This analysis describes what Ancestry's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the scope of data recipients beyond Ancestry itself, defining categories of entities (affiliates and service providers) that may access personal information and specifying that aggregated or de-identified information is excluded from restrictions on third-party sharing.
The updated Privacy Statement no longer displays a dedicated 'Do Not Sell or Share My Personal Information' link in the footer, which was previously accessible to California residents under CCPA requirements. This link allowed users to exercise data-sharing opt-out rights. The footer now lists 'Consumer Health Privacy' as a separate item but does not explicitly direct users to their CCPA controls. California residents may need to locate their opt-out rights through alternative navigation paths on the Ancestry site.
View change record →The updated Privacy Statement clarifies what uses of Ancestry services are permitted and prohibited, establishes that photo face-grouping in your gallery requires your express consent, and introduces SMS messaging as a communication channel for future opt-in communications. The statement now covers Ancestry, AncestryDNA, and Related Brands under a unified framework while noting that other services operated by the company use separate privacy statements. The removal of 'uploaded DNA data' from the account creation section reflects a narrowing of that specific provision's scope, though genetic information processing remains described elsewhere in the policy. You can review the full updated statement to understand how your personal information will be processed and manage your communication preferences when SMS opt-ins become available.
View change record →California residents lose direct navigation to the CCPA-mandated 'Do Not Sell or Share My Personal Information' disclosure page from Ancestry's privacy footer. While California law requires the company to honor data sale opt-out requests, removing the link reduces visibility and accessibility of this right. California residents can locate this right by searching Ancestry's website or contacting the company directly, but the removal creates an additional barrier to exercising a legally protected option.
View change record →Users' personal information may be accessed by Ancestry's corporate affiliates and third-party service providers involved in service delivery and marketing functions. The terms do not restrict sharing of aggregated or de-identified data, which the provision indicates cannot reasonably identify individuals.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
Monitoring
Ancestry has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with our parent company, subsidiaries, and affiliated companies for the purposes described in this Privacy Statement. We do not sell personal information to third parties. We may share personal information with trusted third-party service providers who help us operate, provide, improve, integrate, customize, support, and market our services. We may also share aggregated or de-identified information that cannot reasonably be used to identify you.— Excerpt from Ancestry's Ancestry Privacy Statement
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the scope of data recipients beyond Ancestry itself, defining categories of entities (affiliates and service providers) that may access personal information and specifying that aggregated or de-identified information is excluded from restrictions on third-party sharing.
Users' personal information may be accessed by Ancestry's corporate affiliates and third-party service providers involved in service delivery and marketing functions. The terms do not restrict sharing of aggregated or de-identified data, which the provision indicates cannot reasonably identify individuals.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ancestry.