What we found
Uscreen: FUscreen says it doesn't share your data with third parties.
Uses Yandex Metrica for analytics — a Russian company that exploited Android local port communication to de-anonymise users (June 2025 "Local Mess" exploit). A 2023 Yandex codebase leak revealed household profiling, WiFi collection, and precise location tracking. Researchers found Yandex Metrica frequently transferred data to Russian servers despite EU storage claims.
Skool: DJoin a Skool community and your name, bio, social media links, and email can be scraped by anyone with $49 and an Apify account.
At least 8 dedicated Skool member scraping tools exist on Apify, extracting names, emails, bios, social media links, locations, and phone numbers. Some require zero authentication — "everything is scraped from public Skool pages, you don't need to log in." One tool extracts "hidden emails from posts." Community owners have raised concerns but no platform-level protections exist.
Patreon: DPatreon left a debugging tool on its production server — the kind whose own manual says "never use this in production." Hackers dumped 16 gigabytes: 2.3 mill...
2015 breach: Werkzeug Debugger (documentation warns "must never be used on production machines") left exposed to the public internet. 16GB dumped including 2.3M email addresses, millions of private messages between creators and patrons, shipping addresses, billing addresses, and full source code.
Stan Store: DClick a creator's "link in bio" and you land on their Stan Store.
$99/month plan enables Meta Pixel, Google Analytics, TikTok Pixel, and Pinterest Claim Tags. Every visitor's behaviour — page views, purchases, abandoned carts — sent to advertising platforms. Stan's help centre: "Pixel IDs are tracking tools that help you see what people are doing on your Stan Store."
Teachable: DYou sign up for an online course on Teachable — a New York company, or so you think.
Since 2020, owned by Hotmart, headquartered in Belo Horizonte, Brazil, with EU entity in Amsterdam. Unified privacy policy covers hotmart.com, teachable.com, and enotas.com.br (Brazilian invoicing). Student data may flow between US, Brazil, and Netherlands.
Kajabi: DKajabi tells you they don't sell your data.
Kajabi's own CCPA disclosure states: "Under the CCPA's broad definition of 'sell,' which includes even the common flow of information in the digital analytics and advertising ecosystem, Kajabi does 'sell' personal information." They use third parties that place tags, cookies, and tracking mechanisms for targeted advertising.
VidApp: DVidApp's privacy policy says no third-party tracking.
Apple App Store privacy label for VidApp includes a "Data Used to Track You" section, confirming data may be used to track users across apps and websites. Direct contradiction between privacy policy text and App Store disclosure.