Your privacy
comes first.When you explore your DNA and health insights with 23andMe, you entrust us with important information. That’s why, since day one, we’ve committed ourselves to protecting your privacy. Read on to learn more about our privacy and security practices.
You can be assured that your genetic data will not be shared with employers, insurance companies, or public databases without your explicit consent.
Everything is broken down into easy-to-understand language so that each choice you make is an informed choice.
Since 2008, your individual data has never been released to law enforcement and will only be shared if required by a valid legal process.
23andMe has achieved 3 different ISO certifications to demonstrate the strength of its security program.
We provide robust controls that give you options when it comes to your genetic data.
All your sensitive information is encrypted (at rest and in transit) and regular assessments are conducted to identify security vulnerabilities and threats.
We have enabled app-based 2-step verification for your 23andMe account adding a second check beyond your password.
You are free to change your
consents at any time.You are in control
of your data.This means you decide how your information is used and for what purposes. We've answered a few questions you might have about how you are in control.
No. Your data (genetic or self-reported) will not be provided to an insurance company or employer. End of story.
We have been long-time supporters of legislative efforts intended to prevent genetic discrimination and to safeguard individuals' genetic privacy. In the US specifically, we were active in the development of the Genetic Information Nondiscrimination Act (GINA) enacted in 2008.
We also supported the California Genetic Information Nondiscrimination Act (Senate Bill No. 559), enacted in 2011, and have taken a leading role in promoting strong genetics privacy laws, which have now been enacted in more than 10 states including California, Texas, Arizona and Virginia.
We will not release any individual-level personal information to law enforcement without your explicit consent unless required by law. We closely scrutinize all law enforcement requests, and we will only comply with court orders, subpoenas, search warrants or other requests that we determine are legally valid.
And IF that were to ever happen we would be transparent and notify anyone affected, unless prevented by law.
23andMe research analyses are conducted with information that has been stripped of your identifying Registration Information (information you provide when you register your account, such as your name and contact information).
Your contact information may be used to communicate with you but are not analyzed in combination with your Research Information.
When we publish research results or share results with collaborators, we only publish or share summary information that does not identify any particular individual.
You decide whether the lab biobanks your saliva sample or safely discards it after it has been analyzed. Rest assured, you can request your sample to be destroyed at any time; however, this choice is irreversible.
We do, but you have a number of options to control or limit how your data is used.
These tracking technologies are used to help us understand how our website is being used, and let you navigate between pages efficiently since it remembers your preferences and hopefully improves your browsing experience. We may also use this information to analyze website function and to advertise our products and services to you. Learn about your options here (cookie policy).
There might be some reports you’re nervous about seeing. That’s completely understandable. Deciding whether or not you want to learn about a potential increased health risk from a report is a personal choice. You have control over what types of information you would like to see and can choose to exclude certain types of reports that you may not want to view.
No. You will always need to take action to share your reports and are not required to participate in the social sharing aspect of the service. You decide when and with whom you share your 23andMe information.
Yes. At any time you have the ability to download your raw data, as well as delete your 23andMe account if you are no longer interested in participating in our Services. Either action can be initiated within your Account Settings.
Are you the audio/visual type of learner?
We've got you covered.Your data is protected by security practices that are regularly reviewed and updated.
Your genetic information deserves the highest level of security, because without security, you can’t have privacy. 23andMe employs software, hardware, and physical security measures to protect your data. And while no security system is bulletproof, we're committed to keeping your personal data safe.
Our information security management system received certification under the globally recognized ISO/IEC 27001:2013, 27018 & 27701 standards after an extensive security audit. These certifications act as additional proof of our commitment to information security and privacy, providing a trusted experience for our customers. View or download our certification here (iso certificate).
We employ a multi-layered approach.
- Our systems undergo frequent internal assessments and simulated attacks.
- Our company engages with a global community of security researchers to continuously test and enhance the security of our applications, ensuring robust defenses against emerging threats.
- We regularly conduct other external third-party security assessments.
Want to know even more? We've got some more resources for you.
We hope that by now you are feeling confident that you are in control and your data is well-protected. But we also understand that you may want to dive even deeper into the details, and we love that.
Still have some questions?
Contact us at privacy@23andMe.com
Stay up to date.
We'll reach out with privacy updates, exclusive promotions and new genetic discoveries.