With 65% of U.S. smart speaker users choosing Amazon Echo as their preferred device^[1], Amazon’s Alexa has become a household staple thanks to its ability to learn new skills and integrate with third-party devices. However, these features rely heavily on collecting and processing user data, including personal information, which might raise privacy concerns over how much information it gathers and for what purposes.

To help you learn more about Alexa's personal information collection practices, this guide will discuss what types of data it gathers, how Amazon uses the data, and what steps you can take to protect your personal information while using Alexa. You'll also discover a method of enhancing the security of your financial information when shopping online.

Disclaimer: The information in this guide is accurate as of October 2024. For the most up-to-date information, visit the official Amazon website or contact customer support. 

What Personal Information Does Alexa Collect? 

As a voice-operated assistant, Alexa works by recording and processing your commands to perform them. You can expect that anything you say after the chosen wake word (e.g., "Alexa," "Echo," or "Amazon") will be collected by Alexa, transcribed, and stored on Amazon’s servers^[2].

Alexa can also collect: 

• Location information^[3]—If enabled, Alexa can access your device’s geolocation to provide accurate location-based services, such as weather updates, local search results, or traffic updates.
• Device usage data^[4]—Amazon collects device-specific information like your IP address, device type, operating system, and usage habits.
• Personally identifiable information^[4]—Alexa can collect your name, email address, phone number, and other personal details if you provide them to set up features like voice purchasing or creating a household profile. 
• Payment information^[5]—If you want to make a purchase through Alexa, it will use your Amazon account’s default payment and shipping information.

How Does Amazon Use Personal Information Collected by Alexa?

The use of your personal information collected by Alexa is governed by Amazon’s Privacy Notice^[4]. Some of the ways the company might use your data include:

• Providing services and features—Amazon uses your data to fulfill your requests, such as playing music, setting reminders, or making calls through Alexa.
• Improving customer experience—Your data helps Amazon understand how users interact with its services and improve them. For example, by analyzing your voice recordings, Amazon can enhance the accuracy of its speech recognition technology.
• Personalization and recommendations—Amazon uses your data to personalize your Alexa experience based on your interests, preferences, and usage habits. 
• Order purchase and delivery—When you make purchases through Alexa, Amazon uses your data to process and fulfill your orders, provide customer support, or send shipping updates.
• Marketing and advertising—Amazon may use your data to display relevant ads or offers based on your interests and purchase history.
• Fraud monitoring and prevention—Amazon uses data to detect and prevent fraudulent activities, such as unauthorized access to accounts or fraudulent purchases.
• Legal compliance—In some instances, Amazon may use personal information collected from Alexa to comply with legal obligations, such as responding to government requests or providing information in response to a court order.

How To Protect Your Personal Information While Using Alexa

While Amazon employs encryption protocols and follows the Payment Card Industry Data Security Standard (PCI DSS) when processing payment card data^[4], you can take additional steps to protect your personal information while using Alexa.

To limit and manage how Alexa collects and stores your voice recordings, you can use the following three options:

1. Enable on-device audio processing^[6]—Supported on certain Echo devices, this option allows Alexa to transcribe your commands on-device. Your voice recordings are deleted automatically, and only the transcription is sent to Amazon’s servers.
2. Delete your voice recordings^[7]—While all your voice recordings are saved by default, you can review and delete them at any time.
3. Limit how long Amazon stores your recordings^[7]—You can choose between saving recordings for three months, 18 months, or until you delete them manually. This option also lets you opt out of saving recordings in general.
   ‍

Alexa can sometimes mistake other words for the wake word and trigger voice recording when you don’t want it to. To avoid this, consider setting a distinct wake word that doesn’t come up in conversations naturally. And to ensure the personal information Alexa collects is safe from unauthorized access, consider using a strong and unique password for your Amazon account, as it also secures Alexa.

