Is Your DNA Data Safe? Breaking Down Ancestry’s August 2025 Privacy Changes

Is Your DNA Data Safe? Effective Dates: The previous Privacy Statement took effect in January 2024 (last updated 17 Jan 2024[1]), and the latest version was updated on 21 Aug 2025[2]. Over this period, Ancestry introduced multiple changes to align with new laws and improve transparency, while maintaining core privacy commitments. Below we break down all notable changes – marking each as an Addition, Revision, or Removal – and explain how they affect Ancestry members’ data collection, usage, sharing, and rights.

Data Collection Changes

• Addition (Data Collected – Birth Date): Ancestry now collects full birth dates (day/month/year) during AncestryDNA® kit activation, whereas previously only birth year was collected. This change helps assign accounts more accurately (e.g. distinguishing family members with similar names) and ensure compliance with age restrictions.Impact: Members must provide more precise personal data when registering a DNA kit, which improves account security and matching but slightly increases the sensitivity of personal info held by Ancestry. Ancestry assures that this additional data will be protected like other personal information. (This change is a revision to the data collection practice, effectively removing the older birth-year-only approach in favor of full birth date collection[3].)

• Addition (Content You Upload): The 2024 statement added clearer language about user-contributed content (such as family tree data, photos, stories). It explains how uploaded content is used on Ancestry services and outlines user responsibilities for that content[4]. For example, content you post may be shared within the Ancestry community (according to your privacy settings) and can contribute to features like record hints or other members’ family tree suggestions. Users are reminded to only upload content they have rights to and to avoid posting sensitive info about living individuals without consent.Impact: This transparency helps members understand that their uploads (e.g. a public family tree or photo) may be visible to others on the platform and used to generate genealogy insights. It also reinforces that users must follow guidelines (keeping the platform safe and respecting privacy) when adding content. This change is primarily an addition for clarity – no previously available feature was removed, but responsibilities are now spelled out.

• No Change (Types of Data Collected): Other core categories of personal data collected remain the same between 2024 and 2025. Ancestry still collects information you provide (name, contact info, payment details, family tree data, DNA sample and results, etc.), data from your use of the service, and derived data like ethnicity estimates. Aside from the birthdate update, no new categories of personal information were introduced. The focus of changes was on explaining usage and rights rather than expanding what is collected.Impact: Members’ overall data footprint at Ancestry is unchanged except for the added birth date detail for DNA users – there are no new intrusive data types being gathered in the 2025 policy compared to 2024.

Data Storage & Retention

• No Major Change (Data Storage Practices): Both versions of the Privacy Statement indicate that Ancestry stores personal data securely in its systems, and there were no significant changes in storage location or duration announced. Ancestry continues to use secure databases and encryption to protect stored data (for example, DNA test results are kept in a secure, encrypted database[5]). The statements do not list specific retention periods for each data type (likely stating that data is retained as long as needed to provide services or as required by law), and this policy remained consistent from 2024 to 2025.Impact: Members’ data is still retained indefinitely until they request deletion – there was no new limit or purge schedule introduced. Users should be aware that their genealogical and DNA data will be stored by Ancestry until they actively delete it or close their account, just as before. The lack of change means existing data storage safeguards (e.g. access controls, encryption) continue to protect their information.

• Possible Clarification (Retention & Deletion): The 2025 update, in aligning with privacy laws, likely provides more clarity on deletion rights. For example, under newer state laws, Ancestry must describe the right to delete personal info and what that entails. The updated statement likely clarifies that upon account deletion or a deletion request, most personal data (including DNA results) will be removed from Ancestry’s systems within a certain timeframe, and any remaining data (e.g. in backups or required for legal compliance) will be protected until it’s purged. This is a revision for transparency rather than a procedural change.Impact: Members have a clearer understanding of what happens when they delete data – e.g. their DNA raw data and sample can be destroyed at their request – which empowers them to make informed decisions about data retention. (The fundamental retention policy – user data persists until deletion – did not change; only the description was refined.)

