The Fraud Codex

Privacy Analysis

TOS & Privacy Cheat Sheet

Plain-English summaries of what major tech companies collect from you. Know your data rights before you agree.

Privacy Score Guide

Good
Excellent privacy practices
Fair
Average, some concerns
Bad
Extensive data collection
🔍

Google

Gmail • YouTube • Search • Chrome • ...

Poor

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Location
  • GPS
  • IP address
  • Wi-Fi networks
  • +1 more
Activity
  • Search history
  • Watch history
  • Voice recordings
  • +1 more
Content
  • Emails
  • Documents
  • Photos
  • +1 more
Device
  • Device IDs
  • Browser type
  • OS version
  • +1 more
Financial
  • Payment info
  • Purchase history
  • Billing address

Data Retention

Varies: 18 months for some data, indefinite for account data. Users can auto-delete after 3, 18, or 36 months.

Who They Share With

Shares with affiliates, service providers. May share with advertisers (aggregated). Complies with legal requests.

Positives

  • +Extensive user controls
  • +Data portability
  • +Transparency reports

Concerns

  • Extensive tracking by default
  • Cross-service data linking
  • Ad-based business model

Your Controls

Google Dashboard to view/delete dataAuto-delete settings (3/18/36 months)Ad personalization controlsIncognito mode (limited)Download your data via Takeout
Reviewed: 2026-01
Terms of ServicePrivacy Policy
👤

Meta (Facebook)

Facebook • Instagram • WhatsApp • Messenger • ...

Bad

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Location
  • GPS
  • Check-ins
  • IP address
  • +1 more
Activity
  • Posts
  • Likes
  • Comments
  • +3 more
Content
  • Photos
  • Videos
  • Messages
  • +1 more
Connections
  • Friends list
  • Contacts uploaded
  • Group memberships
  • +1 more
Off-Platform
  • Websites visited (via Pixel)
  • App usage
  • Purchases

Data Retention

Data retained until account deletion. Some data retained for legal compliance. "Shadow profiles" for non-users.

Who They Share With

Shares across Meta companies. Partners with advertisers. Third-party apps. Legal requests.

Positives

  • +Some transparency tools
  • +End-to-end encryption on WhatsApp/Messenger (optional)

Concerns

  • Extensive cross-platform tracking
  • Shadow profiles
  • Multiple privacy scandals
  • Default settings favor data collection

Your Controls

Download Your Information toolOff-Facebook Activity controlsAd preferencesPrivacy checkupFace recognition opt-out
Reviewed: 2026-01
Terms of ServicePrivacy Policy
🍎

Apple

iCloud • iMessage • App Store • Apple Pay • ...

Good

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Device
  • Device IDs
  • Usage statistics
  • Crash data
  • +1 more
Content
  • iCloud data (encrypted)
  • Photos
  • Backups
  • +1 more
Location
  • GPS (with permission)
  • Location history (on device)
  • Find My data
Health
  • Health app data (encrypted on device)
  • Fitness data

Data Retention

Minimized collection. Most data processed on-device. iCloud data retained until deletion.

Who They Share With

Limited sharing with service providers. No ad-based business model. Complies with legal requests.

Positives

  • +Privacy-focused design
  • +On-device processing
  • +End-to-end encryption
  • +App tracking controls
  • +No ad business

Concerns

  • iCloud data accessible to Apple (except Advanced Data Protection)
  • Siri recordings reviewed (opt-in)

Your Controls

App Tracking Transparency (ATT)Privacy labels on appsOn-device processing for SiriPrivate Relay (iCloud+)Mail Privacy ProtectionDetailed privacy settings per app
Reviewed: 2026-01
Terms of ServicePrivacy Policy
🪟

Microsoft

Outlook • Teams • OneDrive • Windows • ...

