Medium shares your personal information with outside companies that help it run its business, including companies involved in advertising, analytics, fraud prevention, and payment processing.
This analysis describes what Medium's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your reading habits, account details, and behavioral data may be processed by companies you have not directly interacted with and whose own privacy practices you may not have reviewed.
This provision means your reading history, account information, and usage behavior may be shared with third-party analytics and advertising companies, potentially enabling cross-site tracking or targeted advertising based on your Medium activity.
How other platforms handle this
We receive some of the data mentioned above from third parties. The below table describes the categories of those third parties. If you connect your Spotify account to a third party application, service or device, we may collect and use information from them. This collection is to make the integrati...
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We work with third-party advertising partners to market our Products, and we share personal data with advertising networks and social media companies to serve ads. We also use analytics providers to help us understand how users interact with our Products.
Monitoring
Medium has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We share user data with a variety of third parties including our service providers and business partners. Service providers are companies that help us operate our business, including companies that help us with fraud prevention, payment processing, customer service, analytics, and marketing. We may share personal information about you with our service providers as needed to carry out work on our behalf.— Excerpt from Medium's Medium Privacy Policy
REGULATORY LANDSCAPE: This provision implicates GDPR Article 28 (processor agreements) and Article 44 (transfers to third countries) where service providers are located outside the EU/EEA. Under CCPA, categories of personal information shared with third parties must be disclosed, and users must be given the ability to opt out of the sale or sharing of personal information. The FTC holds enforcement authority over unfair or deceptive data sharing practices under Section 5 of the FTC Act. GOVERNANCE EXPOSURE: Medium. The policy authorizes broad sharing with service providers and business partners without enumerating specific third parties or their data processing purposes. This level of generality may be insufficient under GDPR transparency requirements and could create audit challenges if a data subject requests a list of recipients under Article 15. JURISDICTION FLAGS: EU/EEA users face heightened exposure given GDPR's requirements for lawful transfer mechanisms and processor agreements. California residents are protected by CCPA's opt-out and disclosure rights. Users in jurisdictions without comprehensive privacy legislation have fewer guaranteed protections under this clause. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor management teams should confirm that all third-party service providers processing personal data on Medium's behalf have executed data processing agreements satisfying GDPR Article 28. Organizations using Medium for corporate publishing should assess whether any employee or customer data could flow to these third parties. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the current list of third-party processors and verify DPA coverage. A data mapping exercise should identify which categories of personal data flow to which third parties and for what purpose. The CCPA opt-out mechanism should be tested for accessibility and effectiveness.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your reading habits, account details, and behavioral data may be processed by companies you have not directly interacted with and whose own privacy practices you may not have reviewed.
This provision means your reading history, account information, and usage behavior may be shared with third-party analytics and advertising companies, potentially enabling cross-site tracking or targeted advertising based on your Medium activity.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Medium.