Data Sharing & Disclosure

• Addition (Scope – New Ancestry Brands): The Privacy Statement now explicitly includes Ancestry’s newer or acquired services under its umbrella. Notably, Forces War Records, a military history website acquired by Ancestry, was added to the list of properties governed by the Privacy Statement[6]. In the 2024 version, Ancestry already covered sites like Fold3 and Newspapers.com, and by 2025 they expanded the list to any newly acquired sites.Impact: Users of Forces War Records (and any other newly added Ancestry brand) are now assured the same privacy protections and practices. Their personal data will be handled identically to Ancestry’s core site data – collected, stored, and not shared externally without consent – rather than being subject to a separate policy. This change is an addition that unifies privacy terms across all Ancestry services, increasing transparency for those users.

• Addition/Revision (Compliance with Privacy Laws – No “Sale” of Data): Both statements emphasize alignment with consumer privacy laws like the California Privacy Rights Act (CPRA) and others, but the 2025 update strengthened this compliance. Ancestry added language to confirm that it does not “sell” personal information and does not share data for third-party advertising without permission[7]. (In fact, Ancestry’s policy of not selling user data was already in place, but the newer statement makes it more explicit in legal terms.) The 2024 statement, in response to CPRA, likely introduced this assurance, and the 2025 version keeps it.Impact: Members can be confident that Ancestry will not disclose their personal data to advertisers or other external parties for monetary gain or marketing – a practice that remains unchanged. By explicitly stating this and referencing state laws, the updated policy gives users added peace of mind and meets the legal requirement to state one’s sale/sharing practices. This is largely a clarification/reaffirmation rather than a new policy, but it’s highlighted to users in the updated privacy disclosures.

• Addition (Opt-Out of Targeted Advertising – “Do Not Share”): In January 2024, Ancestry introduced account-based choices for opting out of targeted advertising[8], and this carries into the Aug 2025 policy. This means if Ancestry ever uses personal data for personalized ads (for example, using cookie data or email for cross-site advertising), users have a clear mechanism to opt out, and that preference will be tied to their account (not just a single device’s cookie). This was an addition prompted by state laws (like CPRA and Virginia’s law) defining “sharing” of data for behavioral ads.Impact: Members now have a more robust ability to opt out of any targeted advertising involving their data. If you toggle off targeted ads in your Ancestry account settings or via the provided “Do Not Sell/Share” link, Ancestry will honor that across your sessions. This increases user control over personal info and ensures compliance with laws – a net benefit to privacy. (Prior to 2024, Ancestry’s policy already didn’t share sensitive data for ads; now the opt-out choice covers any advertising-related data use and is more user-friendly.)

• Revision (Third-Party Service Providers Clarified): The 2025 Privacy Statement likely clarifies the categories of third parties with whom data is shared for business purposes. Ancestry has long stated it shares data with service providers (contractors) as needed to run its services – e.g. the lab that processes your DNA, cloud storage providers, shipping companies for test kits, etc. The updated statement (aligning with new laws’ terminology) probably elaborates on these service provider arrangements, ensuring they are bound to protect the data and cannot use it for their own purposes (this aligns with CPRA’s requirements for “contractors”).Impact: For members, this is a transparency improvement – you can see more clearly who might handle your data behind the scenes (e.g. a testing laboratory or an email service provider) and under what safeguards. There is no change in how such sharing works (it’s still only to support Ancestry’s services), but the description is more detailed in 2025. This is a revision to make the policy more understandable and compliant; it doesn’t grant any new sharing rights that didn’t exist before.

