Reddit's policy on collecting, using, sharing, and protecting user data
Overall Score
Risk by Category
Reddit's Privacy Policy outlines extensive data collection practices including personal information (username, email, phone), user-generated content (posts, comments, messages), technical data (IP address, device info, browser type), inferred location data, and cookies/trackers for analytics and advertising. Data is used for personalization, ad targeting, moderation, and service improvement. Sharing occurs with affiliates, service providers, advertisers (hashed data), legal authorities, and in business transfers. User rights include access, correction, deletion (with limitations for public content), and opt-outs for ads/cookies under GDPR/CCPA. Retention periods vary: public content is permanent, other data as long as account exists or needed for legal/compliance. Security measures include encryption and access controls, but no specific certifications mentioned. International transfers use Standard Contractual Clauses. High transparency but risky due to broad sharing and ad use.
Collects extensive user content, device data, and inferred interests for ads.
Shares hashed IDs and activity data with ad partners for targeting.
User posts are public and retained indefinitely.
Infers location from IP and collects precise location with permission.
Offers opt-out for personalized ads, cookie management, and data download/deletion.
Provides 'Privacy Center' and clear sections on data practices.
Supports rights like access, erasure, and do-not-sell under applicable laws.
Uses encryption in transit/rest and regular audits.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Username, email, phone, password, linked accounts.
Posts, comments, messages, votes, images/videos.
IP address, device ID, browser, OS, usage logs.
IP-based inference, precise GPS with consent.
First/third-party for analytics, ads, functionality.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Uses content and activity to recommend content and target ads.
Aggregates data for analytics, moderation, and feature development.
May use public content for model training (opt-out available).
Sends notifications, newsletters based on activity.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Hashed IDs, activity data for ad targeting.
Analytics (Google), hosting (AWS), payment processors.
Shared within Reddit Inc. companies.
To comply with laws, prevent fraud.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Request data download via account settings.
Delete account/content, but public posts may remain searchable.
Export data in machine-readable format.
Limit personalized ads and targeted marketing.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Retained indefinitely as it's publicly posted.
As long as account active; 30 days post-deletion.
7 years for compliance/tax.
Anonymized indefinitely; personal up to 90 days.
Security & Transparency
TLS for transit, AES for stored data.
Notify users/authorities as required by law.
Role-based access and employee training.
Regular security audits and penetration testing.
Source Text
We collect all posts, comments, IP addresses, device info automatically.
Interpretation
Extremely broad collection increases privacy risk.
Source Text
Use your content and interactions to show relevant ads.
Interpretation
Prioritizes monetization over minimal data use.
Source Text
Share hashed identifiers and activity summaries with partners.
Interpretation
Enables cross-site tracking despite anonymization claims.
Source Text
Access, delete, opt-out options provided.
Interpretation
Strong user controls mitigate some risks.
Source Text
Public content kept forever.
Interpretation
Limits deletion effectiveness for social media.
Account details, all your posts/comments, IP/device info, location inferences, and cookies.