Click here to review the beginning of our Global Privacy Policy.

This U.S. State Privacy Notice applies to “Consumers” as defined under U.S. privacy laws, specifically the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Privacy Act (“VCDPA”),the Colorado Privacy Act, the Utah Consumer Privacy Act, Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, and any other U.S. privacy laws, as each are amended and as and when they become effective, and including any regulations thereunder (collectively, the “US Privacy Laws”). This U.S. State Privacy Notice is a supplement to this Privacy Policy. In the event of a conflict between any other P&G policy, statement, or notice and this U.S. State Privacy Notice, this U.S. State Privacy Notice will prevail as to Consumers and their rights under the applicable U.S. Privacy Laws.

This U.S. State Privacy Notice is designed to provide you with notice of our recent personal data practices over the prior 12 months from the “Last Updated” date of this Privacy Policy. This U.S. State Privacy Notice will be updated at least annually. This U.S. State Privacy Notice also applies to our current data practices such that it is also meant to provide you with “notice at collection,” which is notice of personal data (also referred to in some of the U.S. Privacy Laws as “personal information”) we collect online and offline, and the purposes for which we process personal data, among other things required by the U.S. Privacy Laws. For any new or substantially different processing activities that are not described in this U.S. State Privacy Notice, we will notify you as required by the U.S. Privacy Laws, including by either notifying you at the time of collecting personal data, or by updating this U.S. State Privacy Notice earlier than required. We reserve the right to amend this U.S. State Privacy Notice at our discretion and at any time.

Generally, we collect, retain, use, and disclose your personal data for our business purposes and commercial purposes. Business purposes are purposes which are generally not tied to an opt-out right under the U.S. Privacy Laws, such that they do that do not implicate “Sale,” “Sharing,” or “Targeted Advertising” as defined under U.S. Privacy Laws (see the “

section below.)

Our business purposes include the purposes listed above in the “

” and “

” sections. Our business purposes also include the disclosure of personal data (which may include all the categories of personal data in the table below) to the recipients noted in the table below.

Commercial purposes, on the other hand, are generally associated with an opt-out right under the U.S. Privacy Laws, in particular where they involve Sales, Sharing, or Targeted Advertising as defined under applicable U.S. Privacy Laws. Examples include where Third-Party Digital Businesses (defined below) collect your personal data via third-party cookies, and when we or such Third-Party Digital Businesses process personal data for certain advertising purposes.

The table immediately below describes the categories of personal data we collect in the left column. The middle column provides examples of data types within the applicable categories, which, in some instances, include the personal data types/categories listed above under “

.” The right column states the categories of recipients that receive such personal data as part of disclosures for business purposes, as well as disclosures which may be considered a Sale or Share under certain U.S. Privacy Laws.

Category of Personal DataExamples of Personal Data Types within CategoryCategories of Recipients
1. Identifiers and Contact InformationContact information, Unique IDs & Accounts Details, Online and Technical Information, Financial Account Information, Government-issued IDsDisclosures for Business Purposes:

Software and other business Vendors (“Business Vendors”)

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses and Retail Partners

2. Personal RecordsContact information, Unique IDs & Accounts Details, Financial Account Information, Government-issued IDsDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses

3. Personal Characteristics or TraitsGeneral Demographics & Psychographics, Data About Children, Inferred Information, Health-related informationDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses and Retail Partners

4. Customer Account Details / Commercial InformationGeneral Demographics & Psychographics, Transaction and Commercial Information, Online & Technical InformationDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses and Retail Partners

5. Biometric InformationBiometric InformationDisclosures for Business Purposes:

Business Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

6. Internet Usage InformationTransaction and Commercial Information, Online & Technical Information, Smart Devices and Sensor DataDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses

7. Location DataImprecise Location Data, Precise Geolocation DataDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

8. Audiovisual and Similar InformationAudio Visual Information, Smart Devices and Sensor DataDisclosures for Business Purposes:

Business Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

9. Professional or Employment InformationGeneral Demographics & PsychographicsDisclosures for Business Purposes:

Business Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

10. Non-public Education RecordsNot applicable in non-HR contexts (which are not within the scope of this notice)
11. Inferences from Collected InformationGeneral Demographics & Psychographics, Inferred InformationDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses and Retail Partners


