← Wearables
F

Limitless Pendant

Fail
Limitless · 🇺🇸 United States · Bluetooth
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
Manufacturer: Limitless (Meta)

⚠️ The bottom line

Meta bought Limitless and immediately broke three promises. HIPAA compliance — gone. Healthcare workers who recorded patient sessions with HIPAA guarantees woke up to find their compliance void. Minimum age — dropped from 18 to 13. A conversation recorder now available to children. EU and UK access — cut off entirely. Meta's data practices can't survive European privacy law, so instead of fixing the practices, they abandoned the users. Then Meta stopped selling the pendant. Existing owners are on a path to a dead device by late 2026. You bought a $199 AI recorder that was acquired, gutted, and scheduled for death within 12 months. Meta bought the Limitless AI pendant. Overnight: HIPAA protections dropped. Minimum age lowered to 13. EU users lost access. Six months of recorded personal memories — conversations, meetings, thoughts — facing deletion with 14 days' notice. The privacy-first wearable became a Meta product. Everything it ever recorded now belongs to an advertising company.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
2/4 MODERATE
Is someone spying on me?
Data Sharing
3/4 HIGH
Who gets my data?
Kids at risk
Security
0/4 N/A
Is it actually secure?
Honesty
0/4 N/A
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
3Contradictions
2Critical
1High
0Medium
2Sources
Findings by concern
Spying 2/4 MODERATE 1 finding
⚡ highmarketing claim vs third party research
Meta now owns or is building capture for every human communication channel. Facebook: your social connections. Instagram: your photos. WhatsApp: your messages. Ray-Ban Meta: your camera view. And now Limitless: your conversations. Text, photo, video, voice, in-person — Meta has a device or platform for each one. The Limitless pendant was independent for less than two years before Meta acquired it. Oculus lasted a bit longer before Facebook logins became mandatory and the privacy policy got Meta'd. Limitless users who bought a privacy-respecting recorder now own a Meta surveillance device with a countdown timer.

What they claim: Limitless marketed the pendant as empowering users with AI-enhanced memory.

What we found: Meta's acquisition of Limitless follows a pattern: buy an AI wearable startup, absorb the technology and data, deprecate the hardware. Meta also acquired Oculus (2014) and rebranded it, changed privacy policies, and required Facebook logins. The Limitless acquisition gives Meta: recorded conversation data, voice patterns, meeting transcripts, and the technology for always-on audio AI processing. Combined with Ray-Ban Meta Smart Glasses (camera), WhatsApp (messages), Instagram (photos), and Facebook (social graph), Meta now has or is acquiring capture devices for every human communication channel — text, photo, video, voice, and in-person conversation.

Data Sharing 3/4 HIGH 2 findings
⚠️ criticalpolicy claim vs regulatory finding
Meta bought Limitless and immediately broke three promises. HIPAA compliance — gone. Healthcare workers who recorded patient sessions with HIPAA guarantees woke up to find their compliance void. Minimum age — dropped from 18 to 13. A conversation recorder now available to children. EU and UK access — cut off entirely. Meta's data practices can't survive European privacy law, so instead of fixing the practices, they abandoned the users. Then Meta stopped selling the pendant. Existing owners are on a path to a dead device by late 2026. You bought a $199 AI recorder that was acquired, gutted, and scheduled for death within 12 months.

What they claim: Limitless originally marketed itself as a privacy-respecting AI recorder with HIPAA compliance for healthcare users.

What we found: Meta acquired Limitless in December 2025. Immediate consequences: HIPAA protections were dropped — healthcare professionals who used Limitless to record patient consultations lost their compliance guarantee overnight. The minimum age was dropped from 18 to 13, meaning children could now use a device that records conversations. Users in the EU, UK, China, and Brazil lost access entirely — Meta's data practices don't comply with those jurisdictions' privacy laws, so rather than comply, Meta cut off the users. Meta stopped selling the pendant; existing devices are on a path to obsolescence by late 2026.

⚠️ criticalmarketing vs regulatory
Meta bought the Limitless AI pendant. Overnight: HIPAA protections dropped. Minimum age lowered to 13. EU users lost access. Six months of recorded personal memories — conversations, meetings, thoughts — facing deletion with 14 days' notice. The privacy-first wearable became a Meta product. Everything it ever recorded now belongs to an advertising company.

What they claim: Limitless AI Pendant promoted privacy-first always-on recording with user control

What we found: Meta acquired Limitless (formerly Rewind) in December 2025. HIPAA protections were dropped. Minimum age was lowered from 18 to 13. Users in Brazil, China, EU, Israel, South Korea, Turkey, and UK immediately lost access. Remaining users' data fell under Meta's privacy umbrella. An EU user reported six months of personal memories facing deletion with only 14 days' notice. The privacy-first wearable became a Meta data source overnight.

What happened to real people
Documented incidents involving Limitless products and user data.
Cambridge Analytica harvested 87M Facebook users' data without consent for political ad targeting in the 2016 US election and Brexit referendum. $5B FTC fine. [source]
FISA content requests to Meta increased 2,171% since 2014. Meta complied with 88% of 60,000+ government data requests. PRISM participant since 2009. [source]
What your data is worth to governments
Meta complied with 60,000 government data requests in H2 2023. That's +675% over 10 years. Meta has been a confirmed PRISM participant since 2009. Under this programme, the NSA collects stored communications. The company is legally prohibited from telling you. Jurisdiction: US (CLOUD Act, FISA Section 702).
Documented: Cambridge Analytica harvested 87M Facebook users' data without consent for political ad targeting in the 2016 US election and Brexit referendum. $5B FTC fine.
Documented: FISA content requests to Meta increased 2,171% since 2014. Meta complied with 88% of 60,000+ government data requests. PRISM participant since 2009.
What is PRISM? · What is the CLOUD Act? · Transparency report
Sources