The inclusion of data broker-sourced information means OpenAI may know more about you than you realize, potentially combining purchased data profiles with your ChatGPT conversations.
The use of an Epic subsidiary (KWS) to conduct parental verification for COPPA purposes raises questions about the independence and adequacy of the consent mechanism, …
The policy uses a 'knowingly' standard for children's data collection, which is the minimum COPPA threshold but may be insufficient given Spotify's behavioral profiling and …
Fitness equipment is frequently used by minors in family households, and a policy that relies on self-certification without technical age verification creates meaningful risk that …
Google
· Google Privacy Policy
Despite COPPA protections, children under 13 may still access Google services and have data collected — the protections apply primarily to supervised accounts, not all …
Microsoft
· Microsoft Privacy Statement (Legacy)
If a child in your household uses Xbox, Minecraft, or a family Microsoft account, their gaming behaviour, location, voice chat, and usage data may be …
If your child uses Xfinity services, their data may still be collected and parents should be aware of what protections are in place and how …
Microsoft
· Microsoft Privacy Statement (Legacy)
If your child uses Microsoft products independently without parental oversight, their data may still be collected unless a family account with proper parental controls is …
EA
· EA Privacy and Cookie Policy
Children's data receives heightened legal protection, and the adequacy of EA's consent mechanisms and data minimization practices for child accounts directly affects whether EA complies …
While OpenAI prohibits children from using its services, it relies on self-reported age verification, meaning minors may access the platform and have their data collected …
Fitbit
· Fitbit Privacy Policy
Without robust age verification, children's sensitive health data could be collected and processed without appropriate parental consent, creating legal risk and real harm to minors.
OpenAI
· OpenAI Privacy Policy
Minors using ChatGPT below the age threshold may have their data collected without COPPA-compliant parental consent, creating legal risk for OpenAI and privacy risk for …
Amazon
· Amazon Privacy Notice
If a child under 13 uses Amazon services without proper parental consent setup, their data may be collected in violation of federal law, putting both …
TikTok
· TikTok Community Guidelines
Clipboard data can contain highly sensitive information including passwords, personal messages, financial data, and confidential business content; monitoring it at full sample rate without explicit …
Even without a name or address, building a behavioral profile of a child's viewing and search habits raises privacy concerns and is subject to COPPA …
Apple
· Apple Privacy Policy
Health data is among the most sensitive personal information and is subject to heightened legal protections; unauthorized access or misuse can cause serious personal and …
Grindr
· Grindr Privacy Policy
HIV status is among the most sensitive categories of personal data; its exposure could lead to discrimination, stigma, or harm — particularly for users in …
Personal data you input into Claude, including data pulled from connected third-party apps, becomes part of Anthropic's data collection and may be reproduced in outputs, …
The breadth of sensitive data collected — particularly Social Security numbers and detailed financial histories — creates significant risk if shared broadly or in the …
Noom
· Noom Privacy Policy
Health and biometric data is among the most sensitive personal information — if misused or breached, it can affect your insurance, employment, and personal life …
Mental health data is among the most sensitive categories of personal information and its misuse or breach could cause serious harm to users' employment, insurance, …
Gusto
· Gusto Privacy Policy
This is among the most sensitive data a company can hold about you — a breach or misuse could lead to identity theft, financial fraud, …
This data is among the most sensitive a company can hold — a breach or misuse could enable identity theft, financial fraud, or targeted surveillance …
This means third parties who have not agreed to Snapchat's terms and have no relationship with Snap have their contact information collected and stored by …
This means people who have never agreed to WhatsApp's terms have their phone numbers and contact information processed by Meta, raising consent issues for third …
Uber
· Uber Privacy Notice
Continuous background location tracking creates a detailed record of a driver's movements that extends beyond active trip time, raising significant privacy concerns and enabling inferences …
Waze
· Waze Privacy Policy
Continuous location tracking creates a detailed record of your movements, which can reveal sensitive information about your daily routine, home, workplace, and habits.
Uber
· Uber Privacy Notice
This means Uber may know your exact whereabouts at all times — not just during trips — which is a significant privacy intrusion that goes …
Uber
· Uber Privacy Notice
Continuous location tracking creates a detailed record of a driver's movements, routines, and patterns far beyond what is necessary to complete a trip, raising serious …
Stripe
· Stripe Privacy Policy
Stripe's tracking technologies follow you across the web wherever Stripe's payment technology is embedded, building a behavioral profile that can be used for fraud detection, …