• No Change (Protective Stance on Law Enforcement & Marketing Requests): Importantly, Ancestry’s stance on law enforcement and third-party marketing use did not change from 2024 to 2025. The Privacy Statement continues to forbid voluntary disclosure of your data to law enforcement agencies and affirms that Ancestry will only comply if legally compelled (with measures to notify users, unless prohibited)[9]. Likewise, Ancestry still will not share your Genetic Information with insurance companies, employers, or third-party marketers without your explicit consent[10]. These commitments were present in the Jan 2024 version and remain in the Aug 2025 update (no removal or weakening of these protections).Impact: Members’ sensitive data – DNA, personal details, health info – continues to be safeguarded from law enforcement fishing expeditions or corporate marketing usage. If, for instance, a government or law enforcement request comes, Ancestry will resist or require a court order and try to notify the user in advance[11]. The fact that this policy did not change is significant: users in 2025 enjoy the same level of protection against involuntary disclosure as they did in 2024.

• Revision (Business Transfers and Mergers): Both versions of the Privacy Statement include a section on business transfers (if Ancestry is ever acquired, merges, or sells assets, user information may be transferred to the new owner). The 2025 update likely rephrased and clarified this section. For example, it may assure that any successor will have to honor the commitments of the Privacy Statement (to the extent allowed) – a point of concern for users after seeing industry news about acquisitions in genetics.Impact: This means if Ancestry’s ownership changes, your data would go to the new company, but the same privacy rules should continue to apply. The clarification is a revision for transparency; it doesn’t grant Ancestry new powers, but it informs members how their data is handled in corporate events. (No opt-out from such transfer is provided – as is standard – but at least users know what to expect.)

User Rights & Controls

• Addition (New Privacy Rights – CPRA and Others): The Jan 2024 statement incorporated new user rights from privacy laws, and the Aug 2025 version upholds them. Notably, Ancestry added the right to correct inaccurate personal information in its Privacy Statement (a CPRA requirement) and likely mentions the right to appeal if Ancestry declines a user’s privacy request (a requirement under Virginia’s law) – these were not explicitly detailed prior to 2024.Impact: Members now have a formal right to request correction of any wrong info Ancestry has (for example, if your address or name is recorded incorrectly, or if there’s an error in your data). If you exercise any privacy right (access, deletion, etc.) and are unsatisfied with the outcome, you can appeal Ancestry’s decision, and the process for doing so is outlined. These additions empower users to ensure their data is accurate and to seek recourse if they feel a privacy request was improperly handled.

• Addition/Revision (Account-Based Opt-Out Controls): As mentioned, the updated policy provides an account-level “Do Not Sell/Share” setting for targeted ads[12]. In practical terms, this means in your Ancestry Privacy Preferences you can toggle off the use of your data for personalized ads. The 2024 version first introduced it, and the 2025 version continues it. Earlier, opting out of such tracking might have required cookie settings per device, but now your choice is tied to your login.Impact: This makes it easier for members to exercise their rights uniformly. If you opt out once, Ancestry will apply it to your account across all your devices and sessions – you don’t have to repeatedly set preferences. This change is an addition that reflects best practices and legal requirements, ultimately giving users clearer control over their personal data.

• Revision (Enhanced Transparency in Exercising Rights): The newer Privacy Statement is more user-friendly in explaining how to exercise your rights (access, download, delete, etc.). It likely directs users to Ancestry’s Privacy Center or Support Center where they can submit requests or use self-service tools. For example, it might mention you can download your DNA data or delete your account by following steps in your account settings (rather than only via emailing support).Impact: Members benefit from a clearer roadmap to manage their data. While these rights (access, deletion) existed before, the 2025 update’s plain-language approach means more users will understand that, for instance, they can download a copy of their DNA raw data or request account deletion at any time. This is a revision improving clarity – not a change in what rights exist, but in how easy it is to discover and use them.

• No Change (Non-Discrimination Assurance): Both the 2024 and 2025 statements include a promise that Ancestry will not discriminate against users for exercising their privacy rights (e.g. they won’t deny services or change prices just because you opted out of something). This principle was introduced with CCPA/CPRA compliance and remains unchanged.Impact: Members can freely exercise rights like opting out of data sharing or deleting data without fear of losing access to features or facing penalties. Ancestry’s service offerings and pricing remain the same for those who exercise privacy choices. This continuity provides reassurance that using your rights won’t harm your experience.