How To Secure Sensitive Data Against Theft and Misuse

As more and more devices and services collect personal information, the risks of personal data breaches grow. While it might be impractical to completely forego using all these devices and services, here are three additional steps you can take to reduce your digital information footprint and protect your personal information:

1. Use a virtual private network (VPN)—A VPN like Hide.me, Bitdefender, or NordVPN encrypts your internet connection and routes it through a secure server, making it difficult for hackers to intercept your data. It's an effective way to secure online activities, especially when using public Wi-Fi networks.
2. Seek data removal services—Companies specializing in personal data removal can help reduce your digital footprint and protect against identity theft. 
3. Use virtual cards for online payments—Virtual cards feature unique payment card numbers you can use at checkout, reducing the risk of your actual financial information being exposed in case of a data breach. Although banks offer virtual cards, choosing an independent provider like Privacy gives you access to industry-grade security measures and advanced card control features.

Use Privacy Cards To Protect Your Financial Information

By linking your debit card or bank account with Privacy, you can generate virtual cards to protect your financial information. When you shop online with a Privacy Virtual Card, merchants can only store the virtual card's details in their database—not your actual card numbers. This added layer of security helps reduce the risk of unauthorized access and potential misuse of your real financial information, even in the event of a merchant data breach.

As a PCI-DSS-compliant service provider, Privacy employs rigorous security measures similar to those of your bank. These include using AES-256 encryption to store sensitive information and sending real-time notifications for every transaction, which can help you spot unusual activities.

Additional measures Privacy employs to reduce the risk of data exposure include:

• Password hashing—Privacy uses advanced techniques to turn your passwords into a string of characters, making them unreadable in case of theft.
• Regular cybersecurity audits—Privacy undergoes audits by reputable third-party organizations to ensure compliance with stringent security standards.
• Adherence to OWASP guidelines—Privacy follows industry best practices recommended by the Open Web Application Security Project (OWASP) to design and operate secure web applications.

Privacy Card Types and Features

Privacy lets you create three types of cards:

You can set spending limits on Privacy Cards, and Privacy will block any transaction that exceeds the limit. This feature helps protect you from hidden fees and unannounced price hikes by sneaky merchants.

Privacy also allows you to pause or close your virtual cards at any time, blocking further charges to your Privacy Virtual Cards. This feature helps reduce the risk of unauthorized transactions, like those that might happen during or after canceling subscription services.

Additional Convenience Features

Privacy offers several features to streamline your virtual card management:

• 1Password integration—You can save and autofill your virtual card details within 1Password's browser extension, reducing the need for manual data entry and minimizing data exposure.
• Mobile app—Available for iOS and Android, the Privacy App allows you to create, view, and use your virtual cards on your smartphone. It also lets you monitor card activity on the go, helping you spot potentially suspicious charges.
• Browser extension—The Privacy Browser Extension supports Safari (or Safari for iOS for smartphone users), Firefox, Chrome, and Microsoft Edge. It allows you to generate and autofill virtual card details within your browser, making online transactions even more secure and convenient.

How To Get Started With Privacy

To get a Privacy Virtual Card, follow these four steps:

1. Visit the Privacy website and create an account
2. Provide the required Know Your Customer (KYC) details
3. Link your bank account or debit card to your Privacy account
4. Request and generate your first Privacy Card‍
   ‍

Privacy has four plans you can choose from:

References

^[1]Statista. https://www.statista.com/chart/23943/share-of-us-adults-who-own-smart-speakers/, sourced October 12, 2024

^[2]Amazon. https://www.amazon.com/gp/help/customer/display.html?nodeId=GVP69FUJ48X9DK8V&, sourced October 12, 2024

^[3]Amazon. https://www.amazon.com/gp/help/customer/display.html?nodeId=ThPAoEt6HlxJt14PFO, sourced October 12, 2024

^[4]Amazon. https://www.amazon.com/gp/help/customer/display.html?nodeId=468496, sourced October 12, 2024

^[5]Amazon. https://www.amazon.com/alexa-shopping-hub/b?ie=UTF8&node=21467932011&ref, sourced October 12, 2024

^[6]Amazon. https://www.amazon.com/b?ie=UTF8&node=23727313011, sourced October 12, 2024

^[7]Amazon. https://www.amazon.com/b?ie=UTF8&node=23608614011, sourced October 12, 2024

‍