Spotify Privacy Policy

Effective as of 10 October 2024

1. About this Policy
2. Your personal data rights and controls
3. Personal data we collect about you
4. Our purpose for using your personal data
5. Disclosing your personal data
6. Data retention
7. Transfer to other countries
8. Keeping your personal data safe
9. Children
10. Privacy Request Metrics
11. Changes to this Policy
12. How to contact us

1. About this Policy

This Privacy Policy describes how we process your personal data at Spotify USA Inc. From now on, we’ll call it the ‘Policy’.

It applies to your use of:

  • all Spotify streaming services as a user. For example this includes:
    • your use of Spotify on any device
    • the personalization of your user experience. Watch our personalization explainer video to learn more about this.
    • the infrastructure required to provide our services
    • connection of your Spotify account with another application
    • both our free or paid streaming options (each a ‘Service Option’)
  • other Spotify services which include a link to this Policy. These include Spotify websites, Customer Service and the Community Site
From now on, we’ll collectively call these the ‘Spotify Service’.

From time to time, we may develop new or offer additional services. They’ll also be subject to this Policy, unless stated otherwise when we introduce them. IIf you reside in California, our supplemental California Notice at Collection, applies in addition to this Policy.

This Policy is not...

  • the Spotify Terms of Use, which is a separate document. The Terms of Use outline the legal contract between you and Spotify for using the Spotify Service. It also describes the rules of Spotify and your user rights
  • about your use of other Spotify services which have their own privacy policy, such as Megaphone.
Other resources and settings

Key information about your personal data is right here in this Policy. However, you might want to take a look at our other privacy resources and controls:

  • Safety & Privacy Center: A user-friendly hub with summaries of key topics and helpful videos. It includes the ‘Your Privacy Controls’ video which shows you how to exercise your user rights and make choices about the way we process your data. See Section 2 ‘Your personal data rights and controls’ for more on user rights.
  • Account Privacy: Control the processing of certain personal data, including tailored advertising.
  • Notification Settings Set which marketing communications you get from Spotify.
  • Settings (found in the Desktop and Mobile versions of Spotify): Control certain aspects of the Spotify Service such as ‘Social’ or ‘Explicit Content’. On the ‘Social’ setting, you can:
    • start a Private session
    • choose whether to share what you listen to on Spotify with your followers
    • choose whether to show your recently played artists on your public profile
On the ‘Explicit Content’ setting you can control whether explicit-rated content can be played on your Spotify account.

  • Cookies Policy: Information on how we use cookies and how to manage your cookie preferences. Cookies are files saved on your phone, tablet or computer when you visit a website.

2. Your personal data rights and controls

Privacy laws give certain rights to individuals over their personal data.

The table below explains:
  • your rights
  • circumstances when they apply
  • how to use them
You can also watch our video about Your Privacy Controls. You will not receive discriminatory treatment for exercising any of your privacy rights.

It’s your right to...
How?
Be informed
Be informed of the personal data we process about you and how we process it.
We inform you:
  • through this Policy
  • through information provided to you as you use the Spotify Service
  • by answering your specific questions and requests when you contact us
Know/
Access
Request to know and access the personal data we process about you.
To request a copy of your personal data from Spotify, either:
When you download your data you will receive the information about your data that Spotify has to provide under applicable laws. If you would like more information about how we process your personal data, you can contact us.
Correction
Request that we amend or update your personal data where it’s inaccurate.
You can edit your User Data under ‘Edit profile’ in your account or by contacting us.
Deletion
Request that we delete certain of your personal data.

Please note there are situations where Spotify is unable to delete your data, for example when:
  • it’s still necessary to process the data for the purpose we collected it for
  • we have an overriding interest in continuing to process the data, for example where we need the data to protect our services from fraud
  • Spotify has a legal obligation to keep the data, or
  • Spotify needs the data to establish, exercise or defend legal claims. For example, if there’s an unresolved issue relating to your account
There are several ways you can delete personal data from Spotify:
  • to remove audio content you have saved, select the relevant content and choose to remove it. For example you can remove a track from your playlist or remove an artist you’ve saved to your Library
  • to request deletion of your account data from Spotify and close your account, follow the steps on our support page. This data includes your User Data, Usage Data and other data listed in Section 3 ‘Personal data we collect about you
  • for any other deletion requests, you can contact us or reach out to customer support via our chat bot
Opt-out of tailored advertising
Request to opt out of the processing of your personal data for tailored advertising.