Fair

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +1 more
Activity
  • Search queries
  • Browsing history (Edge)
  • App usage
  • +1 more
Content
  • Emails
  • Documents
  • Chat messages
  • +1 more
Device
  • Device IDs
  • Diagnostic data
  • Error reports
  • +1 more
Voice
  • Cortana/Copilot queries
  • Voice recordings (if enabled)

Data Retention

Varies by service. Bing search: 6-18 months. Diagnostic data: up to 30 days. Account data until deletion.

Who They Share With

Affiliates, service providers. LinkedIn data for advertising. Complies with legal requests.

Positives

  • +Privacy Dashboard
  • +GDPR compliant tools
  • +Enterprise privacy options

Concerns

  • Windows telemetry by default
  • LinkedIn data integration
  • Bing search tracking

Your Controls

Privacy DashboardDiagnostic data controlsAd personalization settingsActivity history controlsDownload your data
Reviewed: 2026-01
Terms of ServicePrivacy Policy
📦

Amazon

Amazon.com • Prime Video • Alexa • AWS • ...

Poor

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Purchase
  • Order history
  • Browsing history
  • Wishlists
  • +1 more
Voice
  • Alexa recordings
  • Voice commands
  • Wake word detection
Video
  • Ring doorbell footage
  • Prime Video watch history
Location
  • Delivery addresses
  • Device location
  • Sidewalk network data

Data Retention

Purchase history retained indefinitely. Alexa recordings until deleted. Varies by service.

Who They Share With

Third-party sellers, service providers. Alexa skills developers. Ring/law enforcement (with warrant). Advertising partners.

Positives

  • +Alexa deletion controls
  • +Some transparency

Concerns

  • Extensive purchase tracking
  • Voice always listening (wake word)
  • Ring law enforcement partnerships
  • Sidewalk network opt-out

Your Controls

Alexa Privacy HubDelete voice recordingsManage browsing historyAdvertising preferencesRing privacy controls
Reviewed: 2026-01
Terms of ServicePrivacy Policy
🤖

OpenAI

ChatGPT • GPT API • DALL-E • Whisper • ...

Fair

What They Collect

Identity
  • Name
  • Email
  • Phone (optional)
  • +1 more
Conversations
  • Chat history
  • Prompts
  • Generated responses
  • +1 more
Usage
  • Features used
  • Time spent
  • Device info
  • +1 more
API
  • API calls
  • Input/output data (API users control retention)

Data Retention

Consumer: Conversations retained for 30 days (can opt out of training). API: Not used for training by default.

Who They Share With

Service providers. May share aggregated data. Complies with legal requests. API data not shared.

Positives

  • +Training opt-out available
  • +Temporary chat mode
  • +API data not used for training
  • +Clear documentation

Concerns

  • Default uses conversations for training
  • Conversations reviewed by humans (safety)
  • 30-day retention

Your Controls

Opt out of model trainingDelete chat historyTemporary chat modeExport your dataAPI data controls
Reviewed: 2026-01
Terms of ServicePrivacy Policy
🎵

TikTok

TikTok • TikTok Shop • CapCut • TikTok LIVE

Bad

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Biometric
  • Face and voice data
  • Faceprints
  • Voiceprints
Activity
  • Videos watched
  • Watch time
  • Searches
  • +2 more
Content
  • Videos created
  • Drafts
  • Messages
  • +1 more
Device
  • Device IDs
  • Keystroke patterns
  • Battery state
  • +1 more
Location
  • GPS
  • SIM card info
  • IP address

Data Retention

Data retained until account deletion. May retain for legal compliance. US data in Oracle cloud (USDS).

Who They Share With

ByteDance affiliates. Advertisers. Business partners. "As required by law" (China national security concerns).

