Every Costco purchase is tied to your membership card. There is no anonymous shopping at Costco. They know every item you have ever bought — food, medicine, alcohol, bulk purchases. The app adds location tracking on top. Costco membership is a purchase surveillance programme you pay $65/year to join. Your Costco card links your pharmacy prescriptions and your shopping cart. Blood pressure medication from the pharmacy. A cart full of salt from the warehouse. HIPAA protects the prescription. Nobody protects the purchase pattern that tells the same story. Two aisles apart, two different privacy regimes.
What they claim: Costco describes data collection as necessary for membership services and personalisation
What we found: Costco's membership model means every purchase is linked to a specific member, creating one of the most complete purchase histories in retail. Unlike non-membership stores where cash purchases are anonymous, Costco knows every item every member has ever bought. The Costco app adds location tracking, browsing data, and pharmacy records to the purchase profile. Costco shares purchase data with Instacart for delivery orders.
What they claim: Costco describes health data protections for pharmacy services
What we found: Costco's pharmacy data and purchase history exist in the same membership ecosystem. While pharmacy data has HIPAA protections, the app knows both that you bought blood pressure medication at the pharmacy and a jumbo pack of sodium-heavy snacks in the warehouse — on the same membership card. The health data is protected. The purchasing context that reveals health conditions is not.