Found in 90 of 170 platforms tracked (53% adoption) · 236 provisions
Biometric data is among the most sensitive personal information — it is unique to you and cannot be changed if compromised. Several US states (Illinois, Texas, Washington) have strict laws governing …
Your voice commands and conversations captured by Amazon devices are stored and analyzed, creating a sensitive record of what you say in your own home, which raises significant privacy concerns.
This means Amazon is building a detailed profile of your behavior every time you visit its site or use its apps, which is used for advertising and personalization without requiring you to actively sh…
If a child under 13 uses Amazon services without proper parental consent setup, their data may be collected in violation of federal law, putting both the child and family at risk.
This provision explicitly names neural data — a novel and emerging data category — alongside biometrics, signaling heightened protection for data types that are increasingly regulated under state and…
Precise location data can reveal highly sensitive information about a person's daily routine, home, workplace, medical visits, religious practices, and associations, making it one of the most privacy…
Health data is among the most sensitive personal information and is subject to heightened legal protections; unauthorized access or misuse can cause serious personal and financial harm.
Voice recordings can capture sensitive personal conversations, background audio, and confidential information unintentionally, making this one of the most privacy-sensitive data categories Apple coll…
Keystroke and mouse-movement capture goes beyond standard page analytics — it can reconstruct exactly what you typed and how you navigated, raising significant privacy concerns if not properly disclo…
The breadth of sensitive data collected — particularly Social Security numbers and detailed financial histories — creates significant risk if shared broadly or in the event of a data breach, and cons…
Precise location data is among the most sensitive categories of personal information — it can reveal where you live, work, sleep, and socialize over time.
The collection of sensitive personal information such as government IDs and financial account numbers carries elevated risk if data is breached or misused.
Biometric data is among the most sensitive personal information because it cannot be changed if compromised, and its collection and storage creates significant privacy risks.
Government ID documents are highly sensitive and their collection by a financial platform creates risks if that data is mishandled, breached, or shared inappropriately.
Biometric data is among the most sensitive personal information and cannot be changed if compromised; its collection and storage by a dating app poses significant privacy and security risks.
This type of highly sensitive data — including information about your sexual identity or religion — carries significant risks if exposed or misused, and its processing is subject to the strictest leg…
Precise location tracking on a dating app can reveal sensitive information about where you live, work, or spend time, and could pose safety risks if exposed or misused.
Data broker sourcing means Cash App may know things about you beyond what you shared, and this enriched profile is used for targeted advertising and personalization — a practice with significant CCPA…
Biometric data is among the most sensitive personal information — it cannot be changed if compromised — and collection without explicit statutory consent violates laws like Illinois BIPA, which provi…
Despite the advisory not to share sensitive information, the platform collects and processes whatever users submit in chat, including highly sensitive disclosures made during AI conversations.
Voice recordings are sensitive biometric-adjacent data and may be retained and used for AI training or other purposes, with limited user control once submitted.
The collection of sensitive data creates elevated privacy and security risks; under CPRA, California residents have the right to limit how Chegg uses this category of information.
Biometric data is irreplaceable — unlike a password, you cannot change your face. Its collection and potential misuse creates lifelong privacy risks.
You cannot use Coinbase without surrendering a comprehensive set of identity and financial data — making a potential breach or misuse of this information particularly high-stakes for users.
Your internet service provider has a detailed view of your online activity, and this policy confirms Comcast collects and may use this data for network management, service improvement, and potentiall…
If your child uses Xfinity services, their data may still be collected and parents should be aware of what protections are in place and how to restrict data use for minors.
Device fingerprinting is a persistent tracking technique that can identify you across sessions and platforms without relying on cookies, making it harder to avoid and raising significant privacy conc…
Parents should be aware that children using EA services will have data collected about them, and some features require active parental consent to enable or restrict.
Your in-game conversations are not private — EA can record and review them, and may take action against your account based on what you say.
