Spotify Privacy Policy — Spotify

10 Total

1 High severity

6 Medium severity

3 Low severity

Summary

This is Spotify's privacy policy — a document explaining what personal information Spotify collects about you, how they use it, who they share it with, and what rights you have over your data. Spotify collects a wide range of data including your listening history, location, device details, voice recordings, payment information, and even inferences about your age and interests. You have rights to access, correct, or delete your data, and you can opt out of targeted advertising through your Account Privacy page.

Technical Summary

Spotify's Privacy Policy (effective 27 August 2025), published by Spotify USA Inc., governs the collection, processing, storage, and disclosure of personal data for U.S. residents using Spotify's streaming services, websites, customer service, and community platforms. The policy delineates extensive data collection categories including User Data, Usage Data, Voice Data, Payment Data, Age Check Data, and inferred interest/preference data, and specifies processing purposes including service delivery, personalization, tailored advertising, fraud prevention, and regulatory compliance. Key rights extended to all U.S. residents include access, correction, deletion, data portability, opt-out of tailored advertising, and withdrawal of consent, with an explicit non-discrimination commitment. The policy references compliance with the California Consumer Privacy Act (CCPA) and cross-context behavioral advertising ('sharing') frameworks, and discloses data transfers to third parties including advertising partners, service providers, and affiliated entities.

Institutional Analysis

This policy engages primarily with the California Consumer Privacy Act (CCPA/CPRA), including cross-context behavioral advertising ('sharing') obligations and a California Notice at Collection, as well as broader U.S. state privacy laws, with Spotify extending CCPA-equivalent rights to all U.S. res…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured March 6, 2026 18:27 UTC

Document ID CA-D-000036

Version ID CA-V-000031

Source URL https://www.spotify.com/us/legal/privacy-policy/

Wayback Machine View archived versions →

SHA-256 acdf80d97e510307f5441abe1c0404a56c275953626bfca6778645218fcb126f

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

March 6, 2026 — Initial capture

First snapshot archived

acdf80d9…

High Severity — 1 provision

Voice Data and Biometric Age Check Collection
Spotify collects voice recordings and transcripts when you use voice features, and may collect a photo of your face or your face plus ID documents if you undergo an age verification check powered by a third-party provider. Age Check data is deleted immediately after the check.

Added March 6, 2026

Medium Severity — 6 provisions

Tailored Advertising & Cross-Context Behavioral Advertising
Spotify uses your listening history, browsing behavior, and data from advertising partners to show you targeted ads, which they call 'tailored advertising' or 'sharing' for cross-context behavioral advertising purposes. You can opt out, but you'll still see ads based on your registration info and current listening.

Added March 6, 2026
Broad Third-Party Data Sharing
Spotify shares your personal data with a wide range of third parties including advertising partners, authentication services (like Google or Facebook), technical service providers, payment processors, and affiliated Spotify companies. The scope of sharing is extensive and covers most categories of data Spotify collects.

Added March 6, 2026
Inference and Profiling of User Interests and Age
Spotify creates inferences about your age, interests, and preferences based on your usage of the service — for example, what you listen to, when, and how often — without you explicitly providing this information.

Added March 6, 2026
Data Deletion Rights with Exceptions
You have the right to request deletion of your personal data, but Spotify can refuse or limit deletion if the data is still needed for the original purpose it was collected, to prevent fraud, to comply with a legal obligation, or to support legal claims.

Added March 6, 2026
Children and Minors Data Protections
Spotify limits certain features for younger users, including turning tailored advertising off by default, and states the service is not directed at children below the minimum age required in their country. Spotify uses Age Check tools including facial estimation to verify user ages.

Added March 6, 2026
Device Sensor and Technical Data Collection
Spotify collects extensive technical data from your devices including IP addresses, device IDs, browser type, operating system, network type, and motion/orientation sensor data. Spotify also scans your local network (e.g., WiFi) to discover connected devices like speakers.

Added March 6, 2026

Low Severity — 3 provisions

International Data Transfers
Spotify may transfer your personal data to countries outside the United States, including countries that may have different (potentially weaker) data protection standards than your home country.

Added March 6, 2026
Payment and Purchase Data Collection
When you subscribe to a paid plan or make a purchase, Spotify collects payment-related data including your name, date of birth, card type, expiration date, partial card number, ZIP code, and purchase history. Spotify states it never stores your full card number.

Added March 6, 2026
Non-Discrimination for Exercising Privacy Rights
Spotify commits that users will not receive discriminatory treatment — such as degraded service or higher prices — for exercising any of their privacy rights under the policy.

Added March 6, 2026