The collection of social security numbers, government photo ID, and criminal history represents some of the most sensitive categories of personal data, and their exposure in a breach or unauthorized disclosure carries significant identity theft and discrimination risk.
This provision establishes specific restrictions on data transferred to LinkedIn through the Insight Tag and ad targeting systems, including a categorical prohibition on sensitive data targeting and child data transfers. LinkedIn reserves the right to check advertiser compliance with these restrictions from time to time.
Most privacy frameworks that designate sensitive personal information as a distinct category do so specifically to limit its use for commercial purposes like advertising; using sensitive data for targeted advertising is among the more expansive assertions in this policy.
Fitbit
· Fitbit Privacy Policy
The breadth of health categories collected, particularly menstrual cycle tracking and ECG data, places this data among the most sensitive personal information categories, with implications for how it may be used, shared, or subpoenaed under applicable law.
Sexual orientation and gender identity are categorized as special category data under GDPR, requiring explicit consent and heightened protection standards. Sharing this data with a platform and its potential partners carries material privacy risks.
Grindr
· Grindr Terms of Service
HIV status and sexual orientation are among the most sensitive categories of personal data, and their collection and potential disclosure can create significant real-world risks for users including discrimination, outing, and safety threats.
Tinder
· Tinder Privacy Policy
Sexual orientation and health status are among the most sensitive categories of personal data, and once disclosed on a dating platform, they are processed and potentially shared in ways users may not fully anticipate.
ADP
· ADP Privacy Statement
These are among the most sensitive categories of personal information recognized under privacy law globally. Payroll and HR platforms often require some of this data, but its collection by a single provider at scale creates elevated risk if data is breached or misused.
These are the most sensitive categories of personal data and their collection by any entity, particularly a data broker that has experienced significant data breaches historically, creates meaningful risk if data is misused or exposed.
The collection of sensitive personal information categories including financial account identifiers and government-issued IDs creates heightened obligations under CPRA and analogous state statutes, and the right to limit use means consumers can restrict Walmart from using this data for purposes beyond the immediate service transaction.
This is among the most sensitive category of personal data under both GDPR and US state privacy laws, and its collection on a professional networking and job platform creates meaningful risk if data is misused or inadvertently disclosed to employers.
Gusto
· Gusto Privacy Policy
This data is among the most sensitive a company can hold; unauthorized exposure could enable identity theft, financial fraud, or discrimination.
These categories of data carry the highest privacy risk; their exposure in a data breach or unauthorized sharing can cause significant harm including identity theft, discrimination, and financial loss.
Sensitive personal information categories carry heightened regulatory protection under multiple state laws, and the phrase 'as otherwise permitted by applicable law' leaves the scope of permitted uses subject to evolving legal standards.
Ford
· Ford Privacy Policy
Sensitive personal information including precise geolocation and biometrics carries heightened privacy risks and is subject to special protections under California law; consumers have the right to limit how Ford uses this data category.
Users of AI chat platforms commonly share personal details in the course of conversation, and this provision acknowledges that sensitive categories of data may be collected through those interactions, with the policy's primary protection being an advisory warning rather than a technical or contractual restriction on collection.
Sensitive personal information is subject to the strongest legal protections under state privacy laws, and its collection by a retail company is noteworthy given the breadth of categories disclosed.
The CPRA established specific rights for consumers to limit the use and disclosure of sensitive personal information; the policy's disclosure of sensitive data categories triggers those rights for California residents and creates heightened compliance obligations for Walmart's health and pharmacy data practices.
Sensitive personal information carries the highest privacy risk and is subject to the strongest legal protections in most jurisdictions; its collection by a data broker and information products company creates heightened exposure for affected individuals.
Under CPRA, sensitive personal information is subject to heightened use limitations and consumers have a statutory right to limit its use beyond service delivery. This provision establishes the right but the operational scope of what constitutes service-necessary use for health and pharmacy data in an integrated retail-pharmacy context requires evaluation.
Grindr
· Grindr Privacy Policy
The provision creates a categorical restriction on the use of designated sensitive personal information categories within the entity's AI systems and model training processes, establishing a processing boundary that distinguishes these data elements from other information subject to the privacy policy's AI provisions.
Hinge
· Hinge Privacy Policy
Sexual orientation, health, and religious data are among the highest-risk categories of personal information because their exposure can lead to discrimination or harm in certain contexts, and the consent mechanism here is embedded in the act of voluntarily providing the data rather than through a separate explicit consent step.
Grindr
· Grindr Privacy Policy
Sexual orientation is a special category of personal data under GDPR and equivalent frameworks, requiring the highest level of protection. Using or sharing this data for advertising purposes raises significant legal and ethical concerns.
Many users may not realize that enrollment through an employer or university program means their learning activity is visible to that organization, which could affect employment or academic assessments.
Acorns
· Acorns Privacy Policy
This provision authorizes disclosure of personal information, which may include financial account data, device identifiers, and behavioral data, to advertising partners for targeted advertising purposes, a practice that may constitute sale or sharing under CCPA and that engages GLBA's restrictions on sharing nonpublic personal information with nonaffiliated third parties.
Brex
· Brex Privacy Policy
This provision creates a CCPA/CPRA opt-out obligation and requires Brex to provide and honor a 'Do Not Sell or Share My Personal Information' mechanism; failure to do so creates enforcement exposure with the California Privacy Protection Agency.
The policy states that Cash App may exchange information with credit bureaus, past and present employers, and personal reporting agencies, which creates a bilateral data relationship where information may both be received from and reported to these entities, with potential consequences for credit reports and financial access.
This provision means your financial data can reach companies outside the Bank of America corporate family for marketing purposes unless you actively exercise your opt-out right.
The creation of a named child profile that includes age and birth month, linked to watch and search history, represents a more detailed personal data record than the signed-out state and has direct implications for COPPA compliance given the identifiable nature of the information.
The Singapore regional deployment means that advertiser personal data and campaign data may be transferred outside the EU/EEA and UK, engaging cross-border transfer restrictions under GDPR Chapter V and UK GDPR, and requiring appropriate transfer mechanisms such as Standard Contractual Clauses.