The use of an Epic subsidiary (KWS) to conduct parental verification for COPPA purposes raises questions about the independence and adequacy of the consent mechanism, and the upgrade pathway from Cab…
Facial images are biometric data under several laws including Illinois BIPA and GDPR Article 9, and collection of such data — even with a stated limited purpose — creates significant legal exposure a…
Users may not realize their voice is being recorded in snippets and that a third party reporting them can trigger transmission of audio to Epic, raising serious concerns about audio surveillance and …
These tools operate at a device level, meaning Epic collects data beyond just your in-game activity, which raises significant privacy concerns about the scope of monitoring.
Sensitive personal data carries higher privacy risks and is subject to stricter legal protections; its collection and use by Eventbrite and organizers requires careful scrutiny.
Continuous location tracking creates a detailed profile of your physical movements, which could be misused if exposed in a data breach or shared with third parties.
Health and biometric data is among the most sensitive personal information — it can reveal medical conditions, lifestyle habits, and other deeply private details that warrant strong legal protections.
Without robust age verification, children's sensitive health data could be collected and processed without appropriate parental consent, creating legal risk and real harm to minors.
This is among the most sensitive personal data a company can collect — it can reveal medical conditions, reproductive health, and daily routines, making robust data protection essential.
Biometric data is among the most sensitive personal information and, unlike passwords, cannot be changed if compromised — its collection and storage carries heightened risk.
This type of sensitive data carries heightened risks if misused, shared inappropriately, or exposed in a data breach, as it can lead to discrimination or harm in employment contexts.
Precise and continuous location tracking creates a detailed record of your physical movements, daily routines, home and work addresses, medical appointments, places of worship, and other sensitive lo…
Google's reliance on self-reported age verification across its vast ecosystem (YouTube, Search, Maps) creates significant risk that minors' data is collected and used for profiling in ways that viola…
If a child under 13 uses Google services without parental consent, Google may collect data from them in violation of COPPA, creating legal risk for Google and leaving children's data without the prot…
Consumers using apps powered by Google Maps should know that Google may collect data about their location and app usage, even within third-party applications.
HIV status is among the most sensitive categories of personal data; its exposure could lead to discrimination, stigma, or harm — particularly for users in jurisdictions where same-sex conduct or HIV …
Precise location data can reveal where you live, work, worship, or receive medical care — and for LGBTQ+ users, it can expose visits to locations that reveal sexual orientation or gender identity.
Grindr processes some of the most sensitive personal data possible — data that could expose users to discrimination, violence, or legal risk in certain jurisdictions if disclosed.
Government-issued IDs like Social Security numbers are the primary enabler of identity theft — their compromise can cause lasting financial and legal harm.
Your bank account details are among the most sensitive financial data — exposure could enable unauthorized withdrawals or identity theft.
This is among the most sensitive data a company can hold about you — a breach or misuse could lead to identity theft, financial fraud, or discrimination.
Biometric data is uniquely sensitive because it cannot be changed if compromised — its collection and use is subject to strict laws in several states including Illinois, Texas, and Washington.
Mental health data is among the most sensitive categories of personal information and its misuse or breach could cause serious harm to users' employment, insurance, and personal relationships.
This is the most legally protected category of personal data in most jurisdictions. If this data were exposed in a breach or misused, it could cause serious real-world harm including discrimination o…
Biometric data is among the most sensitive personal data because it is unique to you, cannot be changed like a password, and is specifically regulated in states like Illinois under BIPA, with potenti…
LinkedIn can build a profile of your browsing and activity across the internet, not just on LinkedIn itself, which is used to personalize ads and content.
You may have data in LinkedIn's systems that you never knowingly submitted, sourced from advertisers, data brokers, or others — and this data may be used to build a more detailed profile of you.
Real-time location tracking is one of the most sensitive categories of personal data, as it can reveal where you live, work, worship, and seek medical care.
Children's data is among the most sensitive category of personal information, and parents need to understand the scope of what Meta collects in order to make an informed consent decision.
Biometric data is uniquely sensitive because it cannot be changed if compromised — unlike a password — and its collection without proper consent has resulted in some of the largest privacy settlement…
This means Meta is building a detailed profile of your internet behavior far beyond what you do on Facebook or Instagram, including potentially sensitive browsing on health, financial, or political s…
Precise location data can reveal sensitive information about your daily routines, religious practices, medical appointments, and personal relationships — and Meta collects it both directly and by inf…
Health data is among the most sensitive categories of personal information, and its collection by a general technology company raises significant privacy concerns particularly regarding potential sec…
Voice recordings and typed content can contain highly sensitive personal information including passwords, private conversations, and confidential business data — their collection for product improvem…
Health and wellness data is among the most sensitive personal information, and you should understand what Noom collects, how it is used, and with whom it is shared.
Health and biometric data is among the most sensitive personal information — if misused or breached, it can affect your insurance, employment, and personal life in serious ways.
While OpenAI prohibits children from using its services, it relies on self-reported age verification, meaning minors may access the platform and have their data collected without adequate parental co…
OpenAI may know more about you than just what you tell it directly, using purchased or scraped data to enrich your profile, raising significant transparency and consent concerns.
Biometric data is uniquely sensitive and permanent — you cannot change your face or voice if this data is misused or breached, and collection is subject to strict state laws like Illinois BIPA.
Consumers may not realize that PayPal is building a profile on them even before they sign up, and that data collected without an account can be permanently associated with their future account.
The breadth of sensitive data collected creates a high-value target for data breaches and identity theft, and consumers should understand the full scope of what PayPal holds about them.
Precise location data is among the most sensitive categories of personal information and can reveal sensitive details about your daily routines, home address, and movements.
Health and fitness data is among the most sensitive categories of personal information, and its collection by a commercial entity creates risks of misuse, data breach exposure, and potential sharing …
Peloton collects sensitive health and fitness data that, if shared or breached, could have significant privacy implications for users.
Even if you have never created a Pinterest account, the company may be building a profile about your online behavior using tracking tools placed on other websites.
These tracking tools allow Poshmark and its advertising partners to build a detailed profile of your online activity — both on and off Poshmark — and use it to target you with ads, which you can part…
Financial data is among the most sensitive personal information, and its collection by an investment platform creates significant privacy and security risks if misused or breached.
This is among the most sensitive personal and financial data a consumer can share, and its collection, storage, and potential sharing with partners warrants careful attention.
Kernel-level access represents a significant security and privacy risk — if the software is compromised or misused, it could expose sensitive system data or create vulnerabilities on your device.
This data is among the most sensitive a company can hold — a breach or misuse could enable identity theft, financial fraud, or targeted surveillance of your physical movements.
Biometric data is among the most sensitive personal data; its collection and use is regulated by state laws like Illinois' BIPA, and users should understand how their facial data is used, stored, and…
Millions of Roblox users are children — this provision sets the legal floor for what data Roblox can collect from them and requires parental involvement.
Your profile at Skillshare is enriched with data from outside sources you may never have interacted with, meaning the company knows more about you than what you directly provided.
Session replay tools capture highly detailed behavioral data that goes beyond typical analytics — they can record sensitive information you type or interact with on screen, raising significant privac…
Precise location tracking can reveal sensitive information about your daily routine, home address, workplace, religious attendance, and medical visits.
This means third parties who have not agreed to Snapchat's terms and have no relationship with Snap have their contact information collected and stored by the company.
