Ancestry states it automatically collects device identifiers including IP addresses and cookie identifiers, browsing and clickstream activity, search terms, pages visited, and IP-derived general location data from users of its services.
This analysis describes what Ancestry's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automatic collection of device identifiers, browsing activity, and location-derived data is disclosed as occurring across Ancestry's services, and this data is used to support advertising, analytics, and personalization functions in addition to service delivery.
The updated Privacy Statement clarifies what uses of Ancestry services are permitted and prohibited, establishes that photo face-grouping in your gallery requires your express consent, and introduces SMS messaging as a communication channel for future opt-in communications. The statement now covers Ancestry, AncestryDNA, and Related Brands under a unified framework while noting that other services operated by the company use separate privacy statements. The removal of 'uploaded DNA data' from the account creation section reflects a narrowing of that specific provision's scope, though genetic information processing remains described elsewhere in the policy. You can review the full updated statement to understand how your personal information will be processed and manage your communication preferences when SMS opt-ins become available.
View change record →California residents lose direct navigation to the CCPA-mandated 'Do Not Sell or Share My Personal Information' disclosure page from Ancestry's privacy footer. While California law requires the company to honor data sale opt-out requests, removing the link reduces visibility and accessibility of this right. California residents can locate this right by searching Ancestry's website or contacting the company directly, but the removal creates an additional barrier to exercising a legally protected option.
View change record →Newly detailed provision explicitly documenting automatic collection of tracking data across multiple categories that could enable comprehensive user profiling beyond genetic ancestry services.
View full change record →Under this provision, Ancestry collects device identifiers, clickstream data, and general location information automatically during use of its platform, and this data is used for purposes including targeted advertising and analytics. Users who have opted out of advertising data sharing or who have adjusted browser or device cookie settings may limit some but not all of this collection.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Ancestry has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We automatically collect certain information when you use our Services, including device identifiers (such as IP address, cookie identifiers, and device type), browsing and clickstream activity, search terms, pages visited, and general location information derived from your IP address.— Excerpt from Ancestry's Ancestry Privacy Statement
REGULATORY LANDSCAPE: Automatic collection of device identifiers and browsing data for advertising and analytics purposes engages GDPR and the ePrivacy Directive for EU and UK users, requiring valid consent for non-essential cookies and tracking technologies. The CPRA classifies certain device identifiers as personal information and subjects them to opt-out rights. The FTC has authority over deceptive or unfair collection and use of browsing and location data. GOVERNANCE EXPOSURE: Medium. The policy's description of automatic data collection is consistent with common industry practices for digital platforms, but the combination of browsing data with genealogy and DNA account data creates a richer data profile than typical consumer services, which may attract heightened regulatory scrutiny. JURISDICTION FLAGS: EU and UK users require consent for non-essential tracking. California residents have opt-out rights for sharing of personal information including device identifiers for advertising. Illinois BIPA does not directly apply to device identifiers, but compliance teams in regulated industries should confirm no biometric data is collected through device interaction. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising vendors receiving device identifier and browsing data should be under data processing agreements that restrict use to disclosed purposes and reflect opt-out status propagated by Ancestry. COMPLIANCE CONSIDERATIONS: Cookie consent management platforms deployed on Ancestry's properties should be audited to confirm that non-essential tracking technologies, including advertising pixels from TikTok, Facebook, Google, Pinterest, Bing, and Yahoo visible in the page source, are subject to prior consent from EU and UK users and reflect opt-out status for California users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automatic collection of device identifiers, browsing activity, and location-derived data is disclosed as occurring across Ancestry's services, and this data is used to support advertising, analytics, and personalization functions in addition to service delivery.
Under this provision, Ancestry collects device identifiers, clickstream data, and general location information automatically during use of its platform, and this data is used for purposes including targeted advertising and analytics. Users who have opted out of advertising data sharing or who have adjusted browser or device cookie settings may limit some but not all of this collection.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ancestry.