Sensitive Personal Data

Category of Personal DataExamples of Personal Data Types within CategoryCategories of Recipients
Account information and CredentialsFinancial Information. In addition, we may store your P&G account log-ins in combination with a password in our systems.Disclosures for Business Purposes:

Business Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

Precise Geolocation DataPrecise geolocation dataDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

Racial or Ethnic OriginGeneral Demographics & PsychographicsDisclosures for Business Purposes:

Business Vendors

Marketing Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

Biometric InformationBiometric informationDisclosures for Business Purposes:

Business Vendors

Affiliates and Related Entities

Sale/Sharing: N/A

PI Concerning a Consumer’s HealthHealth-related InformationDisclosures for Business Purposes:

Business Vendors

Affiliates and Related Entities

Sale/Sharing: Third-Party Digital Businesses and Retail Partners

*This personal data would not include health diagnostic information but is related to demographic or purchase data that may help us determine which products you may be interested in.

Certain U.S. Privacy Laws require us to either disclose length of time we intend to retain each category of personal data listed above, or if that is not possible, the criteria used to determine the period of time it will be retained. Because there are so many different types of personal data in each category, and so many purposes and use cases for different data, we have determined that it is not possible to disclose in a clear manner how long we intend to retain each category as they are defined in the applicable U.S. Privacy Laws. However, we do discuss retention in relation to certain processing activities, including certain types of personal data in relation to such processing activities, along with the criteria that are used in relation to the same, below in our “

” section.

As described in further detail below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), we provide Consumers – which are, for clarity, residents of certain states – the privacy rights described in this section. For residents of states without Consumer privacy rights, we will consider requests but will apply our discretion in how we process such requests. For states that have passed consumer privacy laws, but are not yet in effect, we will also consider applying state law rights prior to the effective date of such laws but will do so in our discretion.

As permitted by the U.S. Privacy Laws, any request you submit to us is subject to an identity verification process (“Verifiable Consumer Request”) as described below in the “Verifying Your Request” section below. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected personal information.

To make a request, please submit your request to us by one of the methods below. For further instructions on how to submit a Do Not Sell/Share/Target request, for non-cookie PI (as defined below), please go to the “

” section below.

  • Calling us at (877) 701-0404 

  • Visiting our Preference Center (which can be reached by the “Your Privacy Choices” link in the footer of our websites or via the Settings menu in our mobile applications)

Some personal data we maintain about you is not sufficiently associated with enough of your other personal data for us to be able to verify that it is your particular personal data (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that personal data in response to those requests. If we deny a verified request, we will explain the reasons in our response. You are not required to create a password-protected account with us to make a Verifiable Consumer Request. We will use personal data provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We will make commercially reasonable efforts to identify personal data that we collect, process, store, disclose, and otherwise use and to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, we may refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that we may refuse a request, we will give you notice explaining why we made that decision.

To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal data or considering your deletion request. Upon receipt of your request, we will send you a verification form by email or postal mail. To complete your request, please respond to the verification form when you receive it. To verify your identity, we may require you to provide any of the following information: Name, email address, postal address, or date of birth.

We will review the information provided as part of your request and may ask you to provide additional information via e-mail or other means as part of this verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces/Portability), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected personal data. The same verification process does not apply to opt-outs of Sale or Sharing, or limitation of Sensitive Personal Data requests, but we may apply some verification measures if we suspect fraud.

The verification standards we are required to apply for each type of request vary. We verify your categories requests and certain deletion and correction requests (e.g., those that are less sensitive in nature) to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. For certain deletion and correction requests (such as those that relate to personal data that is more sensitive in nature) and for specific pieces requests, we apply a verification standard of reasonably high degree of certainty. This standard includes matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you, and may include obtaining a signed declaration from you, under penalty of perjury, that you are the individual whose personal data is the subject of the request.

If we cannot verify you in respect of certain requests, such as if you do not provide the requested information, we will still take certain actions as required by certain U.S. Privacy Laws. For example:

  • If we cannot verify your deletion request, we will refer you to this U.S. State Privacy Notice for a general description of our data practices.

  • If we cannot verify your specific pieces request, we will treat it as a categories request.

