Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Comcast's policies regarding collection, use, and sharing of personal information from customers using Xfinity internet, TV, phone, home security, and mobile services. The policy authorizes collection of precise location data, viewing history, internet browsing activity, voice commands, biometric identifiers, and home security sensor data, with permitted uses including targeted advertising and service improvement. The policy permits sharing of personal information with affiliated companies including NBCUniversal and Sky, as well as with third-party advertising, analytics, and business partners.
This document is Xfinity's (Comcast) consumer-facing Privacy Policy, effective November 17, 2025, governing the collection, use, retention, and disclosure of personal information across Xfinity-branded, Comcast-branded, and Xumo-branded services, websites, mobile apps, devices, and third-party data sources. The policy states that Xfinity collects a broad range of personal information including name, address, Social Security number, financial information, precise geolocation, biometric identifiers, internet usage and network activity, cable viewing history, call detail records, voice commands, and information derived from home security sensors and cameras; the terms authorize use of this information for service delivery, marketing, advertising (including interest-based advertising using third-party data), analytics, and sharing with affiliates, business partners, vendors, and in some cases law enforcement. Notably, as a cable operator, Xfinity is subject to the Cable Communications Policy Act (CPPA), which imposes specific consent and disclosure requirements for cable subscriber data that the policy acknowledges; however, the policy also asserts broad use of viewing history and network activity data for advertising purposes, and the scope of consent mechanisms described may warrant evaluation under applicable federal and state law. The policy engages the California Consumer Privacy Act (CCPA/CPRA), the Maine Broadband Customer Privacy Law, the Washington My Health MY Data Act, state-level privacy laws in over fifteen jurisdictions including Colorado, Connecticut, Virginia, and Texas, as well as the Electronic Communications Privacy Act (ECPA) and FTC Act; compliance exposure is heightened by the breadth of sensitive data categories collected (biometrics, precise geolocation, health-adjacent data from home monitoring), the use of that data for advertising, and the policy's acknowledgment of sharing with a wide Comcast family of companies including NBCU and Sky.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
Xfinity has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Affiliate Data Sharing (NBCU, Sky, Comcast Family) and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.