Loading…
Loading…
Loading…
Loading…
Loading…
Loading…
Free to get started. No card charged today.
Browse 8,265 companies freeA deep investigation into GoodRx's data collection, privacy violations, and surveillance practices. Founded 2011 in Santa Monica, California.
Upgrade to SeekerPro for deep-dive reports on every company that touches your data. Members get breach timelines, violation histories, privacy risk scores, and executive contact data before anyone else.
Try SeekerPro →GoodRx operates a prescription drug discount platform used by millions of Americans to find lower prices on medications. The company was fined by the FTC in February 2023 for sharing users personal health data, including specific medications and health conditions, with advertising platforms including Facebook, Google, and Twilio after prominently promising that it would never sell personal health information. The FTC alleged that GoodRx shared prescription medication data and associated health conditions to target users with personalized advertising, meaning that someone filling a prescription for HIV medication, antidepressants, or erectile dysfunction drugs may have had their medication data transmitted to advertising platforms for targeting purposes. GoodRx used Meta Pixel, Google Analytics, and other tracking technologies to transmit health data directly from its website and app to advertising companies. The company built custom Facebook advertising audiences using lists of users who had searched for or purchased specific medications, creating pharmaceutical targeting segments based on sensitive health conditions. This was particularly egregious because GoodRx users typically seek discount prescriptions precisely because they cannot afford standard healthcare, making them a vulnerable population whose financial desperation was exploited for advertising revenue. The FTC order was the first enforcement action under the Health Breach Notification Rule against a digital health company, establishing important precedent for health data privacy outside of HIPAA-covered entities.
The following is a documented list of data points that GoodRx collects from users, customers, and in some cases non-users. This data powers their business model, fuels targeted advertising, and in many cases is shared with or sold to third parties including government agencies.
Upgrade to SeekerPro for deep-dive reports on every company that touches your data. Members get breach timelines, violat...
Try SeekerPro →Run a free privacy and compliance scan on any website in 60 seconds. NexusBro checks cookie consent, hidden trackers, th...
Try NexusBro →Stop spending hours filing DSAR requests and opt-out forms manually. BliniBot automates data deletion requests, cookie c...
Try BliniBot →Below is a timeline of documented privacy violations, regulatory fines, lawsuits, and enforcement actions against GoodRx. These events represent only the violations that became public. The true scope of data misuse at any major company is almost certainly larger than what regulators and journalists have uncovered.
FTC fine for sharing health data with Facebook, Google despite privacy promises
$1.5 million
First FTC enforcement under Health Breach Notification Rule
Precedent-setting order
HHS investigation into GoodRx Care telehealth data practices
Ongoing
You do not have to accept GoodRx's data practices. These alternatives offer comparable functionality with significantly better privacy protections. Switching reduces the volume of personal data flowing into commercial surveillance systems and sends a market signal that privacy matters.
Run a free privacy and compliance scan on any website in 60 seconds. NexusBro checks cookie consent, hidden trackers, th...
Try NexusBro →Stop spending hours filing DSAR requests and opt-out forms manually. BliniBot automates data deletion requests, cookie c...
Try BliniBot →Build compliant marketing campaigns that convert without invasive tracking. ContentMation generates privacy-respecting f...
Try ContentMation →Start by understanding what data GoodRx already has on you. Check your account settings, download your data archive if available, and review what permissions you have granted. Use OpenPublicHub to research the full scope of GoodRx's data practices and compare them against industry standards.
Disable unnecessary data collection settings, revoke app permissions you do not actively need, and opt out of personalized advertising where possible. Review connected third-party apps and remove any that you no longer use. Every permission you revoke reduces your attack surface and limits the data available for profiling.
Under GDPR, CCPA, and other privacy laws, you have the right to request access to, correction of, and deletion of your personal data. File a Data Subject Access Request (DSAR) to see what GoodRx holds about you. Use BliniBot to automate the process across multiple companies simultaneously.
The most effective protection is to stop using privacy-invasive services entirely. The alternatives listed above offer comparable functionality without the surveillance. Start with the service you use most frequently and work through the list. Every user who switches sends a market signal that privacy is a competitive advantage.
Privacy threats evolve constantly. Follow this expose and related reports on OpenPublicHub to stay updated on GoodRx's practices. Share this page with friends and colleagues so they can protect themselves too. Collective action and informed consumers are the most powerful force for changing corporate behavior.
Yes. The FTC confirmed that GoodRx shared personal health information including specific prescription medications and associated health conditions with Facebook, Google, and Twilio for advertising targeting. If you used GoodRx, your medication data was likely transmitted to these platforms despite the company promising it would never sell health information.
The FTC fined GoodRx $1.5 million, a fraction of its $803 million annual revenue. The case was the first enforcement under the Health Breach Notification Rule, which has limited penalty provisions compared to HIPAA. Critics argue the fine is so small it functions as a cost of doing business rather than a deterrent.
Mark Cuban Cost Plus Drugs offers transparent pricing without advertising-driven data collection. Manufacturer patient assistance programs provide free medications to qualifying patients. State pharmaceutical assistance programs exist in most states. These alternatives do not rely on advertising revenue models that incentivize health data sharing.
Upgrade to SeekerPro for deep-dive reports on every company that touches your data. Members get breach timelines, violat...
Try SeekerPro →Run a free privacy and compliance scan on any website in 60 seconds. NexusBro checks cookie consent, hidden trackers, th...
Try NexusBro →Stop spending hours filing DSAR requests and opt-out forms manually. BliniBot automates data deletion requests, cookie c...
Try BliniBot →Tools trusted by thousands of privacy-conscious professionals worldwide
No card charged today. Cancel anytime.
Want unlimited access? Explore SeekerPro