Wall of Shame
The worst offenders in Terms of Service and Privacy Policies — ranked by grade, with the most outrageous clauses highlighted.
4 companies · 13 flagged clauses
CRM Services
1 flag
In the event of a dispute, we encourage clients to contact us directly to resolve issues amicably. If resolution cannot be reached, disputes will be subject to the laws of Washington State and the jurisdiction of Clark County courts.
Facebook (Meta)
One of the most invasive data collection ecosystems on the internet, tracking you across apps and the web.
4 flags
Off-platform tracking via Meta Pixel
Millions of websites send your browsing data to Meta even when you're not using Facebook. This creates a shadow profile of your entire internet activity.
Google has similar reach with Analytics, but Meta's pixel network is specifically designed for ad targeting rather than website analytics.
Cross-platform data merging across Meta family
Your WhatsApp contacts, Instagram browsing, Facebook likes, and Messenger conversations are all merged. You can't use one service without feeding data to all others.
Google merges data across services too, but Meta's combination of private messaging + social + photo sharing creates an unusually intimate profile.
90-day deletion delay with backup retention
Even after you decide to leave, Meta keeps your data for months. Some information may persist indefinitely in 'anonymized' form that could potentially be re-identified.
Most services delete within 30 days. Meta's 90-day window is among the longest in the industry.
TikTok
TikTok's terms grant exceptionally broad rights over your content and collect an alarming amount of data, including biometric information, with limited transparency about data flows to ByteDance.
4 flags
Biometric data collection without clear opt-out
TikTok collects face and voice biometric data, which is among the most sensitive personal data. Several US states have sued over this practice under biometric privacy laws.
Most social platforms don't collect biometric data this aggressively. This practice has resulted in multiple lawsuits and regulatory actions.
Perpetual, irrevocable content license
Even after you delete your videos or account, TikTok retains the right to use your content forever. You cannot revoke this license.
While broad content licenses are common, the 'irrevocable' and 'perpetual' language is more aggressive than most competitors, who allow license termination upon content deletion.
Keystroke pattern and clipboard monitoring
Collecting keystroke patterns and clipboard content goes far beyond what's needed for a video app. This data could reveal passwords, personal messages, or sensitive information copied to your clipboard.
Most major apps do not monitor keystroke patterns or clipboard content. This level of data collection is highly unusual.
X (Twitter)
Aggressive data harvesting for AI training with minimal transparency and a deteriorating privacy posture.
4 flags
Grok AI training opt-in by default
X silently enabled sharing your posts with Grok for AI training. Most users never knew the setting existed, and it was only accessible on web — not mobile — when first rolled out.
Meta and Google have similar AI training policies but were more transparent about the rollout. X's stealth approach drew regulatory scrutiny in the EU.
Selling public data access at premium API prices
X monetizes your content by selling API access to companies and AI trainers. Researchers who previously had free access now pay thousands per month.
Reddit made a similar controversial move. Most social platforms allow some API access but X's pricing and approach have been the most aggressive.
Contact syncing collects non-user data
When you share your contacts, X builds profiles on people who never agreed to use the platform. This 'shadow profiling' raises serious consent issues.
Facebook faced major backlash for identical practices. X continues the practice with less scrutiny.
Found something outrageous?
Submit to the Wall of Shame