DNA/Genetic Data Use

• Addition (New DNA Features Disclosure): The Jan 2024 update added language addressing new or future AncestryDNA features[13]. Specifically, it mentions enhancements to the DNA matching service and other DNA-based features that “may be released in the future.” This was an addition to notify users that their genetic information may be used to power upcoming innovations (for example, improved matching algorithms, new ways of discovering genetic relationships, or traits).Impact: Members are given a heads-up that as Ancestry expands DNA services, those features will still fall under the same privacy protections. For instance, if Ancestry launches a new tool that uses your DNA data to provide insights, the Privacy Statement already covers that usage. The language does not change how DNA data was used historically; it simply prepares users and ensures transparency for any expansion of DNA offerings. Your DNA test data is still primarily used for the core purposes you signed up for (ethnicity estimates, matching with relatives, etc.), but now the policy explicitly encompasses any new DNA functionalities under development.

• Addition (Recommender Systems Explanation): Uniquely, the 2024 Privacy Statement added a note on “how we use recommender systems” – likely referring to the algorithms that suggest records, relatives, or Ancestry features based on your data. This was an addition for transparency.Impact: For members, this means Ancestry is openly explaining that it uses automated systems to analyze your family tree data, DNA results, and site activity to recommend useful connections or content (for example, the “Hints” feature, record suggestions, or DNA match suggestions are driven by these algorithms). The inclusion of this explanation (which wasn’t spelled out in older policies) doesn’t alter what’s happening with your data, but it educates you that some decisions (like which DNA matches are shown or which historical record is suggested to you) are made by automated processing of your info. In general, this caters to new transparency requirements in privacy regulations about automated decision-making. Members gain insight into the fact that no adverse decisions are being made – the automation is used to enhance your genealogy discoveries.

• No Change (Research and Secondary Use of DNA Data): Ancestry’s fundamental approach to DNA data usage remains the same in 2025 as it was in 2024. Your DNA and genetic information are used only for the purposes you consent to. By default, Ancestry uses your DNA results to provide you with the AncestryDNA service (ethnicity breakdown, DNA matches, etc.) and for internal product R&D (to improve algorithms) in de-identified form. If Ancestry ever engages in external research studies or partnerships (such as academic studies), it requires separate informed consent from the user – this policy did not change. The Privacy Statement still indicates that any use of your genetic data beyond providing the service is either disclosed to you or opt-in.Impact: Members in 2025 have the same control as before over whether their genetic info might be included in research projects. If you did not opt in to research, your individual-level DNA data is not shared outside Ancestry. The updates did not grant Ancestry new rights to freely use or share genetic data – those remain tightly restricted, which is a critical protection. In short, your DNA data usage is purpose-bound and consent-bound, identical to the prior policy.

• No Change (Protection from Insurers/Employers): As noted under sharing, the Privacy Statement continues to explicitly forbid sharing your Genetic Information with insurance companies or employers[14]. This means any genetic insights about health or traits you might have (even though AncestryDNA’s test is mainly genealogical) cannot be used by insurers or employers via Ancestry. That promise was present in the older version and remains in 2025, unchanged.Impact: Members can be assured that taking an AncestryDNA test will not result in their data being sold to health insurers or used to affect insurance coverage, employment opportunities, etc. – Ancestry stands by its word on this. This consistency is important given the sensitivity of DNA data; the updates did not open any loopholes in this area.

• Addition (Consumer Health Data Policy & Consent – Specific Jurisdictions): In 2025, Ancestry introduced a Consumer Health Data Privacy Policy (effective March 31, 2024) to comply with new laws like Washington State’s My Health My Data Act. This supplemental policy (referenced in the Privacy Statement) covers genetic data as “health data” for residents of certain states.Impact: For members in relevant states (e.g. Washington), additional consent requirements and protections apply to genetic data. The Privacy Statement likely now notes that if you’re subject to such laws, Ancestry will obtain your consent for collecting and sharing genetic/health information and provide special rights (like the right to withdraw consent). This is an addition to address new legal standards. Practically, it means Ancestry’s handling of DNA data has an extra layer of compliance: e.g. you might have seen an extra consent prompt if you’re in an affected state, and Ancestry must allow you to request deletion of health data promptly upon request. For the average user, this doesn’t change day-to-day use, but it gives stronger legal footing to your privacy – especially if you’re in a state that considers genetic data highly sensitive. Overall, this change increases protection of DNA data under law without altering Ancestry’s fundamental usage of that data (it’s more about how they legally treat consent and disclosure).

Third-Party Involvement and Transfers

• Revision (Detailed Third-Party Categories): The newer Privacy Statement provides more detail about third parties involved in providing Ancestry’s services. For example, it might enumerate laboratory partners, infrastructure providers (cloud storage, IT security), payment processors, marketing/email vendors, etc. as entities that process data on Ancestry’s behalf. In the 2024 statement, these were likely mentioned in broader terms (“service providers”); by 2025, as privacy laws demand more transparency, Ancestry has likely listed or described these partners in clearer terms.Impact: Members gain a better understanding of who might see their information in the course of service delivery. For instance, when you send in a DNA sample, a third-party lab (under contract) will handle your spit sample and DNA data, but they receive only the data needed (a barcode, not your full identity) and are prohibited from using it outside of the testing purpose[15]. Similarly, if Ancestry uses a cloud service to store data, that provider is bound to strict confidentiality. The 2025 clarifications (a revision) don’t mean more third parties get your data; they just inform you of the ones that already do, under robust agreements. This helps members trust that while multiple parties assist in the service, their data isn’t openly circulating – it’s handled in controlled ways.

• Addition (Affiliates and International Transfers): With acquisitions and global operations, Ancestry’s updated statement likely confirms that data may be shared among Ancestry’s affiliated companies (such as Ancestry’s subsidiaries in Ireland or other countries, like Ancestry Ireland Unlimited which operates Ancestry.ca and .co.uk). This was probably in the older version too, but any new affiliate (like an overseas branch or newly acquired company) would be added.Impact: For members, intra-company sharing means your data might be processed on servers or by teams in other jurisdictions (e.g. the EU or Australia), but always under Ancestry’s control and the Privacy Statement’s rules. The 2025 statement, in adhering to laws, would reassure users that international data transfers are done in compliance with applicable laws (for instance, using standard contractual clauses for EU data transfers, etc.). This is mostly a transparency/administrative addition – it doesn’t change who ultimately handles your data (it’s still Ancestry and its controlled entities), but it clarifies the structure. Users concerned about cross-border data flows get more info, and Ancestry meets legal requirements about disclosing such practices.

• Revision (Disclosure for Legal Reasons): The Privacy Statements both allow disclosure of data if required by law (court orders, subpoenas) or to protect Ancestry’s rights and safety of users. The 2025 update might have fine-tuned the wording For example, it may explicitly mention compliance with genetic data privacy laws when handling legal requests, or it might outline the steps Ancestry will take (like requiring valid jurisdiction and proper form of order).Impact: This is a minor revision not changing the fundamental rule – if the government comes knocking with a lawful order, Ancestry may have to hand over data – but the updated language likely provides more insight into this process. Members should understand that while Ancestry resists broad surveillance (no voluntary sharing), they will comply with binding orders. The improved wording could simply be to align with the Genetic Information Privacy Act (in some states) or other regulations, ensuring users are informed that genetic data gets special handling even in legal disclosures. Again, there’s no new scenario where your data would be given out; it’s about explaining existing ones with more precision.

