Supplemental U.S. State Privacy Notice

Last Updated: 29 June 2023

California, Colorado, Connecticut, Utah, and Virginia have enacted consumer privacy laws that grant their residents certain rights and require specific disclosures ("State Laws"). This Supplemental U.S. State Privacy Notice ("Notice") addresses these state-specific requirements and also serves as our California notice at collection.

If you are a resident of one of the states listed above, this Notice, together with our Privacy Policy, applies to you. In particular, this Notice applies to your use of:

  • all Spotify streaming services as a user; and
  • other Spotify services which include a link to this Notice. These include Spotify websites, Customer Service and the Community Site

From now on, we'll collectively call these the "Spotify Service".

We may update this Notice from time to time. If we make changes, we will notify you by revising the Last Updated date above. If we make material changes, we will provide you with additional notice (such as by adding a statement to our websites and mobile apps or sending you a notification). We encourage you to review this Notice regularly to stay informed about our information practices and the choices available to you.

Contents

Collection, Use, and Disclosure of Personal Information

As described in our Privacy Policy, we collect, use, and disclose personal information about you. As required by certain state laws, we use two different tables below to explain this same information, including the categories of personal information we collect (and have collected over the preceding 12 months), types of recipients to which we disclose such information, and the ways we use each category of information.

Collection, Use, and Disclosure of Personal Information for Business Purposes

Categories of Recipients Categories of Personal Information Uses of Personal Information (i.e., our reason for disclosing)
Hosting providers, and other technical and operational service providers
  • Identifiers (such as your name, email address, device identifier or IP address)

  • Commercial information (such as your purchase history)

  • Geolocation data (i.e., the street address you have provided to us in your account settings and/or your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data.

  • Internet or other electronic network activity information (such as information from cookies and your interactions with Spotify)

  • Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)
  • Inferences (i.e., your interests and preferences based on your usage of the Spotify Service and data obtained from our advertising partners.)
 So they can help us provide the Spotify Service including those we hire to:
  • operate the technical infrastructure we need to provide the Spotify Service

  • assist in protecting and securing our systems and services (e.g., Google’s reCAPTCHA)
Customer Service Providers
  • Identifiers (such as your name, email address, device identifier or IP address)
  • Commercial information (such as your purchase history)

  • Geolocation data (i.e., the street address you have provided to us to set up your account and/or your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data.

  • Internet or other electronic network activity information (such as information from cookies and your interactions with Spotify)

  • Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)
  • Inferences (i.e., your interests and preferences based on your usage of the Spotify Service and data obtained from our advertising partners.)
 So they can help us to:
  • give customer support

  • verify your eligibility for certain types of Service Options (e.g., Spotify Premium Student)
Payment partners
  • Identifiers (such as your name, email address, device identifier or IP address)

  • Commercial information (such as your purchase history)

  • Geolocation data (i.e., the street address you have provided to us to set up your account and/or your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data.
 So they can process your payments, and for anti-fraud purposes.
Analytics and measurement providers
  • Identifiers (such as your name, email address, device identifier or IP address)

  • Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)

  • Internet and electronic network activity information (such as information from cookies and your interactions with Spotify)

  • Geolocation data (i.e., your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data.
 So they can help us analyze trends and statistics, learn more about your preferences, and improve the Spotify experience, including to:
  • help us measure the effectiveness of ads

  • help us and our partners to measure the effectiveness of Spotify promotions
Ticketing and event partners
  • Identifiers (such as your name and email address)

  • Commercial information (such as your purchase history)

 For every event for which we sell tickets, we will need to disclose your name, email or other order details to our event partners such as ticketing agents or the venue box office where the event is taking place so that you can check-in as a verifiable guest who purchased tickets through Spotify’s ticketing platform.
Other Spotify group companies, including companies that Spotify acquires
  • Identifiers (such as your name, email address, device identifier or IP address)

  • Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)

  • Internet and electronic network activity information (such as information from cookies and your interactions with Spotify)

  • Geolocation data (i.e., the street address you have provided to us in your account settings and/or your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data.

  • Commercial information (such as your purchase history)

  • Inferences (i.e., your interests and preferences based on your usage of the Spotify Service and data obtained from our advertising partners.)
 To carry out our daily business operations and so we can maintain, improve and provide the Spotify Service and acquired companies’ services to you.
For example:
  • enabling our employees who work for different group companies to develop and improve features for the Spotify Service

  • disclose data to our measurement companies to measure the effectiveness of ad campaigns that run on the Spotify Service

  • Disclose data to our podcast companies to better understand user listening trends
Law enforcement and other authorities, or other parties to litigation
  • Identifiers (such as your name, email address, device identifier or IP address)

  • Internet or other electronic network activity information (such as information from cookies and your interactions with Spotify)

  • Commercial information (such as your purchase history)

  • Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)

  • Geolocation data (i.e., the street address you have provided to us in your account settings and/or your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data.

 When we believe in good faith it’s necessary for us to do so, for example:
  • to comply with a legal obligation

  • to respond to a valid legal process (such as a search warrant, court order, or subpoena)

  • for our own or a third party’s justifiable interest, relating to:
    • national security
    • law enforcement
    • litigation (a court case)
    • criminal investigation
    • protecting someone’s safety
    • preventing death or imminent bodily harm

Personal Information that we "Share" (as defined under California law) or Use for "Targeted Advertising"

We disclose the following categories of personal information to third parties for the purpose of engaging in targeted advertising and other marketing activities, including to expand the reach and effectiveness of our own marketing campaigns and for the third parties' own marketing purposes. These disclosures may be considered "sharing" or use of personal information for "targeted advertising" under certain state laws and you have the right to opt out of having your personal information used or disclosed for these purposes. See the "Opting Out of Sharing and Targeted Advertising" section below for details about opting out.

Categories of Personal Information “Shared” or used for Targeted Advertising Categories of Recipients
Identifiers (such as your name, profile name, email address, device identifier or IP address) Advertising and marketing partners
Commercial information (such as your purchase history) Advertising and marketing partners
Internet and electronic network activity information (such as information from cookies and your interactions with Spotify) Advertising and marketing partners
Characteristics of protected classifications under California or U.S. law (i.e., your age and gender) Advertising and marketing partners
Geolocation data (i.e.,your non-precise location as derived from your IP address). We do not collect or disclose precise geolocation data. Advertising and marketing partners

Other details about our information practices

  • As described in more detail in Section 3 of our Privacy Policy, we collect personal information from different sources, including: directly from you; automatically when you access or use our Services; and from third-party sources, such as third party applications, services and devices you connect to your Spotify account.
  • We do not knowingly "share" personal information about consumers under the age of 16 for cross-context behavioral advertising without their consent.
  • We do not collect information that is considered "sensitive" under state privacy laws.
  • As described in more detail in Section 6 of our Privacy Policy, we retain personal information only as long as necessary to provide you with the Spotify Service and for Spotify's legitimate and essential business purposes, such as:
    • maintaining the performance of the Spotify Service
    • making data-driven business decisions about new features and offerings
    • complying with our legal obligations
    • resolving disputes

Additional Privacy Rights and Opt-Out Instructions

Opting out of "sharing" (as defined under California law) and targeted advertising. As described in the "Personal Information that we "Share" or Use for "Targeted Advertising" section above and in the "Tailored advertising controls" section in our Privacy Policy, you have the right to opt out of having your personal information "shared" or used for targeted advertising. You may opt out by navigating to 'Tailored Ads' in your account's Privacy Settings page. If you do not have an account or are not logged in, you can also opt-out by clicking the "Your Privacy Choices" link in the footer of our website. If you are a resident of California, you can also opt out by visiting our Services with a legally recognized opt-out preference signal enabled, such as the Global Privacy Control. Please note that you may need to renew your opt-out choice if you visit the Spotify Services with another device or browser, or if you clear your cookies.

Access, Correction, and Deletion. As described in Section 2 of our Privacy Policy, you have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information. To make an access request, use the "Download your data" tool in your account Privacy Settings. To request deletion of your personal information, please follow the steps on our support page. To request correction, you can edit your User Data under 'Edit profile' in your account. You can also make a request by contacting us.

Nondiscrimination. We will not discriminate against you for exercising your privacy rights.

Authorized Agents. If you reside in California, Colorado, or Connecticut, you may designate an authorized agent to submit a privacy rights request on your behalf. We may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may be required to contact the consumer to verify his or her identity or confirm the authorized agent has permission to submit the request. Authorized agents can submit rights requests by following the instructions provided above.

Appeals. If your request is denied you may have the right to appeal the denial in accordance with the instructions provided to you when the denial was made.

California Request Metrics

The following chart contains statistics about global verifiable requests we received from consumers between 1 January and 31 December 2022:

Type of request Received Complied Denied Average response rate
Right to Know / Access 764,451 764,451 0 12 days
Request to Delete 4,149,899 4,149,899 0 15.5 days

Contact Us

For any questions or concerns about this Notice, contact our Data Protection Officer any one of these ways:

  • email privacy@spotify.com
  • write to us at: Spotify USA Inc., 150 Greenwich Street, Floor 62, New York, NY 10007, USA

Spotify USA Inc. is the data controller of personal data processed under this Notice.

© Spotify USA Inc.