Privacy guide

Your phone number was shared without your permission. Here is why.

Why spam calls can start after one signup, how phone numbers move through checkout and marketing tools, and what to do next.

The simple answer

Your phone number usually leaks through boring pipes, not dramatic hacks. You enter it into one store, checkout, app, form, coupon page or delivery flow. Then that number can move into marketing, analytics, customer support, identity, checkout and advertising tools.

Sometimes the company collected it directly. Sometimes a partner or embedded tool already knows it. Either way, the result feels the same to you: you gave your number once, and suddenly the internet behaves like everyone has it.

What to check

1
Ask where the number was first collected.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Check whether the page used checkout, CRM, analytics or ad pixels.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Separate service messages from promotional calls.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Send a data access or deletion request if the company keeps contacting you.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

Phone numbers are identity keys.

In the State of Privacy investigation, phone numbers often sat inside checkout, marketing and identity flows. That matters because a phone number can connect visits, purchases, ads and follow-up calls across different places.

What to do next

1
Do not give your number unless the service truly needs it.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Use DND, but do not assume DND fixes data sharing.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask the company what data it has and where it got your number from.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Can a company share my phone number?

A company should have a clear purpose and lawful basis before sharing your phone number. The practical problem is that many flows do not explain this clearly.

Why did spam calls start after signup?

Your number may have entered marketing, sales, checkout, analytics or partner systems after signup. One form can create many downstream uses.

What should I ask the company?

Ask what personal data they hold, where they collected it, who they shared it with, and how to delete or stop using it.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience