I read privacy policies so you don't have to. Independent expert review of what data companies collect, who they share it with, and what rights you actually have.
Every privacy policy review uses the same 6-category framework, weighted by real-world impact on your personal data and rights.
What data they collect, how much, and whether it's actually necessary
Who gets your data, for what purposes, and can you stop it
How long they keep your data and your deletion rights
Opt-out options, preferences, GDPR/CCPA compliance
Data protection measures and breach notification policies
Policy clarity and your right to access your data
Select a category to see privacy scores, data practice comparisons, and detailed reviews.
QuickBooks, FreshBooks, Wave, Xero
OpenAI, Anthropic, Gemini, Copilot
Checkr, GoodHire, HireRight, Sterling
Affirm, Afterpay, Klarna, Sezzle
Turo, Zipcar, Getaround, Enterprise
AWS, Google Cloud, Slack, Notion
Salesforce, HubSpot, Zoho, Pipedrive
OnlyFans, Fansly, Fanvue, Passes
Kickstarter, GoFundMe, Patreon, Ko-fi
Coinbase, Kraken, Gemini, Binance
Tinder, Bumble, Hinge, Match
23andMe, Ancestry, MyHeritage
GoDaddy, Namecheap, Cloudflare
Amazon, eBay, Etsy, Walmart
Coursera, Udemy, Skillshare
DocuSign, HelloSign, Adobe Sign, PandaDoc
Mailchimp, ConvertKit, Klaviyo
ChargePoint, Electrify America, EVgo
Ticketmaster, StubHub, SeatGeek
Expensify, Brex, Ramp, Divvy
Venmo, Cash App, Zelle, Chime
Peloton, Strava, Fitbit, MyFitnessPal
DoorDash, Uber Eats, Grubhub
Upwork, Fiverr, Toptal, Freelancer
Steam, Xbox, PlayStation, Epic
Walmart+, Amazon Fresh, Shipt
TaskRabbit, Thumbtack, Angi, Handy
Lemonade, Root, Oscar, Hippo
Stripe Billing, Square, PayPal
Indeed, LinkedIn, Glassdoor, ZipRecruiter
LegalZoom, Rocket Lawyer, DoNotPay
U-Haul, PODS, Public Storage
DistroKid, TuneCore, CD Baby
Substack, Ghost, Buttondown
OpenSea, Rarible, Foundation
Teachable, Thinkific, Kajabi
1Password, Dashlane, Bitwarden
Stripe, Square, PayPal, Adyen
Rover, Wag, Chewy, BarkBox
Anchor, Buzzsprout, Libsyn
Printful, Printify, Redbubble
Asana, Monday, Trello, ClickUp
Zillow, Redfin, Realtor.com
Lemonade, Jetty, Rhino, Goodcover
Indeed, LinkedIn, Zety, Resume.io
Uber, Lyft, Via, Curb
Ring, Nest, Alexa, SmartThings
Meta, TikTok, X/Twitter, LinkedIn
Shutterstock, Getty, Adobe Stock
Robinhood, Fidelity, Schwab, E*TRADE
Netflix, Disney+, Hulu, HBO Max
FabFitFun, Birchbox, HelloFresh
TurboTax, H&R Block, TaxAct
Slack, Teams, Discord, Google Chat
Verizon, AT&T, T-Mobile, Mint
Teladoc, Hims, Ro, GoodRx
Booking.com, Expedia, Airbnb
Zoom, Google Meet, Teams, Webex
NordVPN, ExpressVPN, Surfshark
Wix, Squarespace, WordPress
ABCmouse, Khan Kids, Duolingo Kids, Epic!
The Knot, Zola, WeddingWire, Minted
Leafly, Weedmaps, Dutchie, Jane
Progyny, Kindbody, Carrot, Maven
Everplans, Trust & Will, Cake, Lantern
ADT, SimpliSafe, Vivint, Abode
Calm, Headspace, Cerebral, Ginger
Wise, Remitly, WorldRemit, Xoom
Care.com, Honor, Home Instead, Papa
DraftKings, FanDuel, BetMGM, Caesars
Credit Karma, Experian, SoFi, Avant
LifeLock, Identity Guard, Aura, IDShield
Nelnet, MOHELA, Navient, SoFi
DoorDash, Instacart, Amazon Flex, Shipt
MyChart, FollowMyHealth, Healow, Patient Fusion
Creator.co, AspireIQ, Grin, Upfluence
Buildium, Rent Manager, Yardi, AppFolio
WeWork, Regus, Industrious, Convene
Duolingo, Babbel, Rosetta Stone, Busuu
Bark, Qustodio, Net Nanny, Life360
American Home Shield, Choice, First American, Select
Rakuten, Ibotta, Honey, Fetch
Swagbucks, Survey Junkie, InboxDollars, Prolific
Hubstaff, Time Doctor, Teramind, ActivTrak
Amazon Pharmacy, Capsule, Alto, PillPack
Poshmark, ThredUp, Depop, Mercari
Lemonade Pet, Trupanion, Healthy Paws, Embrace
Monarch, Copilot, Mint, YNAB
Audible, Kindle Unlimited, Scribd, Kobo
NYTimes, WSJ, Washington Post, The Athletic
I track when companies update their privacy policies and how it affects your data rights. Search by company or filter by category.
All posts, photos, and interactions now feed AI models. Opt-out only prevents future use, not already-trained data. Third-party AI partners added.
Faceprints and voiceprints collected for "safety features." Cross-border data transfers continue despite regulatory pressure. Data retention now "indefinite."
Transaction data shared with 40+ marketing partners. Bitcoin purchase history used for credit decisioning. Location tracking extended to 24 hours post-app close.
De-identified health data shared for research. Third-party analytics on mental health consultations. Browser history tracked across BetterHelp properties.
New dashboard shows which data trains Gemini. Activity controls expanded. Still uses data by default but controls improved significantly.
Purchase history shared with advertising networks. Merchant data combined with consumer profiles. Honey acquisition integration tracks browsing across web.
Voice commands may be retained for quality improvement. Listening habits shared with podcast advertisers. Wrapped data used for third-party marketing partnerships.
Friend network data used for fraud detection and recommendations. Public by default setting now affects more transaction types. PayPal integration shares more data.
Ad-supported tier shares viewing data with Microsoft ad network. Household member profiling for targeted ads. Device fingerprinting for ad measurement.
Trading patterns shared with market research firms. Account balances inform credit bureau data. In-app behavior tracked for conversion optimization.
On-device processing for most AI features. Private Cloud Compute with cryptographic attestation. No data retained after processing. Industry-leading transparency.
EU Data Boundary now includes Copilot data. Commercial data not used for training. Tenant-level controls for AI features. Still some cross-product telemetry.
Blockchain analytics shared with law enforcement without warrant in some cases. Wallet addresses linked to identity data. Third-party compliance tools access user data.
Following FTC settlement, reduced but not eliminated third-party sharing. Prescription data still used for marketing. Telehealth subsidiary has separate terms.
Sleep and meditation patterns shared with wellness research partners. Employer wellness programs receive aggregated data. Enterprise accounts have different terms.
Ginger acquisition merged mental health data. Therapy session metadata retained. Insurance billing creates healthcare records from app usage.
Instagram, Facebook, WhatsApp data merged for advertising. Threads joins unified data pool. Off-platform activity tracking expanded via Meta Pixel.
Unified privacy notice across all Amazon services. Clearer categorization but no material changes to practices. Alexa data handling now more transparent.
Shopping behavior creates detailed purchase profile. Payment data shared with merchant ecosystem. Shipping addresses used for geographic targeting.
Memory feature retains conversation details indefinitely. Personal information persists across sessions. Opt-out available but affects functionality significantly.
Podcast listening creates interest profiles for advertising. Skip patterns analyzed for content recommendations. Megaphone acquisition unified ad targeting data.
Mobile game behavior tracked and analyzed. Game preferences inform content recommendations. Third-party game studios receive player data.
Profile data trains AI writing assistant by default. Job application data used for hiring insights product. Salary data collected for compensation benchmarking.
Precise location retained for 3 years for "safety." Trip data shared with insurance partners. Uber Eats creates restaurant preference profiles.
Merchant customer data shared for PayPal's advertising business. Checkout data creates purchase intent signals. Working Capital uses transaction data for lending.
All posts default to training Grok AI. DMs explicitly excluded but public interactions included. Opt-out buried in settings with no prior notice.
Server activity data retained longer for "discovery" features. Message content indexed for search. Gaming activity shared with game developers.
Threads data merged with Instagram profile. ActivityPub federation adds data sharing complexity. Cannot delete Threads without affecting Instagram.
Wallet Connect interactions tracked even for self-custody. DApp usage creates behavioral profile. NFT holdings visible to data partners.
Credit card spending data informs investment recommendations. Merchant category data used for product development. Partner bank shares additional data.
Duet AI accesses all Docs, Sheets, Gmail content. Enterprise controls exist but default is broad access. Consumer accounts have limited transparency.
AR effects collect additional facial mapping data. Third-party effect creators receive usage data. Camera access persists longer in background.
Credit card purchases analyzed for merchant insights. Spending patterns shared with Synchrony Bank partner. Purchase history influences P2P payment suggestions.
Audiobook listening creates additional interest profile. Reading speed and chapter skips analyzed. Findaway acquisition integrated user data.
Tax filing data linked to payment account. Income verification shared with lending products. Cross-product data enrichment with Block ecosystem.
My AI conversations analyzed for advertising insights. Location shared with AI for recommendations. Cannot fully disable AI chatbot without Snapchat+ subscription.
ATT now covers more fingerprinting techniques. App privacy labels updated to include AI training. Third-party SDK data collection more restricted.
EU subscription option reduces ads but data collection continues. Non-subscribers face expanded targeting. Consent mechanisms still problematic under GDPR.
User content explicitly licensed to AI companies. Google deal includes search and training rights. Deleting posts doesn't remove from already-licensed data.
Gemini app conversations may be reviewed by humans. Data retained up to 3 years. Cross-Google-account data correlation for AI personalization.
Voice interactions transcribed and stored. Voice characteristics analyzed for safety research. Audio may be retained longer than text conversations.
Recruiter products see more profile activity. "Who viewed your profile" data monetized. Salary insights derived from aggregate user data.
Profile transfer feature shares viewing history with new account holder. Household verification collects additional device data. Watch history harder to fully delete.
Pay Later usage reported to credit bureaus. Spending patterns inform risk scoring. Merchant receives more customer data for BNPL transactions.
Journey Ads platform uses trip data for targeting. Restaurant preferences shared with food advertisers. Cross-app tracking for attribution measurement.
Recall captures screenshots of all activity. Local storage but security concerns remain. Passwords and financial data supposed to be filtered but not guaranteed.
Voluntary ID verification collects biometric data. Government ID images may be retained. Premium users encouraged to verify with face scan.
API and Pro users' data not used for training. Free tier conversations may inform safety research but not model training. Clearer than most competitors.
AI Companion processes meeting content for summaries. Admin controls required to disable. Attendee consent mechanisms unclear for AI features.
Slack AI processes all workspace messages by default. Admin must explicitly opt out. Enterprise customers have more controls than free tier.
Dash AI scans file contents for search and summaries. Third-party integrations access file metadata. Opt-out affects core functionality.
Board activity shared with retail partners. Visual search data retained indefinitely. Shopping API shares intent signals with advertisers.
Business chat metadata shared with Meta for ads. Contact frequency informs Facebook targeting. End-to-end encryption preserved but metadata exposed.
Voice recordings retained unless manually deleted. Routines and smart home data shared with device partners. Kid profiles have different retention rules.
MiCA compliance improves EU user data rights. Clearer retention policies. Government data requests more transparent. US users still under different terms.
Credit card spending informs crypto purchasing suggestions. Merchant data shared with rewards partners. Transaction patterns used for fraud modeling.
Profile data shared across Match Group apps. Swipe patterns create preference models. Photo verification faceprint stored indefinitely.
Dating, BFF, and Bizz modes share profile data. Activity visible across modes by default. Photo verification required for more features.
Written responses analyzed for personality insights. Voice prompts transcribed and stored. Match Group shares data across dating apps.
Delivery addresses retained for 5+ years. Meal preferences shared with restaurant partners. Location data used for merchant analytics.
Purchase data sold to consumer goods companies. Household composition inferred from orders. Retailer-specific data sharing varies widely.
In-car tablet ads use trip data for targeting. Destination-based ad serving enabled. Partner data creates detailed travel profiles.
Transaction data shared with Bancorp and Stride Banks. SpotMe usage informs credit products. Direct deposit patterns used for risk assessment.
Banking, investing, and lending data combined. Galileo acquisition enables broader data access. Social features share financial milestones.
Purchase patterns shared with merchant partners. Credit bureau reporting expanded. Underwriting model uses extensive behavioral data.
AI shopping assistant tracks browsing across web. Purchase history creates detailed consumer profile. Partner retailers receive behavioral insights.
Heart rate and workout data shared with research partners. Leaderboard exposes relative fitness levels. Subscription lapse doesn't delete historical data.
Aggregated route data sold to cities and businesses. Heatmaps reveal popular routes with security implications. Premium features require broader data consent.
Health data now flows to Google account. Exercise patterns inform Google Fit and ad targeting. Migration to Google accounts reduced privacy controls.
Video clips shared with law enforcement partnerships. Neighbors app creates area surveillance network. Motion patterns analyzed for security insights.
Camera footage accessible across Google ecosystem. Thermostat data informs energy usage patterns. Voice commands from Nest Hub join Google Assistant data.
Major fines, regulatory actions, and developments affecting data privacy rights under GDPR, CCPA, and other laws.
Irish DPC fined TikTok for transferring European users' personal data to servers in China, one of the largest GDPR penalties ever issued.
Texas secured a massive settlement over unlawful tracking of users' location data, incognito browsing activity, and biometric data without consent.
European Commission's first-ever DSA fine penalized X for breaching transparency obligations and deceptive design of its blue checkmark verification system.
California AG settlement found the gaming company collected and shared consumer data across 21 mobile apps without providing CCPA-compliant opt-out mechanisms.
California, Colorado, and Connecticut AGs conducted joint enforcement requiring businesses to detect, honor, and confirm Global Privacy Control signals.
Updated penalty amounts for intentional CCPA violations, with additional civil lawsuit exposure under California's private right of action for data breaches.
Whether you need help understanding a privacy policy, exercising your CCPA/GDPR rights, or dealing with a data breach, I can help.
Need help understanding a privacy policy or exercising your data rights?