Consent Mechanisms

• Addition (Explicit Consent for Sensitive Data): Given new state laws (e.g. many define genetic data, health information, precise geolocation, etc. as “sensitive personal data” that requires consent), the 2025 Privacy Statement likely emphasizes user consent for processing sensitive data. For instance, it might state that by submitting a DNA test or using Ancestry’s DNA services, you are giving consent for Ancestry to process your Genetic Information for the purposes described. In some jurisdictions, an extra consent step might be presented.Impact: Members are made aware that their agreement is the basis for using sensitive info. If you’re in a state like Texas or Colorado which requires opt-in for sensitive data processing, Ancestry now complies by treating your use of the DNA service as an opt-in (or by obtaining an affirmative checkbox during kit activation). This change is an addition ensuring all legal consent requirements are met. Practically, it doesn’t burden users – it either happened in the background or via a one-time prompt – and it ensures Ancestry can lawfully continue to provide the DNA insights you requested. It also means users are more explicitly in control of whether their most sensitive data is used – you have to agree, and you can withdraw that consent by deleting your data.

• Revision (Opt-In for New Communications/Features): The updated statements continue to handle marketing communications via user consent (you can opt in/out of emails), unchanged from before. However, any new features that involve data use might come with their own opt-in. For example, if Ancestry were to offer a health-related DNA report in the future, they might require an additional consent per the privacy policy. The 2025 version sets the stage by mentioning “features that may be released in future”[16], implying that consent will be obtained as needed for those.Impact: Members won’t suddenly have their data used in a radically different way without notice – the privacy framework now explicitly indicates that new uses will be communicated and likely require user action. This is a protective measure (and a commitment by Ancestry) ensuring ongoing consent mechanisms adapt to any expansion of services.

• No Change (Withdrawal of Consent & Account Deletion): Both versions allow users to withdraw consent by deleting data or changing settings. If you no longer want Ancestry to process your information (including DNA), you can delete your Ancestry account or specific data, and the company will honor that request (subject to identity verification and some retention of records as required by law). The process for account deletion or sample destruction in 2025 remains essentially the same as in 2024 – though the newer Privacy Statement likely explains it in clearer terms.Impact: Members still have the ultimate say – at any time you can request your DNA sample be destroyed and your genetic data deleted from Ancestry’s databases, or delete your entire account. The continuity here means Ancestry did not introduce any new barriers to leaving or retracting consent; if anything, by 2025 they might have streamlined it (possibly via a self-serve portal in the Privacy Center). This is a reassuring point: your consent is not irrevocable – you remain in control of your data lifecycle on Ancestry.

Security and Privacy Protections

• Revision (Transparency and Readability): Across all sections, the Aug 2025 Privacy Statement was edited for greater transparency and clarity. Ancestry “updated language throughout to and readability.”. This is evident in the bullet-point summaries and reorganized sections in the new statement.Impact: Members benefit from a privacy policy that is easier to understand, with less legalese and more straightforward explanations of data practices. For example, headings were likely added or improved (making it simple to scan topics like “How We Use Your Information” or “Your Privacy Choices”), and redundant or outdated text was removed. This change is a general revision that doesn’t alter the policy’s substance but significantly improves the user experience. An informed user is better able to exercise their rights and make choices, so this change indirectly strengthens privacy protection by fostering understanding.

• No Change (Data Security Measures): Ancestry’s commitment to protecting user data with robust security remains unwavering in the 2025 statement. Both versions outline that Ancestry employs administrative, technical, and physical safeguards to secure personal information. For example, DNA test results and other sensitive data are stored in encrypted databases and handled via systems that limit who can access them. The lab processing your DNA sample, as noted in Ancestry materials, only receives a code and no identifying info, which is a privacy-by-design practice continuing through 2025.Impact: From a member’s perspective, nothing changed negatively in terms of security – there were no relaxations of security standards. If anything, by highlighting privacy more (e.g. Privacy Center, transparency reports), Ancestry reiterates that security is a top priority. In the August 2025 update announcement, Ancestry explicitly reassured users that “our robust consumer privacy protections remain the same.”. This means all the measures that were guarding your data in early 2024 – encryption, pseudonymization of DNA, monitoring for unauthorized access, etc. – are still in place at the same or higher levels in 2025. Users should feel equally (if not more) confident in the safety of their data on Ancestry’s platforms.

