13 trackers. 6 not in the policy. A checkout tool that already knew our phone number.

Executive summary

We opened a D2C shopping website. 13 trackers loaded — including Microsoft Clarity (visit recording), Meta Pixel, Snap Pixel, and GoKwik (checkout identity). 6 of those trackers were not named anywhere in the privacy policy. When we signed in with Google, the site obtained our phone number from a third party — we never gave it directly.

Evidence snapshot

What trackers we found

Microsoft Clarity recorded screen behavior. Meta Pixel, Snap Pixel, Google Ads, Taboola, and Tapad followed browsing across sites. GoKwik was present at checkout — a tool that can recognize shoppers across different stores. CleverTap and Branch handled marketing automation. 6 of these trackers were not named in the privacy policy.

What the privacy policy says

The policy says data may be shared with "group companies, affiliates, and other third parties." It claims advertising cookies "do not contain personal information." It does not name Microsoft Clarity, GoKwik, Branch, CleverTap, or Snap. The policy also states the company is "not responsible for checking if your sensitive personal data is real or accurate."

What the product flow showed

We signed in using Google. The site obtained our phone number from a third party — not from us. We never entered it. The grievance response we received was generic and did not address the specific data-rights question we asked.

Why this matters

When a shopping site gets your phone number from a third party without telling you, uses a checkout tool that can track you across stores, and does not name 6 of its 13 trackers — the gap between what the policy promises and what the website does is wide. Evidence exists. Company name withheld.