Positives

  • +Some privacy controls
  • +US data storage initiative (Project Texas)

Concerns

  • Extensive biometric collection
  • China data access concerns
  • Clipboard access
  • Keystroke monitoring
  • Algorithm opacity

Your Controls

Download your dataPrivacy settingsPersonalized ads toggleRestricted modeFamily pairing
Reviewed: 2026-01
Terms of ServicePrivacy Policy
𝕏

X (Twitter)

X/Twitter • Spaces • Communities • X Premium

Poor

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Activity
  • Posts
  • Likes
  • Retweets
  • +3 more
Location
  • GPS (if enabled)
  • IP address
  • Tweet location
Device
  • Device IDs
  • Browser info
  • Cookies
  • +1 more
Connections
  • Contacts uploaded
  • Following/followers
  • Interactions

Data Retention

Active account data retained indefinitely. Deleted tweets may persist in backups. DMs retained on servers.

Who They Share With

Advertisers (aggregated). Third-party apps. Service providers. Legal requests. Data may train xAI (Grok).

Positives

  • +Data download available
  • +Some privacy controls

Concerns

  • Data used for xAI training
  • Limited deletion controls
  • History of data breaches
  • Reduced content moderation

Your Controls

Download your archivePrivacy settingsAd preferencesDiscoverability settingsDM controls
Reviewed: 2026-01
Terms of ServicePrivacy Policy
👻

Snap

Snapchat • Snap Map • Spotlight • My AI • ...

Poor

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Content
  • Snaps
  • Stories
  • Chats
  • +2 more
Location
  • Precise GPS (Snap Map)
  • IP address
  • Location tags
Biometric
  • Face data (Lenses)
  • Voice (if recorded)
Activity
  • Usage patterns
  • Friend interactions
  • Content viewed

Data Retention

Snaps deleted after viewing (unless saved). Stories: 24 hours. Memories: until deleted. Chat: 24 hours or after viewing.

Who They Share With

Advertisers. Third-party apps. Service providers. Legal requests. Snap Map visibility (friends or public).

Positives

  • +Ephemeral by design
  • +Ghost Mode
  • +Messages auto-delete

Concerns

  • Location sharing risks (Snap Map)
  • Face data for Lenses
  • My AI data collection
  • Screenshots possible

Your Controls

Ghost Mode (Snap Map)Who can contact me settingsMy AI controlsDownload my dataMemories backup controls
Reviewed: 2026-01
Terms of ServicePrivacy Policy
📧

Yahoo (AOL)

Yahoo Mail • AOL Mail • Yahoo News • Yahoo Finance • ...

Poor

What They Collect

Identity
  • Name
  • Email
  • Phone
  • +2 more
Content
  • Emails
  • Attachments
  • Calendar
  • +1 more
Activity
  • Search queries
  • News read
  • Ad interactions
  • +1 more
Device
  • Device IDs
  • Browser info
  • IP address
  • +1 more

Data Retention

Account data until deletion. Emails retained until deleted. Search history: 18 months.

Who They Share With

Verizon affiliates. Advertisers. Third parties for personalization. Legal requests.

Positives

  • +Privacy Dashboard
  • +Some ad controls

Concerns

  • Email scanning for ads
  • Verizon data sharing
  • Legacy security issues

Your Controls

Privacy DashboardAd Interest ManagerDownload your dataMail scanning controlsMarketing preferences
Reviewed: 2026-01
Terms of ServicePrivacy Policy

Important Disclaimer

This cheat sheet provides simplified summaries for educational purposes. Privacy policies and terms of service change frequently. Always read the official documents (linked above) for complete and current information. Privacy scores are subjective assessments based on publicly available information. Last updated: January 2026.

What is ECPA?

The Electronic Communications Privacy Act (ECPA) is a 1986 U.S. federal law that governs wiretapping and electronic eavesdropping. It establishes when the government can access your electronic communications and what protections providers must offer.

Under ECPA, communications providers (like email and messaging services) must comply with government requests for data under certain circumstances, including warrants, subpoenas, and court orders. Understanding what each provider collects helps you know what data could potentially be disclosed.

Learn more about ECPA