• No Change (Privacy Commitments and Trust): Crucially, none of the updates between Jan 2024 and Aug 2025 diminish the privacy protections or user rights that existed before. Ancestry emphasized that the relationship with customers and their privacy promises “remain the same” despite the changes. For example, Ancestry still honors users’ choices (if you opted out of DNA relative matching or making your tree public, those settings and commitments carry forward exactly as before). There was no removal of any user privacy option; every previous control (like email opt-outs, making your ethnicity results private, etc.) is still available.Impact: Members can be assured that updates were primarily to enhance clarity or comply with new laws, not to erode privacy. If you were comfortable with Ancestry’s privacy stance in 2024, the 2025 statement gives you the same assurances with even more transparency. There are no “gotcha” changes that grant Ancestry broader rights to use or share data in ways that would surprise users – any such significant change would have been clearly highlighted (and none were). This continuity is explicitly stated by Ancestry, underscoring that the core privacy principles (no selling data, user control, strong security) are intact.

Conclusion & Member Impact Summary

From January 2024 to August 2025, Ancestry’s Privacy Statement evolved to be more comprehensive and law-compliant but remained true to its original privacy promises. New additions (like detailed opt-outs, explicit consents, and clearer explanations) generally empower users and improve understanding of how data is handled.

Revisions (like those for new laws and transparency) ensure that Ancestry’s practices meet the highest standards of state, national, and international privacy regulations – benefiting members through stronger rights (e.g. correction rights) and assurances. Notably, no critical protections were removed; Ancestry continues to forbid sharing personal or genetic data with law enforcement or insurers without consent or legal mandate, and it does not sell customer data.

For Ancestry members, these changes mean greater clarity and control: you know what data is collected (and why), you have tools to manage things like advertising preferences and data downloads, and you can trust that sensitive information (like your DNA) is handled with care and kept private. In summary, the Aug 2025 Privacy Statement is a more user-friendly and legally robust document that, on the whole, strengthens members’ privacy rights and protections without introducing new risks.

All changes – whether additions, revisions, or the few retirements of outdated text – serve to increase transparency and align Ancestry’s commitments with the evolving privacy landscape, ultimately benefiting Ancestry users and their personal data’s security.

* * *

Author’s Note: I want to be transparent that this article – Is Your DNA Data Safe? Breaking Down Ancestry’s August 2025 Privacy Changes – was created in part with the help of an artificial intelligence (AI) language model – ChatGPT 5o PRO with Deep Reasoning. The AI assisted in generating an early draft of the article, but every paragraph was subsequently reviewed, edited, and refined by me. The final content is the result of extensive human curation and creativity. I am proud to present this work and assure readers that while AI was a tool in the process, the story, style, and substance have been carefully shaped by the author.

Endnotes

[1] “Ancestry Privacy Statement,” Ancestry, 17 January 2025 (https://www.ancestry.com/c/legal/privacystatement-2024-1-17 accessed 18 August 2025).

[2] “Ancestry Privacy Statement,” Ancestry, 18 August 2025, effective 21 August 2025 (https://www.ancestry.com/c/legal/privacystatement accessed 18 August 2025).

[3] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “AncestryDNA Registration Information. When you register an AncestryDNA test kit or upload your DNA Data, we collect:

• The registration code associated with your AncestryDNA test kit (if applicable);
• Your assigned sex at birth; and
• Your birthdate.”

[4] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “Your Content: We collect information from content you voluntarily contribute to the Services, including (i) family trees; (ii) family memories such as photos, audio/video recordings, and stories; (iii) record annotations, comments, messages, and input to interactive tools; and (iv) feedback provided to Ancestry.”

[5] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “We use secure server software to encrypt Personal Information (including Genetic Information), and we only partner with security companies that meet and commit to our security standards. While we cannot guarantee that loss, misuse, or alteration of data will not occur, we use appropriate technical and organizational measures to prevent this.”

[6] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “This Privacy Statement covers the Ancestry websites, services, and mobile apps that link to this Privacy Statement, including Ancestry®; AncestryDNA®; Fold3®; Newspapers.com™; Archives®; We Remember®; Forces War Records™; and Find a Grave®. Within this Privacy Statement, we refer to these websites, services, and mobile apps as “Ancestry.”

[7] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “What Information Do We Share, When Do We Share It and Who Are the Recipients?: Ancestry does not share your individual Personal Information (including your Genetic Information) with third parties except as described in this Privacy Statement or with your additional consent. We do not voluntarily share your information with law enforcement. We also will not share your Genetic Information with insurance companies, employers, or third-party marketers without your express consent.”

[8] “Ancestry Privacy Statement,” Ancestry, 17 January 2025: “Under the laws in some U.S. jurisdictions, you have the right to opt out of our sharing of your Personal Information for online targeted advertising. Ancestry does not sell or share your Personal Information for other purposes. You can learn more about our practices and the controls we provide you or opt out of certain types of such sharing by visiting our Cookie Policy. To change your preferences around targeted advertising, please visit our Do Not Sell or Share my Personal Information/Opt Out of Targeted Advertising page or the “Do Not Sell or Share My Personal Information” link in the footer of some of our sites.”

[9] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “Law Enforcement: Ancestry does not voluntarily provide data of any kind to governmental or judicial bodies or to law enforcement agencies. To provide our users with the greatest protection under the law, we require all government agencies seeking access to Ancestry customers’ data to follow a valid legal process. We do not allow law enforcement to use the Services to investigate crimes or to identify human remains.

If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so. Ancestry produces a Transparency Report where we list the number of valid law enforcement requests for user data across all our sites.”

[10] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “Ancestry does not sell or share your Genetic Information with third-party marketers, insurance companies, or employers, and we will not use your Genetic Information for marketing or personalized advertising without your explicit consent.”

[11] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so. Ancestry produces a Transparency Report where we list the number of valid law enforcement requests for user data across all our sites”

[12] “Ancestry Privacy Statement,” Ancestry, 18 August 2025:  “Under the laws in some U.S. jurisdictions, you have the right to opt out of our sharing of your Personal Information for online targeted advertising. Ancestry does not sell or share your Personal Information for other purposes. You can learn more about our practices and the controls we provide you or opt out of certain types of such sharing by visiting our Cookie Policy. To change your preferences around targeted advertising, please visit our Do Not Sell or Share my Personal Information/Opt Out of Targeted Advertising page or the “Do Not Sell or Share My Personal Information” link in the footer of some of our sites.”

[13] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “Ancestry retains your DNA Data to provide you with the features and functionality you purchase (or are gifted), including continuously updated features, increasingly granular ethnicity estimates and improved ancestral regions and ancestral journeys, as well as other new features based on your DNA Data. Your DNA Data is kept until you delete your DNA test results or your account.”

[14] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “Ancestry does not sell or share your Genetic Information with third-party marketers, insurance companies, or employers, and we will not use your Genetic Information for marketing or personalized advertising without your explicit consent.”

[15] Ibid.

[16] “Ancestry Privacy Statement,” Ancestry, 18 August 2025: “The Services are fundamentally premised on the notion that the personal voyage of self-discovery is not a one-time event and continues over lengthy periods of time—possibly lifetimes. Additionally, and with particular regard to our subscribers and DNA customers who pay fees or purchase subscriptions, the ongoing enhancement of our collections of historical records and DNA features provide benefits and insights to our users over time. As a result, our retention practices reflect this ongoing value by retaining user accounts on our system until our users inform us of their desire to delete their data or close their accounts.”