Best Buy states it may collect your precise location through its mobile app and draws inferences from your data to build a profile of your preferences and behavior, which qualifies as sensitive personal information under California law.
This analysis describes what Best Buy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy discloses collection of precise geolocation and financial account details, both of which are classified as sensitive personal information under CPRA and trigger additional rights including the right to limit use, which must be operationally distinct from general opt-out mechanisms.
Interpretive note: The full scope of how precise geolocation data is used for advertising versus operational purposes, and the specific opt-in or opt-out mechanisms available for mobile app location permissions, were not fully confirmed in the available document text.
The policy states Best Buy may collect precise geolocation data from mobile app users who grant location permissions and may use this data to build behavioral profiles, meaning consumers who use the Best Buy app may have their location tracked and used for personalization and advertising.
How other platforms handle this
We collect information you provide directly to us, such as when you create an account, contact us for support, sign up for marketing emails, or otherwise communicate with us. The types of information we may collect include your name, email address, postal address, phone number, company name, job tit...
We collect information you provide directly to us, such as when you create an account, use our Services, make a purchase, or contact us for support. The types of information we may collect include your name, email address, password, phone number, credit card and other payment information, and any ot...
Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...
Monitoring
Best Buy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect precise geolocation data when you use our mobile applications and have granted location permissions. We also collect inferences drawn from your personal information to create a profile about you reflecting your preferences, characteristics, and behavior. Sensitive personal information, including financial account details and precise geolocation, is collected and used for the purposes described in this policy. You may have the right to limit our use of sensitive personal information to that which is necessary to perform the services you request.— Excerpt from Best Buy's Best Buy Privacy Policy
1. REGULATORY LANDSCAPE: Precise geolocation and financial account information are classified as sensitive personal information under CPRA, triggering the right to limit use and heightened disclosure obligations. The California Privacy Protection Agency enforces sensitive personal information rights. State laws in Illinois (BIPA, for biometric data), Virginia, Colorado, and Connecticut also treat geolocation and financial data as sensitive categories requiring enhanced protection. The FTC's guidance on location data practices is also relevant. 2. GOVERNANCE EXPOSURE: High. Collection and use of precise geolocation data for advertising or profiling purposes beyond what is necessary to provide requested services may conflict with the right to limit sensitive personal information use under CPRA. The FTC has taken enforcement action against companies that shared precise location data with third parties without adequate consent. 3. JURISDICTION FLAGS: California creates the most immediate exposure given CPRA's explicit sensitive personal information framework. Illinois does not directly regulate geolocation under BIPA but may create exposure if geolocation data is combined with biometric data. States with comprehensive privacy laws generally classify precise geolocation as a sensitive category requiring opt-in consent for collection or heightened disclosure. 4. CONTRACT AND VENDOR IMPLICATIONS: Vendors and advertising partners that receive precise geolocation data should be subject to written agreements restricting use to disclosed purposes. The classification of geolocation data recipients as service providers versus third parties under CCPA/CPRA should be confirmed in vendor agreements. 5. COMPLIANCE CONSIDERATIONS: The mobile app's location permission request should be reviewed to ensure it provides sufficient context for informed consent. The policy should be audited to confirm that the right to limit sensitive personal information use is operationally implemented and accessible to consumers. Data retention limits for precise geolocation data should be documented and enforced.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy discloses collection of precise geolocation and financial account details, both of which are classified as sensitive personal information under CPRA and trigger additional rights including the right to limit use, which must be operationally distinct from general opt-out mechanisms.
The policy states Best Buy may collect precise geolocation data from mobile app users who grant location permissions and may use this data to build behavioral profiles, meaning consumers who use the Best Buy app may have their location tracked and used for personalization and advertising.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Best Buy.