You're Sharing More Personal Data Than You Realize
Your email app knows more about you than most of your close friends do. You just never asked it to show its work.
There's a number that's easy to ignore until you actually see it written down. One recent study looking at ten of the most common workplace apps — the kind sitting on practically every phone in every office, Gmail, Slack, Teams, Zoom — found they collect an average of 19 separate data points each. Not 19 total across all of them. Nineteen each. And that's before anyone opens a single sketchy app or clicks a single suspicious link. That's just what happens when you use the normal, boring, everyday software you already trust.
This isn't about hackers breaking in. It's about what you've already agreed to, sitting quietly in a privacy policy nobody reads.
The App You'd Least Suspect Collects the Most
If you had to guess which everyday app gathers the most data about you, Gmail probably wouldn't be your first answer. It should be. In that same study, Gmail topped the list at 26 distinct data types — more than Teams, more than Zoom, more than any other app examined. It pulls your approximate location, tracks how you interact with the app itself, and ties all of it to your user ID, largely for advertising and marketing purposes.
Microsoft Teams and Zoom Workplace weren't far behind, at 25 and 23 data types respectively — and both of them go a step further than Gmail by collecting precise location data, not just approximate. Outlook sits at 22. Slack, Trello, and Todoist each collect 17. These aren't obscure apps with shady reputations. These are the tools companies require employees to install, often on personal phones, just to do their jobs.
It's Not Just What They Collect — It's Who They Hand It To
Collection is one thing. Sharing is the part that actually changes who has access to your life.
Notion, the popular notes and workspace app, shares eight distinct categories of data with outside parties — including email addresses, names, user IDs, and app interaction data, several of which go straight to advertising partners. The privacy policy technically allows this. It permits certain advertising technology partners to place tracking tools directly on your browser to collect behavioral data while you work. Meanwhile, the actual content people store in Notion often includes product roadmaps, internal HR notes, and client records — the stakes climb considerably once you realize what's sitting next to that shared data.
Shopping apps tell a similar story. Shein shares 12 of the 17 data types it collects with outside parties — the highest share-to-collect ratio found in a separate review of shopping apps, including phone numbers, names, and photos passed along to third parties the company doesn't name. Temu and Alibaba follow similar patterns, sharing location data and personal identifiers for advertising purposes.
The One Category Almost Nobody Thinks About: AI Chats
Here's the part that catches people off guard the most, because it doesn't feel like "data collection" while it's happening — it feels like a conversation.
One recent study found that roughly a third of people using AI chatbot apps are having genuinely deeply personal conversations with them — the kind they wouldn't say out loud to most humans in their life. A separate Stanford study looked at six leading AI companies in the US and found that all six feed user conversations back into their models for future training. That means the details you type into a chat window — health worries, relationship problems, financial stress, things you typed at 1 a.m. because it felt safer than calling anyone — don't necessarily stay contained to that one conversation.
This doesn't mean every AI app is reading your chats aloud to a stranger. It means the boundary between "private conversation" and "training data" is a lot blurrier than the comforting, conversational interface makes it feel.
Why "Anonymized" Doesn't Mean What You Think
Companies love this word because it sounds like a guarantee. It isn't one. Privacy researchers have repeatedly shown that supposedly anonymous data can be re-identified with surprising ease once it's combined with just one or two other data points — your approximate location plus your device type plus your app usage pattern is often enough to narrow a dataset down to one specific person, even with the name stripped off.
And the financial incentive to gather this data is bigger than most people realize. Data brokers buy and sell these profiles in bulk. An email address tied to a specific medical condition can sell for around $79 on these lists. One tied to a particular travel habit can go for over $250. Your data isn't just sitting somewhere unused — it's a product, actively changing hands, often without you ever being told.
How to Actually See What You've Agreed To
You don't need to become a privacy researcher to get a real picture of this. There are two checks that take about five minutes combined and tell you almost everything.
On iPhone, every app in the App Store comes with a Privacy Nutrition Label — tap any app's listing and scroll to "App Privacy" to see exactly what categories of data it collects and whether that data is linked to your identity. On Android, go to Settings → Privacy → Permission Manager to see every app sorted by what it currently has access to on your device.
For a deeper look at one specific app, search its name plus "privacy policy" and use your browser's find function to search for the word "share" or "third party" — most policies bury the actual sharing practices several paragraphs down, after a lot of reassuring language about how seriously they take your privacy.
You Can't Opt Out of Everything — But You Can Be Less of an Easy Target
Realistically, you're not going to delete Gmail or quit your company's Slack workspace. That's not the point of knowing this.
The point is smaller and more useful: limit location permissions to "while using the app" instead of "always," turn off ad personalization where the option exists, think twice before typing something genuinely sensitive into an AI chat window, and treat any app's request for more access than its job requires as a real decision instead of a reflex tap. None of that makes you invisible. It just means you stop being the easiest possible profile to build.
Also read: Stop using these apps before checking permissions