Voice recordings and facial images are sensitive biometric-adjacent data types; while Spotify commits to immediate deletion of Age Check data, voice data retention and processing by third-party age v…
This means your name, payment card details, and purchase history can end up in Square's systems simply by swiping your card at a café or retail store that uses Square — without your direct knowledge …
Precise location data is one of the most sensitive categories of personal information — it can reveal where you live, work, worship, and receive medical care, and its collection by a payment processo…
Providing a government ID or biometric data to Square creates a sensitive data record that is subject to strict legal protections, and any breach or misuse of this data carries significant identity t…
Square collects a wide range of data about you, your customers, and your business transactions, and uses it for purposes beyond processing payments — including marketing and sharing with partners — w…
This level of financial data collection — especially bank login credentials — represents significant privacy and security risk if that data is ever compromised or misused.
Granting precise location access to Strava means the app continuously collects your exact movement data — routes, timing, pace — which when aggregated over time creates a detailed record of your phys…
Most consumers do not know that Stripe is operating behind the scenes at online checkouts and collecting their data, making it difficult to exercise privacy rights or make informed consent decisions.
Stripe's tracking technologies follow you across the web wherever Stripe's payment technology is embedded, building a behavioral profile that can be used for fraud detection, analytics, and marketing…
Sensitive personal information such as Social Security numbers, precise location, and financial data represents your highest-risk data — exposure or misuse of this data can enable identity theft, fin…
Sensitive personal information carries heightened legal protections under CPRA and analogous state laws, and Target's collection of health-adjacent purchase inferences and precise location data creat…
Collecting government-issued identity documents and social security numbers represents some of the highest-value data for identity theft; a breach involving this data would have severe consequences f…
Criminal background data is among the most sensitive categories of personal information, and its collection, retention, and potential disclosure to third parties creates significant risks for Taskers…
Health information is a sensitive personal data category under GDPR and CCPA, requiring stronger protections and explicit consent — its collection by a ticketing company warrants close attention.
Providing a government-issued ID to a ticketing platform and its payment processor creates significant data sensitivity risks, particularly given Ticketmaster's history of data breaches.
Biometric data is among the most sensitive personal information because it is unique and permanent — you cannot change your face or voice if this data is misused.
Most users visiting a policy or safety page would not expect their device's physical sensors and clipboard to be monitored; this collection goes significantly beyond what is necessary for displaying …
Clipboard monitoring is particularly invasive because clipboard contents can include passwords, personal messages, financial information, and other sensitive data that users copy from other applicati…
Geolocation data is among the most sensitive personal data types because it can reveal home addresses, workplace locations, places of worship, medical facilities visited, and movement patterns, all o…
Precise location data can reveal sensitive information about your daily routines, home and work address, places of worship, and medical facilities you visit.
Sensitive personal data receives heightened legal protections under state privacy laws, and users should be aware that publicly posting content about these topics may expose this information to other…
You may believe that content you decide not to share stays private, but TikTok's policy allows collection of that content before any publishing decision is made.
Biometric data is uniquely sensitive because it cannot be changed if compromised; its collection by a commercial dating app creates significant legal and personal safety risks, particularly for users…
This is some of the most private information about a person, and its collection and potential exposure through data breaches or third-party sharing creates meaningful personal safety and discriminati…
Precise location data on a dating app can create personal safety risks, including enabling stalking or harassment, particularly for vulnerable users.
This means Uber knows where you are at all times during your working hours — not just when you have a passenger — which creates a comprehensive record of your movements and could be used to make deci…
Biometric data including facial geometry is among the most sensitive personal information — it cannot be changed if compromised, and collection without explicit written consent and a documented reten…
Precise location data is one of the most sensitive categories of personal information, and its collection and sharing can reveal details about your daily life, health, religion, and relationships.
Continuous location tracking creates a detailed record of your movements, which can reveal sensitive information about your daily routine, home, workplace, and habits.
Continuous collection of precise location and movement data is among the most sensitive categories of personal information, and its sharing with third parties including Waze's parent company Google r…
Biometric data is uniquely sensitive because it cannot be changed like a password; misuse or a breach involving biometric data carries irreversible privacy consequences.
The breadth of data collected — spanning identity, finances, and behavior — creates significant privacy exposure and potential risk if data is breached or misused.
This means people who have never agreed to WhatsApp's terms have their phone numbers and contact information processed by Meta, raising consent issues for third parties.
Location data is among the most sensitive categories of personal information and can reveal details about your habits, health, religion, and personal relationships.
Location data is among the most sensitive personal data categories and is used by X for ad targeting and service personalization, even if you never explicitly share it.
This means X is building a profile of your interests and behavior even when you're not actively using X, which is used to target you with ads.
X's profile of you is not limited to what you share directly — it is enriched with data purchased or received from outside companies, making it more detailed and harder to control.
Voice data is biometric-adjacent and is subject to strict state laws in Illinois (BIPA) and Texas (CUBI) that require written consent before collection and provide private rights of action.
Call recordings may capture sensitive personal conversations and can be retained and analyzed, raising significant privacy concerns for both consumers and businesses.
Precise location data is among the most sensitive categories of personal information and can reveal where you live, work, worship, or receive medical care.
Even without a name or address, building a behavioral profile of a child's viewing and search habits raises privacy concerns and is subject to COPPA requirements.
This significantly expands the scope of data collection from anonymous identifiers to identifiable child profiles, and the data persists across devices and after sign-out unless actively deleted.
This is a broad consent to surveillance of your communications and automated contact, with significant privacy implications that many users may not fully realize they are agreeing to.
Third-party cookies and trackers mean companies beyond Amazon may also be collecting data about your behavior while you use Amazon's services, compounding the privacy impact.
Tracking technologies can build detailed profiles of your behavior across Anthropic's services, and some of this data may be used for targeted advertising.
This provision gives consumers a standardized, pre-download disclosure of exactly what data an app will collect, including sensitive categories like health data, financial information, location, and …
Financial transaction data reveals detailed information about your spending habits, health-related purchases, political donations, and personal associations, making it among the most sensitive catego…
Apple collects detailed behavioral data — including every song you play, movie you watch, app you download, and search you conduct — which is used to build a profile of your interests and may be shar…
A persistent 7-day tracking cookie tied to a session ID means Audible can recognise and profile your device across multiple visits within that period, even if you do not log in.
Uploading your contacts shares the personal information of third parties — your friends and family — who have never consented to BeReal collecting their data.
This automatic collection of behavioral data builds a detailed profile of your activity and can be used for targeted advertising, shared with third parties, or combined with other data sources.
Bumble reserves the right to run background checks on users, which could implicate consumer reporting laws, and users may not be notified when such checks occur.
This allows a commercial app to access health-related data from your device's health platform, raising questions about how sensitive wellness data is handled and protected.
Recording communications without clear, prominent notice may implicate wiretapping laws and creates a persistent data record of potentially sensitive conversations.
Precise geolocation data is classified as sensitive personal information under several state privacy laws, requires explicit consent or opt-in in some jurisdictions, and can reveal sensitive details …
Financial services apps used by or accessible to minors face COPPA obligations requiring verifiable parental consent before collecting personal information from children under 13, and recent FTC enfo…
Tracking technologies allow Chase and its partners to build a detailed profile of your online activity, which is used to serve targeted advertisements and improve services.
Even before you create an account, Coinbase and its advertising partners may be tracking your browsing behavior and financial interests across the web for targeted advertising purposes.
Your personal data, browsing activity, and usage information may be collected and used in ways described in a separate privacy document that you are legally bound by upon accepting this agreement.
These technologies collect data about your online activity even outside of document signing, and some of this data is shared with third-party advertising and analytics partners.
Broad automatic tracking across all Epic Services for advertising and analytics purposes is subject to cookie consent requirements in the EU and UK, and users may not be aware of the extent of passiv…
Collection and storage of payment card data implicates Payment Card Industry Data Security Standards (PCI DSS) and creates financial fraud risk for users if the data is not adequately secured.
If a child under 16 uses Eventbrite without parental awareness, their data may be collected until Eventbrite becomes aware of the violation, at which point it would be deleted.
Your online activity, even outside of Eventbrite, may be tracked and used to build a profile of your interests and serve you targeted advertisements.
Tracking technologies allow Figma and its partners to build detailed profiles of your online behavior, which is used for targeted advertising and product analytics — and under EU/UK law, most non-ess…
Tracking technologies can follow you across websites and build a detailed picture of your interests and habits, often without you realizing it.
Understanding what data is collected helps you assess your privacy exposure and decide whether you're comfortable using the platform.
U.S. users are tracked by default unless they actively opt out, while EU/UK users must affirmatively consent before tracking begins.
If a minor under the applicable age limit has created an account, their data may have been collected without valid parental consent, creating a legal and safety concern.
Parents and guardians should be aware that GitHub collects account data from users as young as 13, and minors using the platform are subject to the same terms and content exposure as adults.
Tracking technologies allow GitHub to monitor your activity both on and potentially off their platform, building a profile of your behavior that may be shared with third parties.
Private messages you send through Glassdoor are not truly private — they are collected, stored, and processed as personal data by the company.
Passive technical data collection — including device identifiers and location — combined with conversation content creates a rich behavioral profile that extends beyond what users typically associate…
Tracking technologies can be used to build detailed profiles of your online behavior, which may be shared with advertising partners or used to target you with ads.
Tracking technologies can collect detailed behavioral data about your mental health app usage and share it with advertising networks, going beyond what users might expect for a sensitive health platf…
Precise location data is highly sensitive and can reveal sensitive information about your daily routines, home address, workplace, and places of worship. On a dating app, it can also create safety ri…
Submitting a government ID to a dating app means sharing one of the most sensitive documents you own — one that could be misused for identity theft if data were compromised in a breach.
Users have no meaningful ability to opt out of cookies without losing access to the service, which limits their control over data collection.
Tracking technologies allow Ledger and third-party partners to monitor your browsing behavior, device information, and interactions with Ledger's services, potentially building detailed profiles.
Location data is among the most sensitive categories of personal information and can reveal patterns about your daily life, workplace, and behavior.
Financial data is highly sensitive and its collection and storage by Lyft creates potential exposure if there is a data breach or unauthorized access.
Diagnostic data collection is enabled by default on Windows devices, meaning that unless you actively change your settings, Microsoft continuously receives information about your device usage, instal…
Your personal data, usage patterns, and content interactions across Microsoft's ecosystem of services are collected and processed under a privacy framework that consumers must separately review to un…
Granting full remote access to your computer during a support session carries significant privacy and security risks that consumers should be aware of before consenting.
These tracking technologies allow Netflix and its advertising partners to monitor your behavior across the internet, building a detailed profile that influences the ads and content you see.
Gameplay data collection creates a detailed behavioral profile of your gaming habits that Nintendo can use for product improvement, marketing, and potentially third-party sharing.
Tracking technologies allow Nintendo and its partners to monitor your online activity, which can be used to build profiles for targeted advertising even beyond Nintendo's own platforms.
Tracking technologies can build a detailed profile of your behavior across the web, including on health-related content, which can be used to serve targeted ads or shared with advertising networks.
Location data is sensitive personal information that can reveal where you live, work, and travel, and its use for advertising purposes goes beyond what many users would expect from a streaming servic…
Families and parents should know that if a child under 13 uses the service, Paramount+ has obligations to limit data collection, but enforcement depends on age verification mechanisms which may not b…
The breadth of data collected — including financial and behavioral data — means Patreon holds a detailed profile of both your identity and your activity, which can be used for purposes beyond simply …
Hard credit inquiries can affect your credit score, and this consent allows PayPal to pull your credit report multiple times over the life of the account without specific authorization each time.
Precise location data reveals sensitive details about your movements and daily life, and its use for advertising and partner recommendations goes beyond basic service delivery.
If a child's data is inadvertently collected, COPPA violations and significant regulatory penalties could result, and parents should be aware of what data might be associated with family accounts.
Tracking technologies allow Peloton and its partners to monitor your online behavior across sessions and potentially across other websites, building a detailed profile of your interests and habits.
Cookies and trackers allow Pinterest and its partners to monitor your online behavior extensively, including on websites that have nothing to do with Pinterest, building a detailed profile about you.
While Pinterest prohibits use by young children, the platform's age verification mechanisms are limited, meaning younger users may still access the service and have their data collected.
This means Poshmark's profile of you extends beyond what you directly provide, incorporating external data sources that you may not be aware of, potentially including your activity on other websites.
These trackers collect behavioral data that may be shared with Google and other companies, expanding the footprint of data collection beyond Public.com itself.
Reddit is building a detailed behavioral profile of you through automatic data collection regardless of whether you are a registered user, which means even passive browsing of Reddit generates data t…
You may not be explicitly notified at the start of every call that it is being recorded, and your recorded conversations are stored and could contain sensitive real estate or financial information.
Precise geolocation data is highly sensitive and can reveal where you live, work, or travel, and may be shared with third parties for advertising purposes.
Passive data collection begins the moment you visit Redfin's site, even without registering, meaning your browsing behavior and interests are tracked and can be used for advertising without you takin…
Tracking technologies can follow your activity across websites and services, building a profile that is shared with advertising partners without you necessarily being aware of the full scope.
Parents are legally responsible for monitoring their children's use of Riot Games, including any purchases made, and Riot may collect data on minors subject to COPPA and similar regulations.
Beyond your financial account data, Robinhood builds a detailed behavioral profile of your platform usage that can be shared with advertising technology partners and used to target you with financial…
Cookies allow Roblox and its partners to track your activity across sessions and potentially across the web, which affects your privacy and the ads you see.
Tracking technologies can follow your activity beyond Shopify's own sites, building a profile of your interests and behaviors used for targeted advertising.
Many shoppers don't realize that Shopify, not just the store they're buying from, also collects and processes their personal data.
Teachers share highly sensitive financial and tax identification data with Skillshare and its third-party payment and tax compliance partners, creating significant data security and identity theft ri…
The breadth of device-level data collection, including local network scanning and sensor data, goes beyond what many users would expect from a music streaming service and can enable precise device fi…
Third-party tracking technologies enable Square and its partners to monitor your browsing behavior beyond Square's own properties, which can be used for targeted advertising and behavioral profiling …
The breadth of data collected means Stability AI builds a detailed profile of users, including financial and behavioral data, which increases the importance of understanding how that data is protecte…
Biometric-adjacent data such as facial images used for identity matching may be subject to state biometric privacy laws (e.g., Illinois BIPA) and creates long-term data retention concerns.
Beyond your financial data, Stash tracks where you are and how you behave digitally, building a detailed profile that may be used for marketing or shared with third parties.
Consumers who rely on browser privacy settings to limit tracking will find those controls have no effect on Stash's data collection practices.
By enrolling in Link, you are creating a persistent financial identity profile with Stripe that is shared across unrelated merchants, giving Stripe broad visibility into your purchasing behavior beyo…
If T-Mobile collects data from children under 13 on family plan lines without adequate COPPA-compliant parental consent, both the company and parents face significant risks — the company faces FTC en…
Hard credit inquiries can temporarily lower your credit score and remain on your credit report for up to two years; consumers should be aware that simply applying for a service plan triggers this.
Using legitimate interests rather than consent for location and device data collection means TaskRabbit does not need your permission before collecting this data — though EU/UK users retain the right…
For a healthcare company like Teladoc, the use of third-party tracking pixels and analytics tools on web properties can implicate HIPAA if those tools receive individually identifiable health informa…
Tracking technologies collect detailed behavioral data including your physical location and browsing patterns, which is shared with advertising and analytics partners and governed by a separate Cooki…
Information you share with AI tools may be sensitive or personal, and its collection and use for training or improving AI models represents a significant and often overlooked data privacy risk.
Your clipboard may contain sensitive information such as passwords, bank account numbers, or private messages that you copied from another app.
Battery status data has been specifically identified by European privacy regulators as a browser fingerprinting vector that can be used to re-identify users even after they clear cookies, effectively…
Unlike using a fully independent third-party analytics tool, Twilio's use of its own Segment platform means your website browsing data can be integrated with other data Twilio holds about you as a cu…
Consumers who receive SMS messages or calls routed through Twilio's platform may not realize their communications data is not protected by this policy, creating a transparency gap about how their per…
Health data is a special category of particularly sensitive personal information under GDPR, and its collection and processing requires explicit consent and heightened security protections — drivers …
Collection of bank account numbers and government tax identification numbers represents some of the highest-risk personal data — a breach or misuse of this data could directly enable financial fraud …
Criminal record data is among the most sensitive categories of personal information, and its collection, retention, and use in automated eligibility decisions creates significant risk of discriminato…
Even though a blockchain address isn't a name, it can be linked to your identity through other means, and your full transaction history is publicly visible — meaning this screening gives third partie…
Even though Uniswap says it doesn't collect your personal identity, these tracking technologies can build a detailed profile of your browsing and trading behavior over time.
While this is a legal baseline requirement, parents should be aware that family plans may involve minors whose data could still be collected incidentally through shared account usage.
If a child uses Waze without parental knowledge, their location and personal data may be collected without the additional protections required by law for minors.
Parents should be aware that Waze collects extensive location and driving data from teenage users aged 16-17, and parental consent is required for their use of the app.
Reports you submit may be linked to your account and location at the time of submission, creating a record of your activity and whereabouts.
Biometric data is among the most sensitive personal information and is subject to strict state laws in Illinois, Texas, and Washington; the 90-day vendor destruction requirement offers some protectio…
Cross-device tracking creates a more comprehensive behavioral profile than single-device tracking, and consumers may not be aware their activity is being linked across their phone, tablet, and comput…
Wise collects significant financial and identity data about you as required by financial regulation, and your consent to this data use is a condition of using the service.
The scope of data collection and sharing practices is governed by a separate Privacy Statement document, meaning users must review multiple documents to fully understand how their data is handled.
Precise location data is among the most sensitive categories of personal information, and its collection — even with permission — creates risks if retained long-term or combined with other data to in…
Voice data from children is among the most sensitive categories of biometric-adjacent data; parents should know it is collected even briefly and understand they are trusting Google's deletion claim w…
The UE framework links performance telemetry to your unique session ID and request ID, meaning your browsing speed data is tied to an identifiable session rather than being collected anonymously.
While primarily a security feature, this mechanism means Audible is collecting technical event data from your browser environment, which could include information about your browser extensions or sec…
Tracking technologies collect data about your browsing habits, which can be used to profile you and shared with advertising partners, affecting your privacy beyond just the Betterment platform.
Your support conversations and your responses to Netflix emails and notifications are stored and analyzed, which may feel invasive to consumers who assume these interactions are transient.
Netflix Games collects data beyond standard streaming activity, including data that can be shared with other players, which users may not anticipate when accessing games through their Netflix subscri…
Tracking technologies allow Slack and its partners to build profiles of your behavior across the web, which can affect the ads you see and how your data is shared with third-party advertisers.
Payment data is highly sensitive financial information; while Spotify limits storage of full card numbers, your purchase history and payment method details are retained and used for billing, fraud pr…
Cookies and trackers can build detailed profiles of your browsing behaviour and interactions with Stability AI's services, and some of this data may be shared with third-party advertisers or analytic…
This is a legally required disclosure under COPPA and is generally standard, but it places the compliance burden on Zelle to ensure it does not inadvertently collect data from minors through cookie-b…
Create a free account and watch the platforms that matter to you. We'll email you the moment something changes.