Loyalty Programs Are a Data Trap. Here’s How to Opt Out.

Someone makes a lot of money off of loyalty programs, but it isn’t you. Here’s why that is and what you can do to protect yourself and your data. 

Stores claim loyalty programs save you money every time you swipe that card or enter your phone number. But for the final installment of our National Consumer Protection Week series, let’s take a look at who’s actually winning. 

What is a loyalty program?

When businesses like grocery stores, credit card providers, hotels, and airlines reward customers who repeatedly choose their brand, that’s called a loyalty program. The more customers buy or engage, the more “loyalty points” or other benefits they earn. Members can apply those points to future purchases or exclusive perks. 

Around 49 percent of U.S. consumers are enrolled in two or more loyalty programs, while 20 percent are enrolled in more than five. 

The goal is to reduce churn. The actual purpose is to harvest your data and to sell it. Here’s how.

Five problems with loyalty programs

Businesses regularly earn millions off loyalty programs and give almost nothing back. Here are five important things to remember when you sign up: 

1. Loyalty programs make money for businesses, not consumers

Companies charge membership fees for many loyalty programs. They also regularly sell loyalty program data to advertisers. According to multiple analyses, fast food companies and airlines make billions of dollars off of loyalty programs — unsurprisingly, many times more than they give back to customers. 

That’s by design. Companies know around 20 percent of people with rewards cards let the rewards expire and get zero monetary benefit. Others try to redeem rewards and find hidden clauses or bait-and-switch terms that either devalue rewards arbitrarily or make them difficult or impossible to redeem. 

The rest get a couple hundred dollars a year at best. Meanwhile, they spend considerably more money with the business and give up troves of personal data. 

Loyalty programs usually ask for information like:

• Email address
• Home address
• Age
• Gender
• Shopping habits
• Financial information

Investigations showed Kroger built a 60-page-long profile on just one of its loyalty program members. The more you buy, the more you signal about your favorite products, how much you’re willing to spend on a given item, and what ads are most effective.

Loyalty program providers monetize that data for millions of dollars every year. 

2. Many loyalty programs are app-based to collect even more data

With loyalty apps, data overreach can get even worse. Every device has a designated advertising ID that is used to track you across all of your app interactions. Companies can use that information to determine not just your history with that one store or service, but your overall buyer profile. 

Some grocery store loyalty apps also collect your browsing history, your approximate or even precise location, your phone number, health and fitness data, and a lot more. Check the Fry’s app and the Starbucks app on your Google Play or Apple store as examples. 

All that data is an asset companies share with partners, sell to third parties, or store for undetermined purposes and time periods. 

3. Loyalty program data is a prime target for cybercriminals

Loyalty program data breaches are worryingly common, to the point that some consumers are losing trust in these programs altogether. 

Loyalty program data is valuable for cybercriminals because they can pair it with publicly available information to develop complete profiles. They then use those profiles to commit fraud and target loyalty program members with phishing attacks or scams. 

Scammers impersonate legitimate loyalty programs and send a text or an email to insist that victims redeem points before they expire. The goal is usually to demand a payment or to steal even more personal data for the purpose of identity theft or other crimes. 

4. Stores often share loyalty program data with third parties

Many loyalty programs operate around partnerships. When you get a certain number of points with the company, you get a good deal on another company’s product or service. That means your data moves freely between those companies. 

The loyalty program provider may also have the right to sell your data to advertisers and data brokers. For example, Hertz can share data with insurers and brokers, and Kroger shares data with more than 50 companies and partners. 

For every third party your data goes to, the chance of misuse goes up. 

5. Loyalty programs fuel surveillance pricing

Surveillance pricing relies on purchase history and other data to determine the maximum price an individual consumer might be willing to pay for a product. The end result is that loyalty customers will pay more instead of less. In some cases, AI-driven surveillance pricing can lead to discrimination against specific demographics. 

The FTC did an investigation into surveillance pricing that  shows how it can hurt everyone from new car buyers, new parents, veterans, individuals in disaster areas, and more. The organization’s research mentioned loyalty programs as one of the top sources of data that fuels surveillance pricing. 

How to safely join a loyalty program

Loyalty programs always collect a certain amount of your data, but you can control how much. 

Use a masked email to sign up for loyalty accounts and rely on password managers to make sure your loyalty program password isn’t the same as for other accounts. That way, even if a breach exposes your login data, cybercriminals can’t just move on to your other accounts. 

When possible, use two-factor authentication to protect all your accounts, especially cash-based loyalty accounts. 

Check privacy policies like we talked about in our previous blog post to see how a loyalty program handles your data and whether the company shares it with third parties. 

Opt out of sharing specific types of data if possible, like location data, and check your app permissions to disable any that are unnecessary. 

How to delete yourself from a loyalty program

If you’ve read this far and decided it’s time to reduce or eliminate the loyalty programs in your life altogether, here’s how. 

1. Visit each website/app directly – Most websites will have instructions for how to delete your account, or at least a support contact form you can use. If you use an app, you may need to contact the developer directly to request data deletion depending on the terms and conditions. 
2. Use AccountKiller.com or a similar site – Account Killer is an informative site with walkthroughs for how to delete your various accounts. It includes some loyalty programs, and if you can’t find a specific walkthrough you can reach out to support to request help deleting yourself. 
3. Delete yourself from data brokers – Deleting yourself directly from a loyalty program is a good start, but they may have already sold your data to a third party. We recommend cleaning up any information exposed on data broker sites with the help of DeleteMe or a similar service. 

Take back control. 

Top loyalty program questions

Let’s dig a little deeper into some aspects of loyalty programs and data privacy. 

How does a loyalty program work? 

Loyalty programs reward ongoing relationships with points, cash, discounts, or other incentives. 

Do loyalty programs violate privacy? 

Most loyalty programs extensively track buying habits, web search history, consumer demographics, and a lot more. 

Are loyalty programs worth it? 

To join most loyalty programs is to give your data in exchange for a few dollars off a purchase. There’s no guarantee for how far that data can spread and it may make costs higher in the long run. 

What are the worst loyalty programs? 

When it comes to personal data collection, Kroger’s loyalty program is one that’s come under a lot of scrutiny. Kroger made $527 million off of selling its customers’ data to data brokers in 2024, and that number has likely gone up since. 

Reader’s Digest also accused Starbucks and Target of participating in surveillance pricing through their apps, but they’re far from the only ones. If an app or service mentions personalized pricing, just know that’s usually the more “acceptable” term for surveillance pricing. 

What are the best loyalty programs? 

Look features like:

• Clear privacy policies
• Option to delete data
• No location tracking or approximate location tracking only
• Minimal sign-up details required
• Easy opt-out option to prevent sharing data with third parties

It’s possible to get the benefits of brand loyalty without giving up your privacy completely. 

Final thoughts

Loyalty programs hook you in with promises of lower prices and exciting deals, but they rarely deliver. Instead, they sell your data and violate your privacy. Don’t make it easy for them. 

Learn more

• Try out our free scan to see where your information might be exposed and put you at greater risk of scams online
• Discover how privacy policies trick you so companies can misuse your data
• Learn about National Consumer Protection Week