Privacy Policy for AT&T Inc. Websites

Effective January 1, 2023

This Privacy Policy applies to the websites for AT&T Inc. and information collected through those websites.  AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand or other brands and not by AT&T Inc.  Those subsidiaries and affiliates have their own privacy policies that apply to their products, services, and websites.  This Privacy Policy applies only to the websites for AT&T Inc. and the website for the AT&T Discovery District (https://discoverydistrict.att.com/) (collectively, or “these websites”). By using these websites, you accept and agree to the terms of this Privacy Policy (“Policy”). If you do not agree to this Policy, please do not use these websites.

Information we collect through these websites

We automatically collect information about how you use these websites and what device or devices you use to do so through the use of cookies, web beacons, and other technologies.  For example, these websites automatically record website usage information including your IP address, browser type, operating system, and device type used to access the website.  Subject to the settings on your device or web browser, we may also collect limited information about your location.  This information does not identify you personally, and we do not use this information to track or record information about individuals through these websites.

How we use the information we collect

We use the data collected through these websites for a variety of purposes including to better understand how people use each website, to prevent fraud, and to improve the effectiveness, security and integrity of the website. Information about your location may be used to help customize the content you see.  We may also use the data to provide you information about AT&T and its products and services and offers, to protect and enforce our agreements and property rights, to comply with court orders, legal processes or respond to regulatory or other similar requests.

We share the information with

  • Our subsidiaries and affiliates.
  • Vendors and agents performing or providing goods and services on our behalf.
  • Third parties but only in aggregate form or as may be required by law.

Data storage and retention

Data we collect through the AT&T Inc. websites may be processed and stored in the United States, or in other countries where we or our affiliates or service providers process data. We take steps to ensure that data is processed according to this Policy and the requirements of applicable law.

When we transfer personal data from the European Economic Area to other countries, we use appropriate legal mechanisms to help ensure all applicable laws, rights and regulations continue to protect your data.

We keep any information we collect through these websites as long as we need it for business, tax, or legal purposes. We set our retention periods based on things like the type of personal information collected, how long the personal information is needed to operate the business or provide our Products and Services and whether the business is subject to contractual or legal obligations – such as ongoing litigation, mandatory data retention laws or government orders to preserve data relevant to an investigation. After that, we destroy it by making it unreadable or indecipherable.  

Security of your data

We've established electronic and administrative safeguards designed to make the information we collect from these websites secure. However, no transmission or electronic storage of information is guaranteed to be secure. We therefore urge you to always use caution when transmitting information over the Internet.

Links to other websites

These websites contain links to other websites and servers that are not AT&T Inc. websites. This Policy does not apply to the privacy practices or the content of such linked sites. When you link to another site, you are subject to the privacy policy of the new site.

Changes in ownership or to the Policy

Information collected through these websites may be shared and transferred as part of any merger, acquisition, or sale of company assets. This also applies in the unlikely event of an insolvency, bankruptcy, or receivership in which customer and user records would be transferred to another entity as a result of such a proceeding.

We may update this Policy as necessary to reflect changes we make and to satisfy legal requirements. Updates to this Policy will be posted to these websites.  We’ll post a prominent notice of material changes on these websites.

Information for our California consumers

Website data collection: We don’t knowingly allow other parties to collect personally identifiable information about your online activities over time and across third-party websites when you use our websites unless we have your consent.

Do Not Track notice: We don’t currently respond to Do Not Track.  Please go to All About Do Not Track for more information. However, we recognize and honor the opt out preference signal associated with a Global Privacy Control.

State Privacy Rights and Choices

Certain states provide rights regarding your Personal Information. Personal Information and rights in these states and jurisdictions, are explained in the following section. To underscore our commitment to our privacy principles and to provide a consistent experience, we also offer these as choices to consumers in places where they are not required:

Personal Information ("Personal Information") means information that identifies, relates to, describes, is reasonably capable of being associated with, is linked to or could be reasonably linked to, either directly or indirectly, an identified or identifiable individual or household.

The Personal Information We Collect and Its Purpose of Collection

Categories

Examples

Collected or created

Source

Purpose of collection and use

Identifiers

Name,  email address, IP address, device IDs

Collected

  • Consumers give it to us
  • We automatically get it
  • Marketing and advertising
  • Fraud prevention
  • Debug system errors
  • Develop, maintain, provision or upgrade networks,  services or devices
  • Internal research, analytics and development
  • Enable cross-context behavioral or targeted advertising

Geolocation data

Street address, ZIP code and device location

Collected

  • Consumers give it to us
  • We automatically get it
  • Marketing and advertising
  • Service alerts
  • Fraud prevention
  • Debug system errors
  • Develop, maintain, provision or upgrade networks,  services or devices
  • Internal research, analytics and development
  • Enable cross-context behavioral or targeted advertising

Internet or other electronic network activity information 

Site searches and information regarding an individual’s interaction with an internet website, application, or advertisement

Collected and created

  • We automatically get it
  • Marketing and advertising
  • Fraud prevention
  • Debug system errors
  • Develop, maintain, provision or upgrade networks,  services or devices
  • Internal research, analytics and development

Information we shared about consumers

Here is information about the Personal Information we have collected from consumers over the past year and the purpose for which we shared or "sold" it. Note, some states define “sale” very broadly and includes the sharing of Personal Information for anything of value.  According to this broad definition, in the year before the date this policy was updated, we have sold or shared the following categories of Personal Information:

Categories

Collected or created

Categories of companies we've shared with

Purpose for sharing

Purpose for selling

Identifiers

Collected

  • Marketing services companies
  • Cloud storage companies
  • Fraud prevention entities
  • Analytics companies
  • Marketing and advertising
  • Data storage
  • Fraud prevention
  • Analytics and measurement 
  • Marketing and advertising

Internet or other electronic network activity information

Collected and created

  • Marketing services companies
  • Analytics companies
  • Cloud storage companies
  • Research entities
  • Marketing and advertising
  • Analytics and measurement
  • Data storage
  • Research
  • Marketing and advertising

Geolocation data

Collected

  • Marketing services companies
  • Cloud storage companies
  • Fraud prevention and  authentication/identity verification entities
  • Analytics companies
  • Research entities
  • Marketing and advertising
  • Data storage
  • Fraud prevention/ identity verification
  • Analytics and measurement
  • Research
  • Marketing and advertising 

Here is information about the Sensitive Personal Information, as defined under California law, that we have collected from consumers and other companies over the past year. We list the purpose for which we collected it, the types of companies we’ve shared it with and why.  AT&T has not sold Sensitive Personal Information.

Categories

Purpose for collection

Categories of companies we've shared with

Purpose for sharing (making available constitutes a share)

Demographic or  occupational information such as union membership

  • Conduct research & development
  • Preparation of aggregate insights
  • Marketing services companies
  • Research entities
  • Analytics companies
  • Marketing and advertising 
  • Research

Your Right To Ask Us Not To Sell or Share Your Personal Information, and Your Right To Ask Us to Limit The Use Of Your Sensitive Personal Information

You can tell us not to sell or share your Personal Information.  Additionally, you can tell us to limit the use of your Sensitive Personal Information.  You may make such requests by:

  • Visiting our Choices and Controls page and selecting the Do Not Sell or Share or the Control Sensitive Personal Info Request; or
  • Contacting us at 866-385-3193.

Providing Personal Information to service providers or contractors does not constitute a sale or sharing of Personal Information. You may use an authorized agent to make your request and we will confirm whether or not your request has been processed and why.

Once we receive and verify your request, we will not sell or share your Personal Information and will limit the use of your Sensitive Personal Information unless you later allow us to do so.  We may ask for your permission to resume sale of your Personal Information at a later date, but we will wait at least 12 months before doing so.  

Consumers Under 16 Years Old

We do not have actual knowledge that we sell Personal Information of consumers under 16 years of age.  If we collect Personal Information that we know is from a child under 16 years old, we will not sell that information unless we receive affirmative permission to do so.  If a child is between 13 and 16 years of age, the child may provide that permission. 

Your Right to Request Disclosure of Information We Collect and Share About You

We are committed to ensuring that you know what information we collect.  You can ask us for the following information:   

  • The categories and specific pieces of your Personal Information that we’ve collected. 

  • The categories of sources from which your Personal Information was collected.

  • The purposes for collecting or selling your Personal Information.

  • The categories of third parties with whom we shared your Personal Information.  

We are also committed to ensuring that you know what information we share about you.  You can submit a request to us for the following additional information:   

  • The categories of Personal Information we’ve sold about you, the third parties to whom we’ve sold that Personal Information, and the category or categories of Personal Information sold to each third party.

  • The categories of Personal Information that we’ve shared with service providers who provide services for us, the categories of third parties to whom we’ve disclosed that Personal Information; and the category or categories of Personal Information disclosed to each third party. 

To exercise your right to request the disclosure of your Personal Information that we collect or share, either visit our Choices and Controls page or contact us at 866-385-3193.  These requests for disclosure are generally free and are provided in a format that is portable in a readily usable format.    

Your Right to Request Correction of Inaccurate Personal Information

You may request that that we correct inaccurate Personal Information we have about you.  When you request that we correct inaccurate information, we will ask you to provide documentation supporting the accuracy of the Personal Information that is the subject of your request, and in doing so we will evaluate the totality of the data relating to the contested Personal Information. We may deny your request if we determine that the contested Personal Information is more likely than not accurate based on the data provided.  Whether or not we are able to honor your correction request, you will be notified that your request was processed or denied and why.  To exercise this right or choice, either visit our Choices and Controls page or contact us at 866-385-3193.
 

Your Right To Request The Deletion Of Personal Information 

Upon your request, we will delete the Personal Information  we have collected about you, except for situations when that information is necessary for us to: provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us, or that are reasonably aligned with your expectations based on your relationship with us. 

To exercise this right or choice, either visit our Choices and Controls page or contact us at 866-385-3193.  Requests for deletion of your Personal Information are generally free.  

Your Right to Appeal

You can ask us to reconsider on the outcome of a request you’ve submitted regarding your rights to access, correction, deletion and portability of your Personal Information and/or the right to know whether your personal data is being sold or shared.  Upon receipt of your appeal, we’ll research your request and provide you an explanation of our review in writing. 

Verification of Identity – Access, Deletion or Correction Requests

In order to submit an access, deletion or correction request, we must be able to verify your identity. You’ll have to authenticate yourself again to correct your data, access your data or submit your deletion request.  We will ask to verify your identity using our mobile verification process. This process may involve a one-time pin or the capture of an image of your identity document, such as your driver’s license, and compares it to a self-photo you submit. We will only use this information to verify your identity. We will delete it after the time expires allowed by applicable state laws to process and respond to your request.  

If we cannot verify your identity, we will notify you that we will not be able to respond to your request

Authorized Agents 

You may designate an authorized agent to submit requests on your behalf. Your agent will need a valid power of attorney or written permission signed by you. If the agent relies on written permission, we’ll need to verify the agent’s identity. We may also contact you directly to confirm the permission. Your authorized agent can submit your requests by calling us at 866-385-3193.  

We Don’t Mind if You Exercise Your Data Rights

We are committed to providing you control over your Personal Information.  If you exercise any of these rights explained in this section of the Privacy Policy, we will not disadvantage you.  You will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services.  

Questions

Any consumer who wishes to request further information, or who has questions about our privacy practices and policies, can email us at privacypolicy@att.com, or write to us at AT&T Privacy Policy, Chief Privacy Office, 208 S. Akard, Room 2100, Dallas, TX 75202.

Data Retention

AT&T decides how long to retain your Personal Information consistent with these criteria:

  • The type of personal information collected;

  • How long the personal information is needed to operate the business or provide our Products and Services; and

  • Whether the business is subject to contractual or legal obligations – such as ongoing litigation, mandatory data retention laws or government orders to preserve data relevant to an investigation.  

View California Metrics For The Prior Calendar Year

You may review information about the company’s California data requests for the prior calendar year by visiting California metrics page.

Contact Us

For more information, or for help with other questions, you can:  

  • Email us at privacypolicy@att.com

  • Write to us at AT&T Privacy Policy, Chief Privacy Office, 208 S. Akard, Room 2100, Dallas, TX 75202.  

For other inquiries, customer service contact numbers can be found at att.com.  

 

HTML Editor Component
*Contents may not have visible height

We collect your information in 3 ways:

  • Consumers give it to us when you make a purchase, set up an account or otherwise directly communicate with us.
  • We automatically get it when you use, or your device uses, our Products or Services. For example, we use network tools to collect information like call and text records and the web browsing information we describe in this Policy.
  • We get it from outside sources like credit reports, marketing mailing lists, and commercially available geographic and demographic information, along with other available information, such as public posts to social networking sites.