You may designate an authorized agent to submit a request on your behalf by submitting a request in the manners described above. If you are an authorized agent who would like to make a request, the U.S. Privacy Laws require that we ensure that a request made by an agent is a Verifiable Consumer Request (except Do Not Sell/Share requests) and allow us to request further information to ensure that the Consumer has authorized you to make the request on their behalf. Generally, we will request that an agent provide proof that the Consumer gave the agent signed permission to submit the request, and, as permitted under the U.S. Privacy Laws, we also may require the Consumer to either verify their own identity or directly confirm with us that they provided the agent permission to submit the request. To make a request as an authorized agent on behalf of a Consumer, click here.

You may appeal a denial of your request by clicking here.

You have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:

  • the categories of personal information we have collected about you;

  • the categories of sources from which we collected the personal information;

  • the business or commercial purposes for which we collected or sold the personal information;

  • the categories of third parties to whom we sold or shared the personal information, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared;

  • the categories of personal information about you that we disclosed for a business purpose, and the categories of persons to whom disclosed that information for a business purpose.

You have the right to request a transportable copy of the specific pieces of personal data we collected about you in the 12-month period preceding your request. Please note that personal data is retained by us for various time periods, so there may be certain information that we have collected about you that we do not even retain for 12 months (and thus, it would not be able to be included in our response to you). Please also note that you may be limited under your applicable state’s law to making a certain number of “right to know” requests in any 12-month period.

In addition, you have the right to request that we delete certain personal information we have collected from you.

Please understand that P&G cannot delete personal data in those situations where our retention is required for our own internal business purposes or otherwise permitted by relevant U.S. Privacy Laws (such as fraud prevention or legal compliance). In these situations, we will retain your personal data in accordance with our records retention program and securely delete it at the end of the retention period.

You have the right to request that we correct inaccuracies that you find in your personal data maintained by us. Your request to correct is subject to our verification (discussed above) and the response standards in the applicable U.S. Privacy Laws.

Certain personal data qualifies as “sensitive personal data” or “sensitive personal information” under U.S. Privacy Laws, which we refer to in this U.S. State Privacy Notice as “Sensitive Personal Data”. Some U.S Privacy Laws require consent for the processing of Sensitive Personal Data, which can be revoked, subject to certain exceptions and exemptions (for example, if the processing of your Sensitive Personal Data is required to provide a product or service specifically requested by you). Depending on your state of residence, you have the right to revoke such consent, if applicable, and/or direct businesses to limit their use and disclosure of Sensitive Personal Data if they use or disclose it beyond certain internal business purposes. You can make a request using the methods set forth above.

Under the various U.S. Privacy Laws, Consumers have the right to opt-out of certain processing activities. Some states have opt-outs specific to Targeted Advertising activities - which California’s law refers to as “cross-context behavioral advertising”, and others simply as Targeted Advertising - which involve the use of personal data from different businesses or services to target advertisements to you. California provides Consumers the right to opt-out of Sharing, which includes providing or making available personal information to third parties for such Targeted Advertising activities, while other states provide Consumers the right to opt-out from processing personal information for Targeted Advertising more broadly. There are broad and differing concepts of the Sale of personal data under the various U.S. Privacy Laws, all of which at a minimum require providing or otherwise making available personal data to a third party.

Third-Party digital businesses, including online platforms (Google, Amazon, Facebook, etc.) and AdTech companies such as Demand Side Platforms which help us place advertisements (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal data about you on our apps and websites, or otherwise collect and process personal data that we make available about you, including digital activity information. Giving access to personal data on our websites or apps, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing and could implicate Targeted Advertising under some U.S. Privacy Laws. Therefore, we will treat such personal data collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the personal data we make available about you is collected directly by such Third-Party Digital Businesses using Tracking Technologies on our websites or apps, or our advertisements that are served on third-party sites (which we refer to as “cookie PI”). However, certain personal data which we make available to Third Party Digital Businesses is information that we have previously collected directly from you or otherwise about you, such as your email address (which we refer to below as “non-cookie PI”).

When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale, Sharing, and Targeted Advertising, such that our opt-out process is intended to combine all of these state opt-outs into a single opt-out. Instructions for opting out are below. Please note that there are distinct instructions for opting out of cookie PI and non-cookie PI, which we explain further, below.

Opt-out for non-cookie PI: If you would like to submit a request to opt-out of our processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale or Sharing of such data, make an opt-out request here.

Opt-out for cookie PI: If you would like to submit a request to opt-out of our processing of your cookie PI for Targeted Advertising or opt-out of the Sale/Sharing of such personal data, you need to exercise a separate opt-out request on our cookie management tool. To do so, visit “Your Privacy Choices” here and click “Do Not Sell or Share My Personal Information / Opt-Out of Targeted Advertising” and follow the instructions for the toggle. This is because we have to use different technologies to apply your opt-outs of cookie PI and of non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device.

A similar tool is available for our mobile applications, which you can access via the “Do Not Sell or Share My Personal Information / Opt-Out of Targeted Advertising” option in the Settings menu.

If you are using the same browser, your opt-out preference will be noted and remembered across our different websites. You must exercise your preferences separately on each of our mobile applications that you use, if you use a different browser than the one on which you originally opted out, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be affective, and you will need to enable them again via our cookie management tool.

For more information about how we have shared your personal data with third parties such that it constitutes a “Sale” or “Share” under CCPA during the 12-month period prior to the date this privacy policy was last updated, please refer to the chart above. We do not knowingly Sell or Share personal data of minors older than 13 years of age and under 16 years of age without their consent.

Some of the U.S. Privacy Laws require businesses to process GPC signals, which is referred to in California as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale and Sharing of personal data. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website and mobile applications, which is explained by our consent management platform here.

We also collect and use your personal data to administer and maintain Rewards Programs (defined above in “How We Use Your Data”), which may be considered a “financial incentive” under one or more of the U.S. Privacy Laws.

We use all of the categories of personal data disclosed in the above table, excluding “biometric information,” “professional or employment information, and “non-public education records,” to administer and maintain such Rewards Programs. We use personal data to verify your identity, offer unique rewards, track your program status, and to facilitate the exchange of program points for products, promotional materials, training workshops, and other items. You can opt-in to a Rewards Program by signing up on the applicable rewards page. If you opt-in to participate in any of our Rewards Programs, you may withdraw from participation at any time by contacting us using the contact details in this Privacy Policy or in accordance with the instructions set forth in the applicable Rewards Program’s terms and conditions.

Under certain U.S. Privacy Laws, you may be entitled to be informed as to why financial incentive programs, or price or service differences, are permitted under the law, including (i) a good-faith estimate of the value of your personal data that forms the basis for offering the financial incentive or price or service difference, and (ii) a description of the method we used to calculate the value of your personal data. Generally, we do not assign monetary or other value to personal data. However, in the event we are required by law to assign such value in the context of Rewards Programs, or price or service differences, we have valued the personal data collected and used as being equal to the value of the discount or benefit provided, and the calculation of the value is based upon a practical and good-faith effort often involving the (i) categories of personal data collected (e.g., names, email addresses), (ii) the use of such personal data for our marketing and business purposes in accordance with this Privacy Policy and our Rewards Programs, (iii) the discounted price offered (if any), (iv) the volume of consumers enrolled in our Rewards Programs, and (v) the product or service to which the Rewards Programs, or price or service differences, applies. The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards. We deem the value of the personal data to be reasonably related to the value of the rewards, and by subscribing to these Rewards Programs you indicate you agree. If you do not, do not subscribe to the Rewards Programs.

Non-Discrimination

You have the right not to receive discriminatory treatment for the exercise of your privacy rights described in this U.S. State Privacy Notice. We will not deny, charge different prices for, or provide a different level or quality of goods or services if you choose to exercise your rights.

Click here to see request metrics from the previous calendar year.

We may offer interactive services which allow teens under the age of 18 to upload their own content (e.g., videos, comments, status updates, or pictures). This content can be removed or deleted any time by following the instructions on our sites. If you have questions about how to do this, contact us. Be aware that such posts may have been copied, forwarded, or posted elsewhere by others and we are not responsible for any such actions. You will, in such cases, have to contact other site owners to request removal of your content.

We provide California residents with the option to opt-out to sharing of “personal information,” as defined by California’s “Shine the Light” law, with third parties (other than with Company affiliates) for such third parties’ own direct marketing purposes. California residents may exercise this opt-out, request information about our Shine the Light law compliance, and/or obtain a disclosure of third parties we have shared information with and the categories of information shared. To do so contact us at 1 Procter & Gamble Plaza, Cincinnati, OH 45202, U.S.A. (Attn: Privacy). You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. We are only required to respond to one request per Consumer each year. We are not required to respond to requests made by means other than through the provided mail address. We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete.