medium
What changed Ancestry removed the phrase 'Do Not Sell or Share My Personal Information' from their Privacy Statement footer on June 21, 2026. This link previously connected users to CCPA-related privacy controls. The updated footer now lists 'Consumer Health Privacy' as a separate item but no longer includes the explicit 'Do Not Sell or Share' link, which may affect how California residents access their CCPA opt-out rights.
Why this matters The updated Privacy Statement no longer displays a dedicated 'Do Not Sell or Share My Personal Information' link in the footer, which was previously accessible to California residents under CCPA requirements. This link allowed users to exercise data-sharing opt-out rights. The footer now lists 'Consumer Health Privacy' as a separate item but does not explicitly direct users to their CCPA controls. California residents may need to locate their opt-out rights through alternative navigation paths on the Ancestry site.
View full change record →

June 17, 2026 unknown

Ancestry updated their Ancestry Privacy Statement on June 17, 2026. Change detected: 1 sentence(s) modified. Document contained 348 sentences after update.

View change record →
June 13, 2026 unknown

Ancestry updated their Ancestry Privacy Statement on June 13, 2026. Change detected: 2 sentence(s) modified. Document contained 348 sentences after update.

View change record →
June 2, 2026 unknown

Ancestry updated their Ancestry Privacy Statement on June 02, 2026. Change detected: 1 sentence(s) modified. Document contained 348 sentences after update.

View change record →
May 13, 2026 medium

Ancestry updated its Privacy Statement on May 13, 2026, making 46 sentence additions, 52 removals, and 54 modifications across the document. Key operational changes include: clarification of permitted and prohibited …

View change record →
May 6, 2026 low

Ancestry updated the navigation menu and footer layout of its Privacy Statement on May 6, 2026. The changes reorganized how certain links are presented—moving 'About Us' into the footer, reordering …

View change record →
May 1, 2026 medium

Ancestry removed a reference to 'Do Not Sell or Share My Personal Information' from the footer links in their privacy statement as of May 1, 2026. This link previously connected …

View change record →

Recent Provision Changes Jul 1, 2026

6 provisions unchanged.

View full change record →
High — 2 provisions
Medium — 4 provisions

Monitoring

Ancestry has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Aggregate Research Data Persistence After Deletion and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

BIPA
Illinois, USA
View official text ↗
CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
CAN-SPAM
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
HIPAA
United States Federal
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured July 1, 2026 00:31 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000224
Version ID CA-V-004362
SHA-256 9307d36bf3777acc3c626a498167eb21e4148894ddbf5bfad60500001fd094f8
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans