Spotify Managed Accounts
Privacy Notice for Plan Managers
Effective as of 14 October 2025
1. About this Notice
Spotify Family Plan Managers (‘you’) have the ability to create managed accounts for young users who are under the age of 13 ("Managed Accounts"). This privacy notice outlines how Spotify AB (‘we’, ‘us’, ‘our’, ‘Spotify’) processes the personal data of these users. From now on, we’ll call them a “Young Listener” and we’ll call this document the ‘Notice’.
The Notice applies to the Young Listener’s use of Spotify with their Managed Account. For example, this includes:
- their creation and use of their Spotify Managed Account on any device
- the personalization of their Managed Account user experience
- processing of their personal data on the infrastructure required to provide the Spotify service
This Notice is not...
- the Spotify Terms of Use, which is a separate document. The Terms of Use outline the legal contract between you (as the main account holder) and Spotify for using the ‘Spotify Service’ (this phrase is defined in the Terms of Use)
- the Paid Subscription Terms which describe the types of Paid Subscriptions that are available, how they work and any eligibility requirements associated with them
- the Privacy Policy which applies to your own use of Spotify via your own account - this can be found here
- aimed at the Young Listener. You can find privacy information for the Young Listener here. Please help them to review this
2. The Young Listener’s personal data rights and controls
Certain U.S. states have adopted privacy laws that give certain rights to individuals over their personal data. We honor these rights for all residents of the U.S., regardless of where they live.
The table below explains:
- the Young Listener’s rights
- circumstances when those rights apply
- how we make the rights available to the Young Listener, and how you can exercise them on behalf of the Young Listener
|
The Young Listener’s right
|
What it means
|
How you can exercise them on the Young Listener's behalf
|
|---|---|---|
|
Be informed
|
Be informed of the personal data we process about the Young Listener and how we process it.
|
We provide information:
|
|
Know/ Access
|
Request to know and access the personal data we process about the Young Listener.
|
To request a copy of the Young Listener’s personal data from Spotify, either:
When you download the personal data using the ‘Download your data’ tool, you will receive the information about you and the Young Listener that Spotify has to provide under applicable laws. For more information about how we process the Young Listener’s personal data, you can contact us.
|
|
Correction
|
Request that we amend or update the Young Listener’s personal data where it’s inaccurate.
|
The Young Listener’s personal data can be edited by following the steps below:
or by contacting us.
|
|
Deletion
|
Request that we delete certain of the Young Listener’s personal data.
Please note there are situations where Spotify is unable to delete personal data, for example when:
|
There are several ways to delete the Young Listener’s personal data from Spotify:
|
|
Data portability
|
Request a copy of the Young Listener’s personal data in an electronic format, and the right to transmit that personal data for use in another party’s service.
|
For information about how to exercise the Young Listener’s right to portability, see ‘Know/Access’ above.
|
|
Not be subject to automated decision making
|
Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on the Young Listener or produce a similarly significant effect.
|
Spotify does not carry out this type of automated decision making for Managed Accounts or the personal data of Young Listeners.
|
3. Personal data we collect about the Young Listener
These tables set out the categories of personal data we collect about the Young Listener.
|
Collected when you sign the Young Listener up for a Managed Account
or when you or they update any personal data we hold about them
|
|
|---|---|
|
Category
|
Description
|
|
User Data
|
Personal data that we need to create and enable usage of the Managed Account by the Young Listener.
This includes the Young Listener’s:
We receive some of this personal data from you or the Young Listener directly, e.g. from the Managed Account creation page or during the Young Listener’s onboarding. We also collect some of this data from your or the Young Listener’s device e.g. the country the Spotify Service is being accessed from. For more information about how we infer the Young Listener’s country please see ‘Your general (non-precise) location’ in the Usage Data category.
|
|
Throughout the lifetime of the Young Listener’s Managed Account
|
|
|---|---|
|
Categories
|
Description
|
|
Usage Data
|
Personal data collected and processed about the Young Listener when they’re accessing or using the Managed Account.
There are a few types of information this includes, listed in the following sections.
Information about how the Young Listener uses their Managed Account
Examples include:
Information about your control of the Young Listener’s Managed Account
Examples include:
Technical data
Examples include:
General (non-precise) location
General (non-precise) location includes country, region or state. We learn this from technical data we collect, e.g. the Young Listener’s IP address, or language setting.
We need this to:
|
We receive some of the personal data mentioned above from third parties. The below table describes the categories of those third parties.
|
Third party sources that we receive the Young Listener’s personal data from
|
||
|---|---|---|
|
Categories of third parties
|
Description
|
Data categories
|
|
Technical service partners
|
We work with technical service partners that give us certain personal data. This includes mapping IP addresses to non-precise location data (e.g., country or region, city, state).
This makes it possible for Spotify to provide the Spotify Service, content, and features.
We also work with security service providers who help us protect user accounts.
|
User Data
Usage Data
|
4. Our purpose for using the Young Listener’s personal data
The table below sets out:
- our purpose for processing the Young Listener’s personal data
- categories of personal data which we use for each purpose. See more about these categories in Section 3 ‘Personal data we collect about the Young Listener’
|
Purpose for processing data
|
Categories of personal data used for the purpose
|
|---|---|
|
To provide the Spotify Service to the Young Listener in accordance with our contract with you as the main account holder.
For example, when we use the Young Listener’s personal data to:
|
|
|
To diagnose, troubleshoot, and fix issues with the Spotify Service.
|
|
|
To evaluate and develop new features, technologies, and improvements to the Spotify Service.
For example:
|
|
|
To comply with a legal obligation that we are subject to.
This might be:
|
|
|
To comply with a request from law enforcement, courts, or other competent authorities.
|
|
|
To fulfil contractual obligations with third parties.
For example, when we provide pseudonymized data about our users’ listening because we have an agreement with a Spotify rightsholder to do so.
Pseudonymized data means that the Young Listener’s personal data is identified by a code rather than their name or other directly identifying information.
|
|
|
To take appropriate action with reports of intellectual property infringement and inappropriate content.
|
|
|
To establish, exercise, or defend legal claims.
For example, if we are involved in litigation and we need to provide information to our lawyers in relation to that legal case.
|
|
|
To conduct business planning, reporting, and forecasting.
For example, when we look at aggregated user data like the number of new sign ups in a country in order to plan new locations to launch our products and features in.
|
|
|
To keep the Spotify Service secure and to detect and prevent fraud.
For example, when we analyse Usage Data to check for fraudulent use of the Spotify Service.
|
|
5. Sharing the Young Listener’s personal data
This section sets out who receives personal data through the Young Listener’s use of the Spotify Service.
- as a Plan Manager, you can view the Young Listener’s account on their device
- the Young Listener’s profile is not public and cannot be seen by others
- the Young Listener’s display name is visible to you, the Plan Manager, and may be seen by others in certain scenarios, such as where the Young Listener shares a playlist
- the Young Listener’s playlists are private by default and will only be seen by others if the Young Listener chooses to share one of their playlists via a third party service like their email provider. When this sharing occurs, the third party service may store a copy of it to support their features. The processing of this personal data will be subject to that third party service’s own privacy policy
Information we may share with third parties
See this table for details of who we share to and why.
|
Categories of recipients
|
Categories of personal data
|
Reason for sharing
|
|---|---|---|
|
Service providers
|
|
So they can provide their services to Spotify.
These service providers include those we hire to:
|
|
Other Spotify group companies, including companies that Spotify acquires
|
|
To carry out our daily business operations and so we can maintain, improve and provide the Spotify Service and acquired companies’ services to the Young Listener.
For example, enabling our employees who work for different group companies to develop and improve features for the Spotify Service.
|
|
Law enforcement and other authorities, or other parties to litigation
|
|
When we believe in good faith it’s necessary for us to do so, for example:
|
|
Purchasers of our business
|
|
If we were to sell or negotiate to sell our business to a buyer or possible buyer.
In this case, we may transfer the Young Listener’s personal data to a successor or affiliate as part of that transaction.
|
If you (the Plan Manager) give other individuals access to the Managed Account, they will also have access to the personal data and controls relating to the Young Listener. Please think carefully where, for example, you allow use of the Managed Account on a shared device. Please only allow individuals to use the Managed Account or your account if both you and the Young Listener are comfortable sharing the Young Listener’s personal data with them, and you have made the individual aware of this Notice.
6. Data retention
We keep the Young Listener’s personal data only as long as necessary to provide them with a Managed Account and for Spotify’s legitimate and essential business purposes, such as:
- maintaining the performance of the Spotify Service
- making data-driven business decisions about new features and offerings
- complying with our legal obligations
- resolving disputes
Here are some of the categories of our retention periods, and the criteria we use to determine them:
- Personal data retained until you or the Young Listener remove it
Upon request, we may delete certain of the Young Listener’s personal data - see the section on Deletion in Section 2 ‘The Young Listener’s personal data rights and controls’ for more information, and the circumstances in which we can act on these requests.
Certain personal data may also be edited directly from the Spotify Service: for example, the Young Listener’s name can be changed on the Plan Overview page within the settings for their Managed Account. Where you are able to see and update the Young Listener’s personal data yourself or on their behalf, we keep this information until deleted by you or them, unless one of the limited purposes described below applies.
- Personal data that expires after a specific period of time
We have set certain retention periods so that some data expires after a specific period of time. For example, personal data input as part of search queries is generally deleted after 90 days.
- Personal data retained until the Managed Account is deleted
We keep some data until the Managed Account is deleted. For example, we typically keep streaming history for the life of an account to provide retrospective playlists that users enjoy and personalized recommendations that take listening into account. When the Managed Account is deleted, this category of data is deleted or de-identified (which means it’s no longer capable of being linked to the Young Listener).
- Personal data retained for extended time periods for limited purposes
After the Managed Account is deleted, we keep some data for a longer time period but for very limited purposes. For example, we may be subject to legal or contractual obligations that require this. These may include mandatory data retention laws, government orders to preserve data relevant to an investigation, or data kept for the purposes of litigation. We may also keep data that has been removed from Spotify for a limited period of time. This could be:
- to help ensure user safety, or
- to protect against harmful content on our platform
On the other hand, we will remove unlawful content if the law requires us to do so.
7. Transfer to other countries
Because of the global nature of our business, Spotify shares personal data internationally with Spotify group companies, subcontractors and partners when carrying out the activities described in this Notice. They may process the Young Listener’s personal data in countries whose data protection laws are not considered to be as strong as laws which apply where you or the Young Listener live. For example, they may not make available the same rights over personal data.
- whenever we transfer personal data internationally, we use tools to make sure the data transfer complies with applicable law.
We also identify and use additional protections as appropriate for each data transfer. For example, we may use:
- technical protections, such as encryption and pseudonymization
- policies and processes to challenge disproportionate or unlawful government authority requests
8. Keeping personal data safe
We’re committed to protecting our users’ personal data. We put in place appropriate technical and organizational measures to help protect the security of personal data. However, be aware that no system is ever completely secure.
We have put various safeguards in place to guard against unauthorized access and unnecessary retention of personal data in our systems. These include pseudonymization, encryption, access, and retention policies.
9. Changes to this Notice
We may occasionally make changes to this Notice. When we make material changes to this Notice, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Spotify Service or send you an email or device notification. You should read this carefully and ensure you and the Young Listener are comfortable with any changes we make to how their personal data is processed.
10. How to contact us
For any questions or concerns about this Notice, contact our Data Protection Officer by either:
- emailing privacy@spotify.com
- writing to us at: Spotify USA Inc., 150 Greenwich Street Floor 62, New York, NY 10007 USA
Spotify USA Inc. is the data controller of personal data processed under this Notice.
© Spotify USA Inc.