Acorns
· Acorns Privacy Policy
Geolocation data is classified as sensitive personal information under the CPRA, giving California residents specific rights to limit its use, and precise location data can reveal sensitive personal patterns when combined with financial activity data.
Stash
· Stash Privacy Policy
Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.
Precise geolocation data is among the most sensitive personal data types, and its collection — combined with event attendance records — can reveal sensitive details about your interests, associations, and movements.
Precise geolocation and persistent device identifiers are among the most sensitive categories of data for advertising and tracking purposes, and their collection by Disney for cross-platform profiling has significant privacy implications.
Hinge
· Hinge Privacy Policy
Precise location data is highly sensitive and can reveal sensitive information about your daily routines, home address, workplace, and places of worship. On a dating app, it can also create safety risks if mishandled.
Precise geolocation data is among the most sensitive categories of personal information because it can reveal where you live, work, and travel on a regular basis, and this data is used not just operationally but also for advertising.
Precise geolocation data can reveal sensitive patterns about your physical movements and routines, and its collection by a financial services app may not be expected by most users.
GOAT
· GOAT Privacy Policy
Precise geolocation data is a sensitive category of personal information that can reveal your home, workplace, daily routines, and patterns of movement, and its use for advertising or sharing with partners carries meaningful privacy implications.
Bumble
· Bumble Privacy Policy
Precise geolocation data is one of the most sensitive personal data categories because it can reveal where you live, work, worship, and socialize, creating real-world safety and privacy risks for dating app users in particular.
Venmo
· Venmo Privacy Policy
Precise geolocation is classified as sensitive personal information under California's CPRA, meaning California residents have the right to limit its use; for all users, continuous location tracking by a financial app creates a detailed record of physical movements linked to financial activity.
Redfin
· Redfin Privacy Policy
Geolocation data can reveal sensitive information about where you live, work, and spend time, and Redfin uses it both to personalize the service and for broader advertising and targeting purposes.
Geolocation data reveals your daily movements and home/away patterns, which combined with alarm system activity data creates a detailed behavioral profile tied to your physical residence.
Location data can reveal sensitive patterns about where you live, work, seek medical care, or worship, and precise geolocation is classified as sensitive personal information under California law and several other state privacy frameworks.
Precise geolocation data is classified as sensitive personal information under CPRA and similar state laws, meaning its collection and use for marketing purposes requires specific disclosure and a mechanism allowing consumers to limit this use beyond service delivery functions.
Airbnb
· Airbnb Privacy Policy
Precise geolocation data is a sensitive category of personal information that can reveal your home address, travel patterns, and daily movements, making it a high-value data type for both personalization and potential misuse.
Strava
· Strava Privacy Policy
Even aggregated or deidentified GPS data, particularly from users who regularly follow distinct routes, can in some cases be re-identified or used to infer sensitive location patterns; this feature has attracted national security and privacy scrutiny in the past.
Arlo
· Arlo Terms of Service
Google Analytics data transfers to US servers have been found unlawful under GDPR by multiple EU regulators, and conversion tracking enables Google to link your Arlo purchases to your Google advertising profile.
Arlo
· Arlo Privacy Policy
Google Tag Manager acts as a container that can load any number of tracking scripts, including analytics, advertising, and remarketing tags, meaning the full scope of third-party data collection is controlled server-side and may change without visible notice to users.
Hinge
· Hinge Privacy Policy
Government-issued ID contains highly sensitive identity information including your full legal name, date of birth, address, and ID number, and submitting a copy to a third-party app creates risks if that data is not adequately secured or if it is retained longer than necessary.
Uber
· Uber Privacy Notice
Health data is a special category of particularly sensitive personal information under GDPR, and its collection and processing requires explicit consent and heightened security protections — drivers should understand when and why this data is collected.
Calm
· Calm Privacy Policy
This allows a commercial app to access health-related data from your device's health platform, raising questions about how sensitive wellness data is handled and protected.
Calm
· Calm Privacy Policy
Sleep data from health apps is sensitive personal information; while Calm states it limits use of this data to its original purpose, users should understand what they are consenting to when granting health app access.
Strava
· Strava Privacy Policy
This commitment offers meaningful protection for sensitive health metrics like heart rate and VO2max collected from wearables, but the carve-out for 'specific purposes described in this Policy' means AI training and service improvement uses may still apply.
Home lending triggers significantly broader data sharing than investment services alone, and your most sensitive financial and personal data flows to underwriters, credit agencies, and servicers over the entire life of the loan.
Netflix
· Netflix Privacy Statement
This extends Netflix's data collection into your home network environment, potentially identifying all Netflix-capable devices in your household — a level of surveillance that goes beyond typical streaming service data collection.
Eufy
· Eufy Privacy Policy
A detailed map of your home's interior — including room layout, entry points, and daily patterns — is highly sensitive security and personal data that goes far beyond what consumers typically expect a vacuum cleaner to collect and store.
Coinbase collects and retains substantial personal and financial identity information that is shared with regulators on request, and you can be required to provide more documentation at any time or risk account restrictions.
Stash
· Stash Privacy Policy
Biometric-adjacent data such as facial images used for identity matching may be subject to state biometric privacy laws (e.g., Illinois BIPA) and creates long-term data retention concerns.
Inference data is one of the more sensitive categories under modern privacy law because it represents conclusions drawn about you that you may not be aware of, and which may affect how you are marketed to or evaluated.
Inferred data profiles can be highly sensitive and accurate, yet users have limited visibility into what has been inferred about them and limited ability to correct inaccurate inferences.