For more information about our processing for these purposes, see the section ‘Tailored advertising controls’ below.
You can exercise your right to opt out on your Account Privacy page under ‘Tailored Ads’.

If you do not have an account or are not logged in, you can also opt-out by clicking the 'Your Privacy Choices' link at the footer of our website.
Data portability
Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.
For information about how to exercise the right to portability, see ‘Know/Access’ above.
Not be subject to automated decision making
Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
Spotify does not carry out this type of automated decision making in the Spotify Service.
Withdrawal of consent
Withdraw your consent to us collecting or using your personal data.

You can do this if Spotify is processing your personal data solely based on your consent.
To withdraw your consent, you can:
• adjust the relevant control on Spotify
Verifying requests, generally
To verify a request to know, request to delete, and request to correct, we ask you to provide certain details related to your Spotify account. Please note, if you do not have a Spotify account we will not have enough information about you to verify your identity and respond to your requests, as we do not keep sufficient information necessary to re-identify and link you to a prior visit to the Spotify Service where data may have been collected. As such, we will be unable to verify and honor your requests.

Household requests
If all the members of a household make an access, correction or deletion request, we will respond as if the requests are individual requests.

Requests made through agents
You may designate, in writing or through a power of attorney (in accordance with local law), an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Appeals process
If your request is denied you may have the right to appeal the denial in accordance with the instructions provided to you when the denial was made.

Tailored advertising controls

What is tailored advertising?
  • This is when we use information about your use of our services and other websites and mobile apps to tailor ads to be more relevant to you. This is also known as interest based advertising, targeted advertising, or ‘sharing’ for purposes of cross-context behavioural advertising.
  • An example of tailored advertising is when an advertising partner provides us with information indicating that you may be interested in cars. This could enable us to show you ads about cars.
How to control tailored advertising:
  • You can control tailored advertising on your Account Privacy page under ‘Tailored Ads’.
  • If you do not have an account or are not logged in, you can also opt-out by clicking the 'Your Privacy Choices' link at the footer of our website.
  • You can also control tailored advertising for some podcasts using the link in the episode’s show description. This applies where the content provider inserts advertising into the podcast to fund it. The hosting provider, which might not be Spotify, manages these controls for the podcast.
  • You can also visit our services via a browser with a recognized opt-out preference signal enabled, such as the Global Privacy Control (GPC). If you use a preference signal you may need to renew your preferences if you visit the Spotify Service with another device or browser, or if you clear your cookies.
If you are ‘opted out’ of tailored advertising on your Account Privacy page, you will receive less relevant advertising, including on our free Service Option, as well as our paid Service Option, as applicable (for example, advertising in podcasts). This type of advertising is based on your registration information and what you are currently listening to on our services. For example, if you are listening to a cooking podcast, you may hear an ad for a food processor.

Appropriate age for tailored advertising:
  • Younger users may have tailored advertising turned off by default. When you reach the appropriate age, you will start to receive tailored advertising . When this happens, you will receive a message within the Spotify Service to let you know. This message will contain a link to the Account Privacy page where you can change your preferences or ‘opt-out’ of tailored advertising at any time under Tailored Ads.

3. Personal data we collect about you

These tables set out the categories of personal data we collect from you. You can also watch our video about Personal Data at Spotify.

Collected when you sign up for the Spotify Service
or when you update your account
Categories
Categories under CCPA
Description
User Data
Identifiers; and

Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)
Personal data that we need to create your Spotify account and that enables you to use the Spotify Service.

The type of data collected and used depends on the type of Service Option you have. It also depends on how you create your account, the country you are in, and if you use third party services to sign in. This may include your:
  • profile name
  • email address
  • password
  • phone number
  • date of birth
  • gender
  • street address (see further details below)
  • country
  • university/college (for Spotify Premium Student)
We receive some of this data from you e.g. from the sign up form or account page.

We also collect some of this data from your device e.g. country or region. For more information about how we collect and use this data, see ‘Your general (non-precise) location’ in the Usage Data category.
Street Address Data
Geolocation data
We may ask for and process your street address for the following reasons:
  • to check eligibility for a Service Option
  • to deliver notices which are required by law
  • to deliver support options
  • for billing and tax administration
  • to deliver physical goods or gifts which you have requested
In some cases, we may use a third party application to help you verify your address, such as Google Maps.
Collected through your use of the Spotify Service
Categories
Categories under CCPA
Description
Usage Data
Internet or other electronic network activity information;

Geolocation data (i.e.,your non-precise location as derived from your IP address);

Commercial information; and

Inferences
Personal data collected and processed about you when you’re accessing or using the Spotify Service.

There are a few types of information this includes, listed in the following sections.

Information about how you use Spotify

Examples include:
  • information about your Spotify Service Option
  • your actions with the Spotify Service (including date and time), such as:
    • search queries
    • streaming history
    • playlists you create
    • your library
    • browsing history
    • account settings
    • interactions with other Spotify users
  • your use of third party services, devices and applications in connection with the Spotify Service
  • inferences (i.e., our understanding) of your interests and preferences based on your usage of the Spotify Service
  • content you provide when participating in Spotify promotions, such as contests or sweepstakes
  • content you post to any part of the Spotify Service. For example: images, audio, text, titles, descriptions, communications, and other types of content

Your technical data

Examples include:
  • URL information
  • online identifiers such as cookie data and IP addresses
  • information about the devices you use such as:
    • device IDs
    • network connection type (e.g. wifi, 4G, LTE, Bluetooth)
    • provider
    • network and device performance
    • browser type
    • language
    • information enabling digital rights management
    • operating system
    • Spotify application version
  • information which enables us to discover and connect with third party devices and applications. Examples of this information are the device name, device identifiers, brand and version. Examples of third party devices and applications are:
    • devices on your wifi network (such as speakers) which can connect to the Spotify Service
    • devices your operating system makes available when connecting via Bluetooth, plugin, and installation
    • Spotify partner applications to determine whether the application is installed on your device

Your general (non-precise) location

Your general location includes country, region or state. We may learn this from technical data (e.g. your IP address, language setting of your device) or payment currency.

We need this to:
  • meet geographic requirements in our agreements with the owners of content on the Spotify Service
  • deliver content and advertising that’s relevant to you

Your device sensor data

Motion-generated or orientation-generated device sensor data if needed to provide features of the Spotify Service that require this data. This is data which your device collects about the way you move or hold your device.
Additional data you may choose to give us
Categories
Categories under CCPA
Description
Payment and Purchase Data
Commercial information
If you make any purchases from Spotify or sign up for a paid Service Option or a trial, we will need to process your payment data.

The exact personal data collected and used will vary depending on the payment method. It will include information such as:
  • name
  • date of birth
  • payment method type (e.g. credit or debit card)
  • if using a debit or credit card, the card type, expiration date, and certain digits of your card numberNote: For security, we never store your full card number
  • ZIP/postal code
  • mobile phone number
  • details of your purchase and payment history

Survey and Research Data
Identifiers; and

other information you share
When you respond to a survey or take part in user research, we collect and use the personal data you provide as described in the survey or research.
We receive some of the data mentioned above from third parties. The below table describes the categories of those third parties.

Third party sources that we receive your data from
Categories of third parties
Description
Data categories
Authentication partners
If you register for or log into the Spotify Service using another service, that service will send your information to us. This information helps create your account with us.
User Data
Third party applications, services and devices you connect to your Spotify account
If you connect your Spotify account to a third party application, service or device, we may collect and use information from them. This collection is to make the integration possible.

These third party apps, services or devices may include:
  • social media
  • devices including:
    • audio (e.g. speakers and headphones)
    • smart watches
    • televisions
    • mobile phones and tablets
    • automotive (e.g. cars)
    • games consoles
  • services or platforms such as voice assistants or content platforms
We’ll ask your permission before we collect your information from certain third parties.
User Data
Usage Data
Technical service partners
We work with technical service partners that give us certain data. This includes mapping IP addresses to non-precise location data (e.g., country or region, city, state).

This makes it possible for Spotify to provide the Spotify Service, content, and features.

We also work with security service providers who help us protect user accounts.
User Data
Usage Data
Payment partners and Merchants
If you choose to pay through third parties (e.g. telco carriers) or by invoice, we may get data from our payment partners.

This allows us to:
  • send you invoices
  • process your payment
  • give you what you’ve purchased
If we direct you to a merchant, we receive data from the merchant that is related to your purchase. For example, we might direct you to an artist’s merchandise store on a third party platform or to a third party ticketing website.

Receiving this data allows us to:
  • calculate any commissions owed to us
  • analyze the effectiveness of our partnership with these merchant partners
  • understand your interests
Payment and Purchase Data
Advertising and marketing partners
We receive inferences from certain advertising or marketing partners. These inferences are the partners’ understanding of your interests and preferences.

This allows us to deliver more relevant ads and marketing.
Usage Data
Acquired companies
We may receive data about you from companies we acquire. This is to enhance our services, products, and offerings.
User Data
Usage Data
If you download the Spotify mobile app and try Spotify using a logged out user experience, we will collect limited information about your usage of the Spotify Service, including Usage Data. We do this to understand how you are accessing and using the Service. We also do this to ensure we provide the right experience for you, for example based on your country or region. If you decide to create a Spotify account to experience our service in full, then we will combine this data with your Spotify account data.

4. Our purpose for using your personal data

The table below sets out:
You can also watch our video about Personal Data at Spotify.

Purpose for processing your data
Categories of personal data used for the purpose
To provide the Spotify Service.

For example, when we use your personal data to:
• set up an account for you
• personalize your account
• provide the Spotify app when you download it onto your device,
• enable you to share a link to Spotify content with someone else, or
• provide various optional features of the Spotify Service
  • User Data
  • Street Address Data
  • Usage Data
  • Payment and Purchase Data
  • Survey and Research Data
To diagnose, troubleshoot, and fix issues with the Spotify Service.
  • User Data
  • Usage Data
To evaluate and develop new features, technologies, and improvements to the Spotify Service.

For example:
• we use personal data to develop and improve our personalized recommendation algorithms
• we analyze how our users react to a particular new feature and see whether we should make any changes
  • User Data
  • Usage Data
  • Survey and Research Data

For marketing or advertising purposes.

For example:
• when we use your personal data to tailor advertising to your interests, or
• when we send you email marketing
  • User Data
  • Usage Data
  • Survey and Research Data
To comply with a legal obligation that we are subject to.

This might be:
• an obligation under the law of the country / region you are in
• Swedish law (because of our headquarters in Sweden), or
• EU law that applies to us

For example, when we use your date of birth when required for age verification purposes.
  • User Data
  • Street Address Data
  • Usage Data
  • Payment and Purchase Data
  • Survey and Research Data
To comply with a request from law enforcement, courts, or other competent authorities.
  • User Data
  • Street Address Data
  • Usage Data
  • Payment and Purchase Data
  • Survey and Research Data
To fulfill contractual obligations with third parties.

For example, when we provide pseudonymized data about our users’ listening because we have an agreement with a Spotify rightsholder to do so.

Pseudonymized data means that your data is identified by a code rather than your name or other directly identifying information.
  • User Data
  • Usage Data
  • Payment and Purchase Data
To take appropriate action with reports of intellectual property infringement and inappropriate content.
  • User Data
  • Usage Data
  • Payment and Purchase Data
To establish, exercise, or defend legal claims.

For example, if we are involved in litigation, we need to provide information to our lawyers in relation to that legal case.
  • User Data
  • Street Address Data
  • Usage Data
  • Payment and Purchase Data
  • Survey and Research Data
To conduct business planning, reporting, and forecasting.

For example, when we look at aggregated user data like the number of new sign ups in a country in order to plan new locations to launch our products and features in.
  • User Data
  • Usage Data
  • Payment and Purchase Data
To process your payment.

For example, when we use your personal data to let you purchase a Spotify subscription.
  • User Data
  • Payment and Purchase Data
  • Street Address Data
To keep the Spotify Service secure and to detect and prevent fraud.

For example, when we analyze Usage Data to check for fraudulent use of the Spotify Service.
  • User Data
  • Street Address Data
  • Usage Data
  • Payment and Purchase Data
To conduct research and surveys.

For example, when we contact our users to ask for your feedback.
  • User Data
  • Usage Data
  • Survey and Research Data

5. Disclosing your personal data

This section sets out who receives personal data which is collected or generated through your use of the Spotify Service.

Publicly available information

The following personal data will always be publicly available on the Spotify Service (except to any user you have blocked):
  • your profile name
  • your profile photo
  • your public playlists
  • other content you post on the Spotify Service, and any associated titles, descriptions and images
You or another user can share certain information on third party services, like social media or messaging platforms. This includes:
  • your profile
  • any content you post on Spotify and details about that content
  • your playlists and any associated titles, descriptions and images
When this sharing occurs, the third party service may store a copy of it to support their features.

Personal data you may choose to disclose

We will only disclose the following personal data with those outlined in the table below
  • where you have chosen to use a Spotify Service feature, or a third party application, service or device, and we need to disclose personal data to enable this, or
  • if you otherwise grant us your permission to disclose the personal data. For example, you can do it by selecting the appropriate setting in the Spotify Service or by giving your consent.
Categories of recipients
Categories of data you can choose to share
Reason for choosing to share
Third party applications, services and devices you connect to your Spotify account
• User Data
• Usage Data
To connect your Spotify account, or so that you can use the Spotify Service in connection with third party applications, services or devices.

Examples of such third party applications, services and devices include:
• social media applications
• speaker devices
• televisions
• automotive platforms
• voice assistants

You can see and remove many third party connections under ‘Apps’ in your account.
Support community
• User Data
To enable you to use the Spotify Support Community service.

When you register for an account on the Spotify Support Community, we’ll ask you to create a profile name. This will be publicly displayed to anyone who uses the Spotify Support Community. We’ll also display any questions or comments you post.
Other Spotify users
• User Data
• Usage Data
To share information about your use of the Spotify Service with other Spotify users. These could include your followers on Spotify.

For example, under ‘Social’ settings you can choose to share your recently played artists and your playlists on your profile. You can also choose to create or join a shared playlist with other users. Shared playlists give you social recommendations based on your listening activity.
Artists and record labels
• User Data
To receive news or promotional offers from artists, record labels or other partners.

You may choose to share your User Data for this purpose when you sign up to the Spotify Service. You’ll always have the option to change your mind and withdraw your consent at any time.
Information we may disclose

See this table for details of who we disclose to and why.

Categories of recipients
Categories of data
Reason for disclosing
Service providers
• User Data
• Street Address Data
• Usage Data
• Payment and Purchase Data
• Survey and Research Data
So they can provide their services to Spotify.

These service providers include those we hire to:
• give customer support
• operate the technical infrastructure we need to provide the Spotify Service
• assist in protecting and securing our systems and services (e.g. Google’s reCAPTCHA)
• help market Spotify’s (and our partners’) products, services, events and promotions
• verify your eligibility for certain types of Service Options (e.g., Spotify Premium Student)
Payment partners
• User Data
• Payment and Purchase Data
So they can process your payments, and for anti-fraud purposes.
Advertising partners
• User Data
• Usage Data
So they can help us deliver more relevant advertising to you on the Spotify Service, and help measure the effectiveness of ads.

For example, our ad partners help us facilitate tailored advertising.

With respect to Spotify Service users under the age of 18, we do not disclose personal data to advertising partners by default.
Marketing Partners
• User Data
• Usage Data
To promote Spotify with our partners. We disclose certain User Data and Usage Data to these partners where necessary to:
• enable you to participate in Spotify promotions, including trials or other bundled offers
• to promote Spotify in media and advertising published on other online services
• help us and our partners to measure the effectiveness of Spotify promotions

Examples of partners include:
• marketing or sponsorship partners
• websites and mobile apps who sell us advertising space on their services
• device, app and mobile partners who also offer Spotify promotions

Our partners may also combine the personal data we disclose to them with other data they collect about you, e.g. your use of their services. We and our partners may use this information to present you with offers, promotions, or other marketing that we think you’ll find relevant.

With respect to Spotify Service users under the age of 18, we do not disclose personal data to marketing partners by default.
Ticketing and event partners
• User Data
For every event for which we sell tickets, we will need to disclose your name, email or other order details to our event partners such as ticketing agent or venue box office where the event is taking place so that you can check-in as a verifiable guest who purchased tickets through Spotify’s ticketing platform.
Podcast Hosting Platforms
• Usage Data
Hosting platforms host podcasts so that they can deliver them to you. We disclose certain data, such as your IP address, to the podcast hosting platforms when you play a podcast. We also allow you to stream podcasts available from other hosting platforms not owned by Spotify.
Podcast providers should explain in the show or episode description which platform is hosting the podcast. See the hosting platform’s own privacy policy for how they use data disclosed to them.
Academic researchers
• User Data
• Usage Data
For activities such as statistical analysis and academic study, but only in a pseudonymized format.
Other Spotify group companies, including companies that Spotify acquires
• User Data
• Street Address Data
• Usage Data
• Payment and Purchase Data
• Survey and Research Data
To carry out our daily business operations and so we can maintain, improve and provide the Spotify Service and acquired companies’ services to you.

For example:
• enabling our employees who work for different group companies to develop and improve features for the Spotify Service
• disclosing data to our measurement companies to measure the effectiveness of ad campaigns that run on the Spotify Service
• disclosing data to our podcast companies to better understand user listening trends
Law enforcement and other authorities, or other parties to litigation
• User Data
• Usage Data
When we believe in good faith it’s necessary for us to do so, for example:
  • to comply with a legal obligation
  • to respond to a valid legal process (such as a search warrant, court order, or subpoena)
  • for our own or a third party’s justifiable interest, relating to:
    • national security
    • law enforcement
    • litigation (a court case)
    • criminal investigation
    • protecting someone’s safety
    • preventing death or imminent bodily harm
Purchasers of our business
• User Data
• Street Address Data
• Usage Data
• Payment and Purchase Data
• Survey and Research Data
If we were to sell or negotiate to sell our business to a buyer or possible buyer.

In this case, we may transfer your personal data to a successor or affiliate as part of that transaction.

6. Data retention

We keep your personal data only as long as necessary to provide you with the Spotify Service and for Spotify’s legitimate and essential business purposes, such as:
  • maintaining the performance of the Spotify Service
  • making data-driven business decisions about new features and offerings
  • complying with our legal obligations
  • resolving disputes
Here are some of the categories of our retention periods, and the criteria we use to determine them:

  • Data retained until you remove it
It’s your right to request that we delete certain of your personal data. See the section on ‘Deletion’ in Section 2 ‘Your personal data rights and controls’ for more information, and the circumstances in which we can act on your request.

You can also delete certain personal data directly from the Spotify Service: for example, you can edit or delete your profile picture. Where users are able to see and update the personal data themselves, we keep the information for as long as the user chooses unless one of the limited purposes described below applies.

  • Data that expires after a specific period of time
We have set certain retention periods so that some data expires after a specific period of time. For example, personal data you may input as part of search queries is generally deleted after 90 days.

  • Data retained until your Spotify account is deleted
We keep some data until your Spotify account is deleted. Examples of this include your Spotify username and profile information. We also typically keep streaming history for the life of an account, for example, to provide retrospective playlists that users enjoy and personalized recommendations that take listening habits into account (for example, Your Time Capsule or Your Summer Rewind). When your Spotify account is deleted, this category of data is deleted or de-identified.

  • Data retained for extended time periods for limited purposes
After your account is deleted, we keep some data for a longer time period but for very limited purposes. For example, we may be subject to legal or contractual obligations that require this. These may include mandatory data retention laws, government orders to preserve data relevant to an investigation, or data kept for the purposes of litigation. We may also keep data that has been removed from the Spotify Service for a limited period of time. This could be:
  • to help ensure user safety, or
  • to protect against harmful content on our platform.
This helps us investigate potential breaches of our User Guidelines and Platform Rules. On the other hand, we will remove unlawful content if the law requires us to do so.

7. Transfer to other countries

Because of the global nature of our business, Spotify transfers personal data internationally with Spotify group companies, subcontractors and partners when carrying out the activities described in this Policy.

Whenever we transfer personal data internationally, we use tools to make sure the data transfer complies with applicable law.

We also identify and use additional protections as appropriate for each data transfer. For example, we use:
  • technical protections, such as encryption and pseudonymization
  • policies and processes to challenge disproportionate or unlawful government authority requests

8. Keeping your personal data safe

We’re committed to protecting our users’ personal data. We put in place appropriate technical and organizational measures to help protect the security of your personal data. However, be aware that no system is ever completely secure.

We have put various safeguards in place to guard against unauthorized access and unnecessary retention of personal data in our systems. These include pseudonymization, encryption, access, and retention policies.

To protect your user account, we encourage you to:
  • use a strong password which you only use for your Spotify account
  • never share your password with anyone
  • limit access to your computer and browser
  • log out once you have finished using the Spotify Service on a shared device
  • read more detail on protecting your account
You can log out of Spotify in multiple places at once by using the ‘Sign out everywhere’ function on your account page.

If other individuals have access to your Spotify account, then they can access personal data, controls and the Spotify Service available in your account. For example, you might have allowed someone to use your account on a shared device.

It’s your responsibility to only allow individuals to use your account where you’re comfortable sharing this personal data with them. Anyone else’s use of your Spotify account may impact your personalized recommendations.

9. Children

Note: This Policy doesn't apply to Spotify Kids except where the Spotify Kids Privacy Policy says so. Spotify Kids is a separate Spotify application.

The Spotify Service has a minimum ‘Age Limit’ in each country or region. The Spotify Service is not directed to children whose age:
  • is under the age of 13 years
  • makes it illegal to process their personal data, or
  • requires parental consent to process their personal data
We do not knowingly collect or use personal data from children under the applicable Age Limit. If you’re under the Age Limit, do not use the Spotify Service, and do not provide any personal data to us. Instead, we recommend using a Spotify Kids account.

If you’re a parent of a child under the Age Limit and become aware that your child has provided personal data to Spotify, contact us.

If we learn that we’ve collected the personal data of a child under the applicable Age Limit, we’ll take reasonable steps to delete the personal data. This may require us to delete the Spotify account for that child.

When using a shared device on the main Spotify Service, be cautious about playing or recommending any inappropriate content to individuals under 18 years old.

10. Privacy Request Metrics

The following chart contains statistics about global requests we received from users between 1 January and 31 December 2023:

Type of request
Received
Complied
Denied
Average response rate
Right to Know / Access
2,375,576
2,375,576
0
9.88 days
Request to Delete
6,367,692
6,367,692
0
15.5 days
Request to Correct*
38
32
6
13.84 days
Request to Opt-Out of Data Sharing for Tailored Ads
78,145,777
78,145,777
0
1 day
*Adjustments in the user account within the Service made either by the user themselves or aided by customer services are not counted as correction requests (e.g., user updated their display name)

11. Changes to this Policy

We may occasionally make changes to this Policy.

When we make material changes to this Policy, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Spotify Service or send you an email or device notification.

12. How to contact us

For any questions or concerns about this Policy, contact our Data Protection Officer any one of these ways:
  • email privacy@spotify.com
  • write to us at: Spotify USA Inc., 150 Greenwich Street, Floor 62, New York, NY 10007, USA
Spotify USA Inc. is the data controller of personal data processed under this Policy.

© Spotify USA Inc.