Spotify collects detailed records of everything you do on the service, including what you search for, listen to, and interact with, as well as inferences about your age, interests, and preferences derived from that activity.
This analysis describes what Spotify's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of Usage Data collected, including behavioral inferences, feeds both personalization and advertising functions and represents the primary data set shared with third-party advertising and analytics partners, making it the most operationally significant category in the policy.
Spotify collects search queries, streaming history, browsing history, ad engagement, device identifiers, IP addresses, and behavioral inferences about your interests and preferences; this data is used for service personalization, content recommendations, and tailored advertising, and may be shared with advertising, analytics, and technical service partners.
How other platforms handle this
Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...
Geolocation data, such as device location. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Device identifiers, such as IP address, unique d...
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
Monitoring
Spotify has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Personal data collected and processed about you when you're accessing or using the Spotify Service. This includes information such as: your actions with the Spotify Service (including date and time), such as: search queries; streaming history; playlists you create; your library; browsing history; account settings; interactions with other Spotify users; prompts in AI powered features; transcripts; engagement with ads; your use of third party services, devices and applications in connection with the Spotify Service; inferences (i.e., our understanding) of your age, interests and preferences based on your usage of the Spotify Service.— Excerpt from Spotify's Spotify Privacy Policy
REGULATORY LANDSCAPE: The collection of inferences about interests, preferences, and age from usage behavior engages CCPA/CPRA, which treats inferences drawn to create consumer profiles as personal information subject to disclosure, access, and deletion rights. The FTC Act's prohibition on unfair or deceptive practices applies to the scope and accuracy of disclosures about inference-based profiling. State comprehensive privacy laws in Virginia, Colorado, Connecticut, and others require disclosure of profiling activities and, in some jurisdictions, opt-out rights. GOVERNANCE EXPOSURE: Medium. The policy provides a comprehensive disclosure of Usage Data categories, which is consistent with CCPA/CPRA disclosure requirements. The inclusion of inferences as a disclosed category addresses a common compliance gap. However, the breadth of device discovery data (scanning wifi network devices, Bluetooth connections, installed application detection) may warrant additional scrutiny regarding scope of necessity and user expectation. JURISDICTION FLAGS: California CPRA grants consumers the right to access and delete inferences held about them as a distinct category. All U.S. comprehensive privacy states require disclosure of data categories collected; this policy provides that disclosure. The device scanning provisions (wifi speakers, Bluetooth devices, installed app detection) may engage additional notice requirements in some jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Technical service partners who receive Usage Data for analytics or advertising purposes should be assessed against applicable data processing standards. The policy discloses sharing with advertising partners and analytics partners; vendor contracts should define permissible secondary use of Usage Data. COMPLIANCE CONSIDERATIONS: Data mapping exercises should document the specific retention schedule for each Usage Data subcategory, particularly inferences, AI interaction data, and device discovery data. The scope of installed application detection warrants review to confirm it is limited to the stated purpose of determining whether Spotify partner applications are installed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of Usage Data collected, including behavioral inferences, feeds both personalization and advertising functions and represents the primary data set shared with third-party advertising and analytics partners, making it the most operationally significant category in the policy.
Spotify collects search queries, streaming history, browsing history, ad engagement, device identifiers, IP addresses, and behavioral inferences about your interests and preferences; this data is used for service personalization, content recommendations, and tailored advertising, and may be shared with advertising, analytics, and technical service partners.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Spotify.