10 Total
0 High severity
7 Medium severity
3 Low severity
Summary

Medium's Privacy Policy describes how A Medium Corporation collects and uses personal data from readers, writers, and subscribers on its publishing platform. The policy authorizes collection of identifiers, reading and browsing activity, payment information, device data, and inferred interests, and discloses that this data may be shared with analytics providers, payment processors, advertising partners, and business transfer recipients. California residents and EU users hold specific rights under the policy, including the ability to access, delete, or correct their data and, for California residents, to opt out of the sale or sharing of personal information.

Technical / Legal Breakdown

This document is Medium's Privacy Policy, effective March 24, 2022, governing the collection, use, sharing, and retention of personal data for users of the Medium platform (medium.com), published by A Medium Corporation. The policy states that Medium collects account registration data (name, email, password), payment information, content and activity data (drafts, reading history, search queries, follows), device identifiers, IP addresses, browser type, operating system, referral URLs, and inferred interests, and the terms authorize use of this data for service operation, personalization, analytics, communications, and marketing. The policy discloses sharing of personal data with third-party service providers (analytics, payment processors, infrastructure), business partners, and in the context of corporate transactions such as mergers or acquisitions, and reserves the right to share aggregated or de-identified data without restriction. The policy states that it engages the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), explicitly acknowledging legal bases for processing EU personal data (legitimate interests, contract performance, consent) and granting California residents rights to know, delete, and opt out of data sale; applicable law in these jurisdictions may constrain certain data-sharing or retention assertions beyond what the policy alone establishes. Material compliance considerations include the adequacy of disclosed consent mechanisms for marketing communications, the scope of the legitimate interests basis asserted for behavioral tracking, and the policy's handling of data transfers from the EU to the United States, which engages Standard Contractual Clauses or equivalent transfer mechanisms required under post-Schrems II frameworks.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

7 important changes detected

7 versions captured · Last updated: July 2026

What changed The detected change is a single character modification in the read count display within the policy header metadata, changing from '18' to '19' reads. This appears to be a routine update to the article engagement metric and does not reflect any substantive revision to Medium's privacy policy terms, practices, or disclosures.
Why this matters This change does not affect Medium's privacy policy terms, practices, or consumer obligations. The modification is limited to a metadata engagement metric displayed in the policy header and carries no operational implications for user privacy, data collection, or platform governance.
View full change record →
What changed Medium's Privacy Policy was updated on July 3, 2026 with a minor formatting change to the policy header. The document now displays "Top highlight" and engagement metrics (53K, 18) in the introductory section. This appears to be a presentation or platform update rather than a substantive change to privacy terms or data practices.
Why this matters This change does not modify Medium's privacy terms, data collection practices, or user rights. The updated policy header now includes a "Top highlight" label and engagement metrics. No substantive changes to how Medium collects, uses, or protects user data were introduced.
View full change record →

June 19, 2026 unknown

Medium updated their Medium Privacy Policy on June 19, 2026. Change detected: 1 sentence(s) added, 2 sentence(s) modified. Document contained 104 sentences after update.

View change record →
June 6, 2026 low

Medium's privacy policy was updated on June 6, 2026 to add engagement metrics (53K views, 13 responses) to the policy document header. The change is purely editorial and adds visible …

View change record →
May 18, 2026 low

Medium updated its Privacy Policy on May 18, 2026 to add detailed disclosure about its address book contact feature. The new language explains that when users opt in to this …

View change record →
April 26, 2026 low

Medium's privacy policy was updated on April 26, 2026, but the changes appear to be primarily formatting and structural rather than substantive. The document added a sentence reiterating the categories …

View change record →
April 22, 2026 low

Medium removed a call-to-action encouraging newsletter sign-up and replaced it with a disclosure statement listing the categories of personal information collected in the preceding 12 months, identifiers, commercial information, internet …

View change record →

Recent Provision Changes Jul 4, 2026

10 provisions unchanged.

View full change record →
Medium — 7 provisions
Low — 3 provisions

Monitoring

Medium has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Reading History and Behavioral Data Collection and similar clauses.

Compare across platforms →
Archival ProvenanceSource & Archival Record
Last Captured July 4, 2026 00:34 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000246
Version ID CA-V-004462
SHA-256 686c5f3bdadccaa30f2a26938e6d887839e9bcd90c64c601c9e2fb270c39c230
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans