Skip to content

Updated August 21, 2024

En español | AARP is committed to maintaining your trust by respecting and protecting your privacy. This Privacy Policy describes why and how we collect, use, share, and protect Personal Information (as defined below) collected from and about members, volunteers, donors, program participants, job applicants, and others – both online and offline. It also explains your choices regarding how we share your Personal Information and communicate with you, how you can request access to and correction of your Personal Information, and other important considerations.

By providing us your Personal Information or by using our websites or apps, you consent to our handling of Personal Information as described in this Privacy Policy. We urge you to read it carefully and contact us with any questions.

Member Benefit Providers – Member Benefit Providers are providers of licensed products and services, as well as providers of discounts on groceries and meal delivery services and online gift retailers. You can see the list of Member Benefit Providers here.

Personal Information This includes information that identifies or relates to an identifiable person. Personal Information does not include information that has been anonymized. This includes data such as your name, address, email address, phone number, and data that is linked to such Personal Information, such as demographic data, AARP passwords, payment data, device and usage data, and location data.

Providers Member Benefit Providers and Service Providers are collectively referred to as Providers throughout this Privacy Policy.

Service Providers – Service Providers are vendors, contractors, suppliers, and other unaffiliated entities that provide products and services to AARP, including advertising platforms.

This Privacy Policy applies to Personal Information that AARP and its affiliates collect, use, share, and otherwise handle. This Privacy Policy does not apply to data that is not Personal Information or is not linked to Personal Information, including anonymous, de-identified, or aggregate data, which cannot reasonably be used to identify you – even when such data has been derived from Personal Information – and publicly available information (i.e., information that is lawfully made available from federal, state, or local government records).

Except as described below, this Privacy Policy applies to all operations of AARP, a nonprofit organization, and each of its subsidiaries and affiliates, such as AARP Foundation and AARP Services, Inc. (together “AARP”). This Privacy Policy does not apply where an AARP website or app points to a different governing policy. You can find the governing privacy policy in our websites’ footers or in our apps’ menus or settings.

We may collect, use, and share Personal Information in a variety of ways that depend on the purpose for which the Personal Information was collected. Please see the information contained at the links below, sorted based on the type of consumer engaging with AARP:

You have certain rights with regard to how we handle your Personal Information. These rights, and the means to submit a request to exercise each of them, are described below. We will make reasonable attempts to comply with such requests but may refuse requests:

  • Where there is risk to the privacy of others,
  • That are impractical,
  • That are unreasonably repetitive,
  • That require a disproportionate technical effort, or
  • Where prohibited by law.

If you would like to know about the Personal Information we currently have about you, you may do so by logging into your AARP account on AARP.org or the AARP Now app, by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us.

If you wish to request changes to certain Personal Information we have collected about you that you believe is not accurate, you may do so by logging into your AARP account on AARP.org or the AARP Now app, by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us.

If you would like to request that we no longer sell or share your Personal Information to AARP Providers and/or unaffiliated nonprofit organizations, you may do so by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us. If you make such a request, it will not prevent such third parties from using any Personal Information we provided them prior to completing the opt-out process, or any data they have collected directly from you or others.

If you would like to request that we no longer share your Personal Information with third parties to assist them in delivering advertising tailored to your interests, including allowing them to track your activity on our site, you may do so by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us. If you make such a request, it will not prevent such third parties from using any Personal Information we provided them prior to completing the opt-out process, or any data they have collected directly from you or others. For more options and information related to behavioral advertising, please see the “Targeted Advertising” section below.

If you would like to request that we delete your Personal Information and communicate your request to our Providers, you may do so by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us. If you make such a request, it will not prevent such third parties from using any Personal Information they have collected directly from you or others. We will make reasonable attempts to comply with such requests where applicable but may refuse requests where we are otherwise legally required to retain the data or where the requests are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or are impractical.

If you would like to request that AARP limit its collection and use of sensitive Personal Information and sharing of that information with AARP Providers, you may do so by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us. If you make such a request, it will not prevent such third parties from using any Personal Information they have collected directly from you or others.

You may choose to opt out of some future communications (mail, email, phone) from AARP. You can do so by visiting the Your Privacy Choices page and submitting a request, or by Contacting Us. We will honor opt-out requests as soon as practical and as required by applicable law.

Email

You can also opt out by clicking on the “unsubscribe” links in the footer of our emails. Please note that when opting out of emails, you may still receive “transactional” emails, which contain information you specifically request or information related to your membership purchase or renewal.

Phone or Text Messages

You can also opt out by following the contact instructions we provide in the phone call or replying “STOP” to any text message to which you’ve previously consented.

Right to No Retaliation

You have the right to not be discriminated against for exercising any of these rights. If you believe you have suffered retaliation by exercising any of the above rights, please Contact Us.

We do not currently process or respond to “Do Not Track” signals from your browser. As described below, we participate in online advertising networks administered by third parties, which may track your online activities over time, across third-party websites, and across devices. However, you may request that AARP not share your Personal Information for purposes of third-party advertising as described above in the “Right to Opt Out of Sharing for Targeted Advertising” section. Also, you may opt out of interest-based and other targeted advertising as set forth below in the “Targeted Advertising” section. Even if you opt out of such ads, AARP may continue to collect and use online activity data on our websites and in our apps for other purposes.

Most web browsers can be set to reject cookies or provide notice when cookies are placed on your device. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences. Although it is up to you whether to accept cookies from our websites, if you reject cookies, certain functions on our sites may not work properly, and your ability to use some areas of the websites may be limited. It is also important to note that the opt-out mechanisms described in the “Targeted Advertising” section below generally rely on cookies to retain your opt-out preferences. So if you reject or erase cookies, your opt-out choices may not function properly.

Our analytics providers for websites and apps, primarily Adobe and Google Analytics, may collect Personal Information associated with your visits to our websites and use of our apps in order to assist us with analyzing and assessing our digital properties. You can, however, opt out of certain data collection by these analytics providers. To learn more about Adobe Analytics and how to opt out of their data collection, click here. To learn more about Google Analytics and how to opt-out of their data collection, click here.

We collect data (both directly and through third parties) about your activities on our websites and apps and may combine it with other Personal Information we have about you for use in providing more customized experiences, including advertising tailored to your individual interests. We may also share data about activities on our websites with advertising networks administered by third parties, which may use many of the same or similar technologies previously discussed (such as cookies, web beacons, and analytics tools) to track your online activities over time and across websites. This collection and ad targeting takes place both on our websites and apps and on third-party digital properties that participate in those ad networks. As a result, you may see certain ads on other websites based on prior activity on our websites and apps, and vice versa.

The Digital Advertising Alliance (DAA) has created guidance for online advertisers and provided the “AdChoices” mechanism for such advertisers to comply with users’ choices regarding the placement of interest-based ads. By clicking on the AdChoices icon presented in the corner of each ad served by participants in the AdChoices program, you will be directed to a webpage to allow opt-outs from that ad network and/or for all ad networks participating in the AdChoices program. To learn more about ad networks, including how to opt out of interest-based ads, click here.

It is important to note that your choice to stop targeted advertising is specific to the browser you are using. If you make a choice to opt out from one computer browser and you want your opt-out to apply to a different computer and/or browser, you must also opt out from that computer and/or browser. It is also important to note that most of these choices are cookie-based. If you delete cookies after making an opt-out choice, you may need to perform the opt-out again.

You can manage targeted ads in our apps through your device operating system settings. For iOS apps, visit the “advertising” controls in your privacy settings. For Android apps, use the Settings App. Both operating systems allow you to opt out of targeted ads and/or reset your device advertising ID.

We may also work with certain social media websites or platforms (such as Facebook or Twitter) to serve ads to you as part of a customized social media campaign. You can opt out of receiving customized ads by changing your ad preferences on those platforms, which we do not control.

We will request your permission before our apps access precise location data for your mobile device, generally when you first launch our apps. If you have previously consented to our app accessing precise location information, you may revoke that permission at any time through your device’s operating system location preference controls. You may also stop our access to precise location data by following the standard uninstall process to remove our apps from your device.

We use commercially reasonable administrative, technical, and physical security measures designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. AARP maintains a written information security program aligned to industry acceptable security frameworks such as the ISO 27001 standard, the NIST Cybersecurity Framework, the Center for Internet Security (CIS) Critical Security Controls (CSC), etc. The program contains administrative, technical, and physical safeguards designed to ensure the confidentiality, integrity, and availability of personal data, and safeguards and procedures required by applicable laws and regulations, specifically the Payment Card Industry (PCI) Data Security Standards (DSS), for the secure processing, storage, and transmission of payment card data. This includes but is not limited to network firewalls, intrusion detection and prevention systems, data encryption in transit and at rest, and multifactor authentication. AARP also maintains a third-party risk management program to ensure personal data exchanged with suppliers is adequately protected.

Despite our safeguards, however, no website, app, or information system can ever be completely secure so we cannot guarantee that the use of our systems, websites, or apps will be completely safe or secure. For additional information on privacy, identity theft, and online security, please visit the U.S. Federal Trade Commission's website.

If we learn of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using our websites and/or apps, or otherwise providing personal data to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of our websites and apps. We may post a notice via our websites if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

We will retain your Personal Information for as long as required to perform the purposes for which the data was collected as well as for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information; the potential risk of harm from unauthorized use or disclosure of your Personal Information; the purposes for which we process your Personal Information; whether we can achieve those purposes through other means; and the applicable legal requirements.

You may request that we delete your Personal Information. Please see the “Right to Delete” section for further information.

If you request to exercise your rights described above in the “Your Rights as a Consumer” section, we will keep a record of only the necessary Personal Information to enable us to comply with your request. If we have received information or otherwise determined that you are deceased, we will keep only the necessary Personal Information to enable us to prevent further collection and use of your Personal Information.

Our websites and apps are not intended for use by persons under the age of 16 and we do not knowingly collect Personal Information from children. If a child under the age of 13 has provided us with Personal Information, we ask that a parent or guardian contact us so that the Personal Information can be deleted. If a child ages 13 to 15 has provided us with Personal Information, we ask that either the child or parent or guardian contact us so that the Personal Information can be deleted. If AARP becomes aware that any Personal Information from persons under age 16 is in its possession, it will delete the data.

We understand the special sensitivities associated with your Consumer Health Data. The following terms constitute AARP’s Consumer Health Data Privacy Policy and supplement the other terms of AARP’s Privacy Policy. Except where the terms of this Consumer Health Data Privacy Policy differ, the other terms of AARP’s Privacy Policy apply to Consumer Health Data Privacy to the same extent they apply to other types of Personal Information.

By providing us your Consumer Health Data or by using our websites or apps, you consent to our collection, use, and sharing of such Consumer Health Data as described in this Consumer Health Data Privacy Policy.

For purposes of this Consumer Health Data Privacy Policy, “Consumer Health Data” means a subset of Personal Information that: (1) is linked or reasonably linkable to a consumer; (2) identifies the consumer’s past, present, or future physical or mental health status; and (3) meets the definition of “consumer health data” under the Washington State My Health My Data Act, the Nevada Consumer Health Data Privacy Law, or any other applicable law that specifically regulates the collection, use, and sharing of consumer health data (collectively, “Health Privacy Laws”). 

Categories of Consumer Health Data We May Collect, Use, and Share

Because Health Privacy Laws may define “Consumer Health Data” very broadly, many of the categories of Personal Information we may collect, use, and share could also be considered Consumer Health Data.

  • Specific categories of Consumer Health Data we may collect, use, and share include:
  • Health conditions, treatment, diseases, or diagnoses, including reproductive or sexual health care and gender-affirming care.
  • Social, psychological, behavioral, and medical interventions.
  • Surgeries or health-related procedures.
  • Use or purchase of medication.
  • Bodily functions, vital signs, symptoms, or measurements of information regarding a consumer’s physical or mental health status.
  • Biometric data.
  • Genetic data.
  • Precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health care services or supplies.
  • Data that identifies a consumer seeking health care services.
  • Health data derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data derived through an algorithm, machine learning, or any other means).
  • Other categories of Consumer Health Data with your consent.

We also may collect information that does not reveal your specific identity or does not relate to an identifiable consumer, including browser and device information, app usage data, Internet Protocol address, information collected through cookies, pixel tags, and other technologies. We do not use such information to infer health status. Nevertheless, if we are required by an applicable Health Privacy Law to treat such information as Consumer Health Data, then we may collect, use, and share it for the purposes for which we collect, use, and share Consumer Health Data as described in this Consumer Health Data Privacy Policy.

We may collect Consumer Health Data from you, including:

  • Information you provide to us directly.
  • Information obtained during your interactions with us, including with our website or apps.
  • Inferences we make based on that information.

We may collect Consumer Health Data from Providers, including:

  • Information you provided to Providers, who then share the information with us. 
  • Information obtained during your interactions with a Provider, who then shares the information with us.
  • Inferences Providers make about you and share with us.

Other Parties With Which We May Share Consumer Health Data

We may share Consumer Health Data with:

  • Subsidiaries and affiliates of AARP, including AARP Foundation and AARP Services, Inc.
  • Providers, including: (1) Providers that provide information to help us serve Members relevant ads and understand the ads’ effectiveness; and (2) if you are a member, Member Benefit Providers that provide benefits and services to you as part of your membership.
  • Law enforcement or other government agencies or third parties when we believe doing so is required by law or valid legal process.
  • Other third parties as necessary to provide you with the products or services that you request or with your consent.

The Purposes of Our Collection, Use, and Sharing of Consumer Health Data

We collect, use, and share Consumer Health Data as necessary to provide you with the products or services you request. This may include collection, use, and sharing of Consumer Health Data:

  • To help ensure security and integrity to the extent the use of the consumer’s Consumer Health Data is reasonably necessary and proportionate for these purposes.
  • For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with a business, provided that the consumer’s Consumer Health Data is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business. 
  • To perform services on behalf of a business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying consumer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business. 
  • To provide advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a Provider shall not combine the Consumer Health Data of opted-out consumers that the Provider receives from, or on behalf of, the business with Consumer Health Data that the Provider receives from, or on behalf of, another person or persons or collects from its own interaction with consumers.
  • To undertake internal research for technological development and demonstration.
  • To undertake activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by a business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
  • To undertake activities to advance commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.

Additionally, we may collect, use, and share Consumer Health Data:

  • For targeted advertising, as described in the “Advertising Technologies – Tailored Ads Based on Your Online Activity” section of AARP’s Privacy Policy.
  • When we believe doing so is required by law or valid legal process.
  • For additional purposes with your consent.

Your Rights

Please refer to the “Your Rights as a Consumer” section of AARP’s Privacy Policy for a description of your rights regarding your Consumer Health Data and how to exercise those rights.

As required by applicable Health Privacy Laws, we will not sell your Consumer Health Data except with your express authorization or consent.

Updates to Consumer Health Data Privacy Policy 

We may change or update this Consumer Health Data Privacy Policy from time to time. When we do, we will post the revised version on this page with a new “Last Updated” date.

Effective Date

This Consumer Health Data Privacy Policy is effective as of March 31, 2024.

AARP and its affiliates are based in the United States. Certain Service Providers may transfer Personal Information outside of the United States and may process and/or store Personal Information outside of the United States in order to provide products and services to AARP. We take steps, including through contracts, meant to provide protection consistent with applicable law and with this Privacy Policy. By using AARP and affiliates’ websites, you consent to your Personal Information being transferred, processed, and stored within the United States as well as other jurisdictions where our Service Providers may transfer Personal Information.

We may update this Privacy Policy at any time and without prior notice by posting an updated Privacy Policy on our websites and in our apps. When we do so, we will revise the “Updated” date at the top of the Privacy Policy. If we make material changes in the way we use and/or share your Personal Information, we will attempt to notify you directly, such as by sending an email to the email address you most recently provided to us and/or by prominently posting notice of the changes on our websites and in our apps.

In addition to using the mechanisms described above, you may contact us at any time regarding our Personal Information handling practices and this Privacy Policy the following ways:

  • Visit the AARP Help Center
  • Call us at 888-OUR-AARP (888-687-2277)
  • Write to us at AARP Membership Center, 3200 E. Carson St., Lakewood, CA 90712