Spotify collects detailed records of everything you do on the service, including what you search for, listen to, and interact with, as well as inferences about your age, interests, and preferences derived from that activity.
This analysis describes what Spotify's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of Usage Data collected, including behavioral inferences, feeds both personalization and advertising functions and represents the primary data set shared with third-party advertising and analytics partners, making it the most operationally significant category in the policy.
Spotify collects search queries, streaming history, browsing history, ad engagement, device identifiers, IP addresses, and behavioral inferences about your interests and preferences; this data is used for service personalization, content recommendations, and tailored advertising, and may be shared with advertising, analytics, and technical service partners.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Spotify has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Personal data collected and processed about you when you're accessing or using the Spotify Service. This includes information such as: your actions with the Spotify Service (including date and time), such as: search queries; streaming history; playlists you create; your library; browsing history; account settings; interactions with other Spotify users; prompts in AI powered features; transcripts; engagement with ads; your use of third party services, devices and applications in connection with the Spotify Service; inferences (i.e., our understanding) of your age, interests and preferences based on your usage of the Spotify Service.— Excerpt from Spotify's Spotify Privacy Policy
REGULATORY LANDSCAPE: The collection of inferences about interests, preferences, and age from usage behavior engages CCPA/CPRA, which treats inferences drawn to create consumer profiles as personal information subject to disclosure, access, and deletion rights. The FTC Act's prohibition on unfair or deceptive practices applies to the scope and accuracy of disclosures about inference-based profiling. State comprehensive privacy laws in Virginia, Colorado, Connecticut, and others require disclosure of profiling activities and, in some jurisdictions, opt-out rights. GOVERNANCE EXPOSURE: Medium. The policy provides a comprehensive disclosure of Usage Data categories, which is consistent with CCPA/CPRA disclosure requirements. The inclusion of inferences as a disclosed category addresses a common compliance gap. However, the breadth of device discovery data (scanning wifi network devices, Bluetooth connections, installed application detection) may warrant additional scrutiny regarding scope of necessity and user expectation. JURISDICTION FLAGS: California CPRA grants consumers the right to access and delete inferences held about them as a distinct category. All U.S. comprehensive privacy states require disclosure of data categories collected; this policy provides that disclosure. The device scanning provisions (wifi speakers, Bluetooth devices, installed app detection) may engage additional notice requirements in some jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Technical service partners who receive Usage Data for analytics or advertising purposes should be assessed against applicable data processing standards. The policy discloses sharing with advertising partners and analytics partners; vendor contracts should define permissible secondary use of Usage Data. COMPLIANCE CONSIDERATIONS: Data mapping exercises should document the specific retention schedule for each Usage Data subcategory, particularly inferences, AI interaction data, and device discovery data. The scope of installed application detection warrants review to confirm it is limited to the stated purpose of determining whether Spotify partner applications are installed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of Usage Data collected, including behavioral inferences, feeds both personalization and advertising functions and represents the primary data set shared with third-party advertising and analytics partners, making it the most operationally significant category in the policy.
Spotify collects search queries, streaming history, browsing history, ad engagement, device identifiers, IP addresses, and behavioral inferences about your interests and preferences; this data is used for service personalization, content recommendations, and tailored advertising, and may be shared with advertising, analytics, and technical service partners.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Spotify.