Sticky Banner Visual DesktopSticky Banner Visual Mobile

Only 9 days to kickoff. Get your World Cup VPN: 80% OFF.

Only 9 days to kickoff. Get ready with: 80% OFF. Try it risk-free.

Try it risk-free.
  • What does AncestryDNA testing involve?
  • Privacy considerations for DNA ancestry testing
  • How AncestryDNA handles your data and physical sample
  • How to protect your DNA data
  • FAQ: Common questions about AncestryDNA
  • What does AncestryDNA testing involve?
  • Privacy considerations for DNA ancestry testing
  • How AncestryDNA handles your data and physical sample
  • How to protect your DNA data
  • FAQ: Common questions about AncestryDNA

Is AncestryDNA safe? What to know before sharing your genetic data

Featured 02.06.2026 11 mins
Husain Parvez
Written by Husain Parvez
Anneke van Aswegen
Reviewed by Anneke van Aswegen
Lora Pance
Edited by Lora Pance
is-ancestrydna-safe

DNA testing has become a popular way to explore family history and ethnicity, but it also raises some privacy concerns. Before that kit goes in the mail, it's worth asking: Is it safe to give your DNA to Ancestry?

It's not only a question of whether the company is reputable. It also depends on what information is shared, what consent is given, and how the results are handled.

This guide explains what AncestryDNA testing involves, how the company handles customer data, the privacy risks to consider, and how to protect your personal information.

What does AncestryDNA testing involve?

AncestryDNA testing involves ordering a home DNA kit, activating it online, and mailing a saliva sample to Ancestry’s lab for analysis. After processing, you receive ancestry-related results linked to your account, including ethnicity estimates and DNA matches.

According to Ancestry, ethnicity estimates are based on comparisons between a customer’s DNA and reference panels, so results may change when Ancestry updates its data or methods. DNA matches also depend on who else has tested and is available through AncestryDNA matching.

Ancestry’s Terms and Conditions state that its DNA Services are intended for informational, recreational, educational, and personal research use. They also state that DNA information should not be used for medical or diagnostic purposes, law enforcement, paternity testing, judicial proceedings, discriminatory purposes, or illegal activity.

Privacy considerations for DNA ancestry testing

Most of these risks apply to consumer DNA services in general, not just to Ancestry. They stem from the nature of genetic data, how these services operate, and what happens once sensitive information is stored, shared, downloaded, or linked to other people.

Read more: Are DNA tests safe? Privacy risks to know before sharing your genetic data.Privacy considerations of AancestryDNS testing

Data breaches and account exposure

DNA databases can be attractive targets because they contain information that’s personal, identifying, and difficult to replace. Unlike a password, genetic data can’t be changed after a breach.

Consumer genetic testing has drawn broader regulatory attention. For example, the Federal Trade Commission (FTC) has taken action against other genetic testing companies over alleged issues with genetic data security, deletion claims, and changes to privacy policies.

There’s also a difference between company-side security and account-side exposure. Even when a service offers security controls, attackers may use credential stuffing, which involves trying reused login details from unrelated breaches. That can expose match details, profile information, or other account-linked data, even when the original DNA testing platform wasn’t the source of the leaked password. DNA data can also become harder to control once it's downloaded, shared, or moved outside the original platform.

Also read: 23andMe data breach: What happened and how to protect your data.

Law enforcement and government access

Ancestry states that it doesn’t allow law enforcement to use its services to investigate crimes or identify human remains. It also says it requires a valid legal process and, at a minimum, a court order or search warrant before it will consider producing customer DNA data.

Ancestry also publishes transparency reports on government and law-enforcement requests for customer data. These reports show how often the company receives legal requests and how it responds.

That said, Ancestry's restrictions only apply to Ancestry. Once people upload DNA data to other genealogy databases, those services’ terms and law-enforcement policies apply instead. Some services may allow forensic genealogy under their own terms.

Insurance and employment discrimination

A common concern is that DNA results could be used by an insurer or employer. In the U.S., the Genetic Information Nondiscrimination Act (GINA) offers federal protections against genetic discrimination, but only in health insurance and employment.

Note: GINA generally doesn’t apply to life, disability, or long-term care insurance. Some state laws may offer extra protections, but those rules vary.

Outside the U.S., protections also differ. In the U.K., insurers' use of genetic tests is limited by the Code on Genetic Testing and Insurance. In the EU, genetic data is treated as sensitive personal data under the General Data Protection Regulation (GDPR), but employment and insurance rules can still vary by country.

Exposure of biological relatives who never tested

A DNA test isn't only about the person who takes it. Because relatives share DNA, one person’s test can reveal information about biological family members who never agreed to be tested.

That can be positive when someone wants to find relatives or build a family tree. But it can also surface sensitive discoveries, such as misattributed parentage, donor conception, adoption, or relatives who expected to stay private.

Company sale, bankruptcy, or shutdown

What happens to the company itself is another risk worth weighing. This isn't about Ancestry specifically, but a general risk for any service that holds genetic data long-term.

Ancestry’s Privacy Statement explains that personal information may be transferred if a buyer acquires the company in the course of bankruptcy, insolvency, or similar proceedings. That kind of clause is common in privacy policies, but it matters more when the data involved is genetic.

The 23andMe bankruptcy and sale process brought this concern into focus. In 2025, the California Attorney General issued a consumer alert after 23andMe reported financial distress, reminding Californians that they could request deletion of genetic data and destruction of stored samples. Later that year, 23andMe said its sale to TTAM Research Institute had received court approval and that TTAM committed to comply with the company’s privacy policy and applicable laws.

How AncestryDNA handles your data and physical sample

AncestryDNA collects more than the saliva sample you mail in, and it doesn’t handle all types of information the same way.

What data Ancestry collects and how long they keep it

According to its Privacy Statement, when you take an AncestryDNA test, partner laboratories extract DNA from your sample and converts into machine-readable DNA data. Ancestry uses that DNA data to provide ancestry-related features, including ethnicity estimates, DNA matches, traits, inherited-DNA information, and related insights.

Ancestry also collects information tied to your account and use of the service. This may include your name, email address, account credentials, payment and billing details, birthdate, assigned sex at birth, profile information, family tree details if added, and survey answers if provided.

According to Ancestry, retention depends on the type of information. Account and profile information stays in place until the account is deleted. Family tree data is kept until the tree or account is deleted. DNA data remains until DNA test results or the account is deleted.

Ancestry’s Privacy Statement lists several uses for personal information, including:

  • Providing DNA results.
  • Identifying possible relatives.
  • Improving features.
  • Conducting research where applicable.
  • Developing new products.

How Ancestry protects user data

According to Ancestry’s Privacy Statement, the company maintains an information security program with administrative, physical, and technical safeguards based on the sensitivity of the personal information collected. Ancestry also states that it uses secure server software to encrypt personal information, including genetic information, and only works with security companies that meet and commit to its security standards. However, Ancestry also notes that it can’t guarantee that data loss, misuse, or alteration will never occur.

Ancestry says DNA samples and DNA test results are stored without names, addresses, or other common identifying information. It also states that access is limited to authorized individuals and that partner laboratories use activation codes rather than names or contact details during testing.

What happens to your physical DNA sample

Digital DNA data is separate from the physical sample, which is handled differently after testing. The sample is the biological material you send in for testing. According to Ancestry’s terms, after processing, Ancestry may store the remaining sample and the extracted DNA in its U.S. biobank or destroy them, based on the option selected when registering the test. You can also withdraw consent for biobanking, after which Ancestry says it will destroy the sample and extracted DNA.

If storage is selected, the sample and extracted DNA may support future testing, subject to the relevant consent. Digital DNA data and stored biological samples are controlled separately, so deleting DNA results doesn't necessarily mean a stored sample has also been destroyed.

AncestryDNA privacy controls and choices

According to Ancestry, users can manage several privacy and account settings, including DNA matching, profile visibility, research participation, raw DNA downloads, test deletion, account deletion, and sample-destruction requests.

DNA matching is one of the main visibility settings. If it’s enabled, Ancestry states that matches may see match-related information, such as a username or display name, predicted relationship, shared DNA information, shared or in-common ancestral regions and journeys, traits, and linked family tree information made available through the relevant settings.

Research participation is a separate consent choice. If research consent is given, Ancestry states that de-identified genetic and related information may be shared with research partners. Withdrawing consent can stop future research use, but information can’t be withdrawn from studies already in progress, completed studies, or published results.

How to protect your DNA data

No test is fully private, but you can make more informed choices before and after taking one. The goal is to limit unnecessary sharing, understand your consent choices, and avoid moving your DNA data to services with different privacy and security rules.Checklist showing ways to protect DNA data.

What to weigh before testing

Before buying a DNA test, consider:

  • Unexpected family discoveries.
  • Research participation.
  • Possible company ownership changes.
  • Moving DNA data outside Ancestry.
  • Long-term DNA retention.

Legal protections for genetic data vary by country and type of use, including insurance and employment.

How to delete your DNA data

If you no longer want Ancestry to keep your DNA results, you can delete DNA test results from your account. This can be done from the DNA Settings page by choosing the option to delete DNA test results and confirming the request.

This permanently removes your access to DNA features connected to that test, including ethnicity estimates, DNA matches, Traits, ThruLines (AncestryDNA’s feature for suggesting how DNA matches may connect through likely common ancestors), and other DNA insights linked to your account.

Ancestry's Privacy Statement states that deleted DNA data is removed from key systems within 30 days, and shared test access is revoked.

Deleting DNA results is separate from deleting your full Ancestry account. Account deletion is broader and permanently removes account information, family trees, records, photos, and DNA data.

If you shared DNA results or family tree information with other users in the past, deleting your account or DNA results may not remove copies they already saved or retained.

As mentioned earlier, deleting DNA results doesn’t necessarily destroy a stored biological sample. Sample destruction can be requested by contacting Member Services.

How to reduce your exposure further

A handful of precautions can keep your DNA information more secure and contained:

  • Use a strong, unique password you don't reuse on other sites, so a leaked password alone isn’t enough to access the account.
  • Turn on multi-factor authentication (MFA), or two-step verification (2FA), so a leaked password alone isn’t enough to access the account.
  • Be cautious with raw DNA downloads. Ancestry states that once DNA data is downloaded, that copy is no longer protected by its security measures.
  • Consider using an Ancestry username rather than a full legal name as the display name, since display-name choices affect what other users may see.
  • Read a third-party service's privacy terms before uploading your DNA there, since that service’s privacy and security rules will apply.

FAQ: Common questions about AncestryDNA

Can AncestryDNA sell my genetic data?

Ancestry states that it doesn’t sell or share genetic information with external marketing companies, insurers, or employers, and that it doesn't use it for marketing or personalized advertising without separate express consent. It also lets users control research participation. However, Ancestry notes that personal information could be transferred if the company is sold, merged, or involved in bankruptcy or similar proceedings.

Can family members be affected by my DNA test?

Yes. Because relatives share DNA, one person’s test can reveal information about biological family members who never took a test.

How long does Ancestry keep DNA data?

Ancestry states that it keeps DNA data until you delete your DNA test results or your account. It also says deleted DNA data is removed from key systems within 30 days.

Is DNA testing safe for children?

According to Ancestry's Terms and Conditions, a parent or legal guardian may activate a DNA test for a minor child and become the account manager for that test. Because a child’s ability to consent is limited and genetic data can have long-term privacy implications, parents should consider sample storage, DNA matching, research participation, and future privacy impacts in advance.

Can DNA results impact insurance or employment?

In the U.S., federal law protects against some forms of genetic discrimination in health insurance and employment. But those protections generally don’t extend to life, disability, or long-term care insurance. Outside the U.S., protections vary by country; for example, the U.K. limits insurer use of genetic tests, while the EU treats genetic data as sensitive personal data under the General Data Protection Regulation (GDPR).

What should I check before buying a DNA test?

Review the company’s privacy policy, research consent options, sample storage policy, deletion tools, DNA matching settings, and account security features before testing.

Take the first step to protect yourself online. Try ExpressVPN risk-free.

Get ExpressVPN
Content Promo ExpressVPN for Teams
Husain Parvez

Husain Parvez

Husain Parvez is a writer at the ExpressVPN Blog specializing in consumer tech, VPNs, and digital privacy. With years of experience simplifying cybersecurity and software topics into clear, actionable guidance, he helps readers navigate the online world with confidence. A hands-on tech enthusiast, Husain enjoys taking gadgets apart to see how they work, and when he’s not writing, he can be found debating the finer points of cricket or watching a horror movie marathon.

  • RELATED POST
  • MORE FROM THE AUTHOR
How to Stop Google Photos backup on Android, iPhone, and PC
How to Stop Google Photos backup on Android, iPhone, and PC
Jennifer Pelegrin 02.06.2026 17 mins
Gmail confidential mode: What it does and how to use it
Gmail confidential mode: What it does and how to use it
Sayb Saad 02.06.2026 7 mins
Is Grammarly safe to use? What to know about data and privacy
Is Grammarly safe to use? What to know about data and privacy
Hendrik Human 01.06.2026 22 mins
CAN-SPAM Act explained: What it means for your inbox
CAN-SPAM Act explained: What it means for your inbox
Raven Wu 01.06.2026 5 mins
What is a Raspberry Pi? How it works and what it’s used for
What is a Raspberry Pi? How it works and what it’s used for
Michael Pedley 01.06.2026 7 mins
Google Gmail AI security: How to protect your inbox, privacy, and data
Google Gmail AI security: How to protect your inbox, privacy, and data
Husain Parvez 30.05.2026 13 mins
What is a digital bank and is it the right choice for you?
What is a digital bank and is it the right choice for you?
Husain Parvez 21.05.2026 11 mins
IMAP vs. POP3: What you need to know before choosing an email protocol
IMAP vs. POP3: What you need to know before choosing an email protocol
Husain Parvez 21.05.2026 11 mins
What is screen sharing? A practical guide to safer online collaboration
What is screen sharing? A practical guide to safer online collaboration
Husain Parvez 14.05.2026 10 mins
What is remote printing and how it makes printing from anywhere easy
What is remote printing and how it makes printing from anywhere easy
Husain Parvez 13.05.2026 12 mins
Windows 11 privacy guide: Essential settings to protect your data
Windows 11 privacy guide: Essential settings to protect your data
Husain Parvez 07.05.2026 16 mins
How to find your Raspberry Pi IP address quickly and easily
How to find your Raspberry Pi IP address quickly and easily
Husain Parvez 29.04.2026 7 mins

ExpressVPN is proudly supporting

Get Started