BrowsePopularContact UsAbout Us

How to Delete Your Data From 23andMe: What You Need to Know

23andMe holds some of the most personal data imaginable — your genetic profile, health predispositions, ancestry composition, and family connections. Understanding how to delete that data, and what "deletion" actually means in this context, is more nuanced than removing a social media account.

What Data Does 23andMe Actually Store?

Before you delete anything, it helps to know what you're dealing with. 23andMe stores several distinct categories of data:

  • Genetic data — the raw DNA profile derived from your saliva sample
  • Self-reported information — survey responses, health history, and preferences you've submitted over time
  • Profile and account data — name, email, date of birth, and billing details
  • Research consents — permissions you granted for your data to be used in aggregate studies
  • Physical saliva sample — the biological specimen itself, if not already destroyed

These aren't all deleted through the same process, and some have different retention rules depending on legal requirements or prior consent choices.

The Two Main Deletion Paths 🧬

1. Closing Your Account

Closing your 23andMe account removes your profile and associated personal information from their active systems. To do this:

  1. Log into your account at 23andme.com
  2. Navigate to Settings (found under your name in the top-right)
  3. Scroll to the 23andMe Data section
  4. Select Delete Account and follow the confirmation steps

After account closure, 23andMe states that personal information is deleted or de-identified from their systems, subject to legal retention obligations. However, genetic data that was previously contributed to research may remain in anonymized, aggregate datasets — a point buried in many users' original consent agreements.

2. Requesting Genetic Data Destruction

Separately from closing your account, you can request that your physical saliva sample and any stored extracted DNA be destroyed. This is not automatic when you close your account.

To request sample destruction:

  1. Go to Settings → 23andMe Data → Genetic Data
  2. Look for the option to Revoke consent and request destruction of your biobank sample

This process typically takes several weeks, and you'll receive a confirmation email. Once destroyed, this cannot be undone — you would need to re-test if you ever wanted to use the service again.

What Happens to Data Already Used in Research?

This is where it gets complicated. If you previously opted into research participation — which many users do during sign-up without closely reading the terms — your de-identified genetic data may already be part of aggregate research datasets.

De-identified data means your name and direct identifiers have been removed, but the genetic patterns remain. Under most privacy frameworks, including HIPAA in the US, de-identified data is no longer legally considered "your" data. 23andMe's policy generally states that data already used in completed research cannot be retroactively removed.

If research participation concerns you, you can revoke future research consent through the same Settings → Research & Product Consent section, which stops further use — but doesn't undo past contributions.

Downloading Your Data Before You Delete

Many users want a copy of their raw genetic data before closing their account. 23andMe allows this:

  1. Go to Settings → 23andMe Data → Raw Data
  2. Click Download
  3. You'll receive an email with a secure download link

The raw data file is a compressed text file (.txt) containing your genotype results. Keep in mind this file is sensitive — it should be stored securely and treated with the same care as any health record.

Key Variables That Affect Your Situation

FactorWhy It Matters
When you signed upConsent agreements have changed over time; earlier users may have broader research opt-ins
Whether you opted into researchDetermines how much of your data is in aggregate datasets
State or country of residenceCCPA (California), GDPR (EU), and other privacy laws grant different deletion rights
Whether your sample was biobankedNot all samples are stored; some labs destroy them after processing
Family connections on the platformRelatives who tested may retain shared DNA segments in their own profiles

Privacy Laws and Your Rights

Your legal rights around deletion vary significantly by location:

  • California residents (CCPA) have the right to request deletion of personal information and to know what data is sold or shared
  • EU/UK residents (GDPR) have a "right to erasure," though exceptions exist for scientific research purposes
  • Other US residents operate under more limited federal protections, relying primarily on 23andMe's own policies

If you believe a deletion request hasn't been honored, both CCPA and GDPR provide mechanisms to escalate to a Data Protection Officer or relevant regulatory body. 23andMe's privacy team can be contacted directly through their privacy portal for formal requests.

The Complication of Connected Family Data 🔍

One detail many users don't anticipate: deleting your own data doesn't erase what relatives have shared. If a sibling or parent has tested, their profile still contains genetic segments that overlap with yours. This is a structural feature of how DNA testing works — your genome exists in fragments across every biological relative who has tested.

This doesn't mean deletion is pointless. Removing your own profile, sample, and direct data meaningfully reduces your exposure — but it's worth understanding that genetic privacy is never fully individual.

Not All "Deletion" Is Equal

There's a meaningful spectrum between what different users experience when they request deletion. Someone who created an account recently, never opted into research, and has no relatives on the platform can achieve fairly clean removal. Someone who signed up years ago, participated in health research studies, and has dozens of DNA relatives still active has a fundamentally different starting point.

The process itself is straightforward — the complexity lies in understanding what was already shared, under which consent terms, and what your local privacy laws actually guarantee. Your specific consent history and jurisdiction determine how much of that data is truly retrievable.