Privacy Postcard: Starbucks Mobile App

2 min read

For more information about Privacy Postcards, read this post.

General Information

• Name of Service: Starbucks mobile app
• Android App: https://play.google.com/store/apps/details?id=com.starbucks.mobilecard
• Privacy Policy url: https://www.starbucks.com/about-us/company-information/online-policies/privacy-policy
• Policy Effective Date: November 15, 2017

App permissions

The Starbucks app has permissions to read your contacts, and to get network location and location from GPS.

Access contacts

The application permissions indicate that the app can access contacts, and this is reinforced in the privacy policy.

Law enforcement

Starbucks terms specify that they will share data if sharing the information is required by law, or if sharing information helps protect Starbuck's rights.

Location information and Device IDs

Starbucks can use location as part of a broader user profile.

Data Combined from External Sources

The terms specify that Starbucks can collect, store, and use information about you from multiple sources, including other companies.

Third Party Collection

The terms state that Starbucks can allow third parties to collect device and location information.

Social Sharing or Login

The terms state that Starbucks facilitates tracking across multiple services.

Summary of Risk

The Starbucks mobile app has several problematic areas. Individually, they would all be grounds for concern. Collectively, they show a clear lack of regard for the privacy of people who use the Starbucks app. The fact that the service harvests contacts, and harvests location information, and allows selected information to be used by third parties to profile people creates significant privacy risk.

People shouldn't have to sell out their contact list and share their physical location to get a cup of coffee. I love coffee as much as the next person, but avoid the app (and maybe go to a local coffee shop), pay cash, and tip the barista well.