When combined with your health and fitness data, behavioral tracking creates a detailed profile that could reveal sensitive health inferences about you — such as weight loss attempts or dietary restrictions — which are then accessible to advertising partners.
These tools operate at a device level, meaning Epic collects data beyond just your in-game activity, which raises significant privacy concerns about the scope of monitoring.
eBay
· eBay User Agreement
This is a broad consent to surveillance of your communications and automated contact, with significant privacy implications that many users may not fully realize they are agreeing to.
This cross-site and cross-device tracking builds a detailed behavioral profile used for targeted advertising and is shared with Amazon's extensive advertising network.
Criminal background data is among the most sensitive categories of personal information, and its collection, retention, and potential disclosure to third parties creates significant risks for Taskers if mishandled.
Uber
· Uber Privacy Notice
Criminal record data is special category data under GDPR requiring explicit lawful basis, and the use of background check results in automated eligibility decisions creates risk of disproportionate impact on protected classes without adequate transparency about the decision criteria.
Battery status fingerprinting was specifically condemned by EU data protection regulators as a covert tracking method requiring explicit consent — TikTok's active blocking rule suggests prior unlawful collection that may require regulatory disclosure.
Behavioral advertising involves your browsing history and online activity being collected and analyzed by third-party ad networks — not just AWS — and used to build a profile of you for advertising purposes across the internet.
Gusto
· Gusto Privacy Policy
The extensive deployment of third-party advertising trackers — including Facebook Pixel, Google Ads, LinkedIn Insight Tag, Reddit Pixel, Quora, Marketo, ZoomInfo, Invoca, and Quantcast — observed on the Gusto website represents broad sharing of visitor data with advertising networks, which under CPRA constitutes 'sharing' requiring an opt-out mechanism.
Acorns
· Acorns Privacy Policy
Session replay tools like Microsoft Clarity can capture sensitive information entered or viewed on screen, including financial data, and transmit it to third-party analytics providers — this goes beyond standard usage analytics.
On an adult content platform, detailed records of which Creator content you have viewed and searched for are among the most sensitive behavioral records imaginable and could cause serious harm if disclosed.
Session replay technology can capture detailed behavioral data including mouse movements, clicks, and potentially form field interactions, which goes beyond standard analytics; the presence of Facebook tracking also means browsing behavior may be shared with Meta for advertising purposes.
TransUnion deploys multiple advertising trackers — including Facebook Pixel, Google Ads, LinkedIn Insight, and Hotjar session recording — even on its privacy policy page, meaning your behavior is tracked by advertisers while you are reading about your privacy rights.
Keystroke and mouse-movement capture goes beyond standard page analytics — it can reconstruct exactly what you typed and how you navigated, raising significant privacy concerns if not properly disclosed and consented to.
Selfie-based age estimation involves the processing of facial image data, which may qualify as biometric data under certain state laws such as Illinois BIPA, creating significant legal and consent obligations that the policy does not explicitly address.
Collecting facial images and identity documents is among the most sensitive forms of data collection and triggers specific biometric privacy laws in several U.S. states that require written consent and carry statutory damages per violation.
Face and body geometry data is biometric information — in Illinois and several other states it is legally protected and requires explicit written consent and strict retention limits under laws like BIPA.
Eufy
· Eufy Privacy Policy
Biometric data — including facial geometry — is among the most sensitive personal data categories because it is permanent and uniquely identifies individuals. Collection without explicit prior consent violates Illinois BIPA and creates significant class action exposure.
Biometric data is among the most sensitive personal data categories — it is permanent and cannot be changed if compromised — and its collection is subject to strict laws in Illinois, Texas, and Washington as well as GDPR Article 9.
Biometric data is among the most sensitive personal information because it cannot be changed if compromised. Several states, including Illinois, have strict laws governing how companies collect, retain, and destroy biometric data.
Airbnb
· Airbnb Privacy Policy
Government ID and biometric data are among the most sensitive categories of personal information — once compromised, they cannot be changed like a password, and their collection is regulated by strict state laws including Illinois BIPA which carries significant penalties.
Fitbit
· Fitbit Privacy Policy
This is among the most sensitive personal data a company can collect — it can reveal medical conditions, reproductive health, and daily routines, making robust data protection essential.
Biometric data is among the most sensitive personal information that can be collected because it is permanent and uniquely identifies you. Collection at physical venues like theme parks means this applies even to users who primarily think of themselves as streaming subscribers.
Whoop
· Whoop Terms of Use
Biometric and physiological health data is among the most sensitive categories of personal information and, once collected, cannot be changed if misused; understanding how WHOOP uses and shares this data is critical for any user.
Webull
· Webull Privacy Policy
Biometric data is uniquely sensitive — unlike a password or account number, your facial recognition data cannot be changed if compromised. Several states have enacted strict laws governing biometric data collection, including Illinois which allows private lawsuits.
Bumble
· Bumble Privacy Policy
Biometric data is among the most sensitive personal information category under both GDPR and multiple US state laws, and its collection by a consumer dating app creates significant legal exposure and personal privacy risk.
This provision explicitly names neural data — a novel and emerging data category — alongside biometrics, signaling heightened protection for data types that are increasingly regulated under state and national law.
Uber
· Uber Privacy Notice
Biometric data is among the most sensitive categories of personal information — it cannot be changed if compromised — and its collection by a ride-hailing company creates significant privacy and safety risks.
Biometric data such as facial scans or fingerprints is highly sensitive because, unlike passwords or account numbers, it cannot be changed if compromised, making its collection and protection particularly significant.
Biometric data is among the most sensitive personal information that can be collected because it cannot be changed if misused; collection of government ID data also creates significant identity theft risk if breached.