Published on Jun 26, 2025
More than three years after family safety app Life360 (LIF) announced it would transition away from the sale of users’ precise geolocation data in favor of providing business partners with “aggregated” data analytics, the company appears to be creating thousands of audience “segments” based on users’ location visits and selling them through LiveRamp Holdings, Inc. (RAMP)’s Data Marketplace, a Capitol Forum investigation has found.
But rather than providing anonymized insights into consumers’ foot traffic patterns, the Data Marketplace segments enable advertisers to target Life360 users based on personal information like age, gender, household income, and parental status. Segments also group together millions of different users recorded by the app as having visited thousands of different retail and business locations, from pizza parlors and gas stations to spas and lingerie stores.
A list of Data Marketplace segments available as of March and accessed by The Capitol Forum included more than 4,600 Life360 segments, all of which claim to be “obtained using exclusively first-party mobile geolocation data of Life360 Mobile App users who have consented to share their real-world movements and visitation patterns.”
Users must agree to the Life360 Privacy Policy before using the company’s popular mobile app, which lets children, parents, and friends share each other’s locations with invite-only “Circles” and send SOS alerts, request roadside assistance, and access other emergency features. But as the policy elaborates, loved ones aren’t the only parties privy to users’ location movements.
In addition to disclosing users’ personal information to facilitate targeted advertising on its own apps, Life360 says in its policy that “we also disclose certain information, including precise geolocation data, movement data, and other information, about your use of our Services to select business partners for their own uses, including to combine with other information to derive insights and analytics and use for their own and others’ advertising and monetization purposes.”
“Many privacy policies have the same core problems: technical jargon, legalese, unreadable length, and vagueness,” Justin Sherman, CEO of research and advisory firm Global Cyber Strategies and scholar in residence at Electronic Privacy Information Center, said. “This is vagueness 101. When a company writes a privacy policy in such a way that they’re leaving basically anything and everything on the table with respect to how they use your data, that’s not helpful for a consumer trying to understand what actually is happening.”
After reporting by The Markup in December 2021 revealed that Life360 was selling users’ precise geolocation data to approximately a dozen data brokers, CEO Chris Hulls said the company would roll back such deals, except with Allstate’s Arity (ALL), while announcing the company would also start selling “aggregated data” to location analytics firm Placer.ai.
“Life360 recognises that aggregated data analytics (for example, 150 people drove by the supermarket) is the wave of the future and that businesses will increasingly place a premium on data insights that do not rely on device-level or other individual user-level identifiers,” Hulls said in his announcement of the Placer.ai deal. “As a result, we believe this partnership will enable us to spend less time navigating the rapidly evolving regulatory and platform environment, while simultaneously reducing business risk.”
In its latest annual filing, Life360 acknowledges the Arity and Placer.ai agreements and says a portion of its revenue was “generated indirectly from the sale of aggregated data (non-personally identifiable information) for the purposes of data insights from our member base to our partners.” On June 12, the company also announced the launch of two new offerings as part of its growing ad platform that would help brands reach Life360 users based on “real-world behavior and household context” and conduct foot traffic analytics to measure ad effectiveness.
But privacy experts warn that data sold in LiveRamp’s Data Marketplace likely is personally identifiable, given that it can be associated with “RampIDs,” pseudonymous unique identifiers that are assigned to individuals recognized by LiveRamp and used to target specific devices.
“It’s just simply not a viable position to take [that data sold on the Data Marketplace is non-personally identifiable information],” says Arielle Garcia, the Chief Operating Officer of digital advertising watchdog Check My Ads.
“[RampIDs] not only match users across segments but are able to reach users across various websites and apps and platforms, and thus also enable their further tracking,” Garcia added. “These data brokers that are making their audience segments available via, for example, LiveRamp’s Data Marketplace, can’t even themselves seem to agree on whether their audience segments, are considered ‘aggregated,’ ‘anonymized,’ ‘deidentified,’ or none of the above.”
LiveRamp’s Data Marketplace Data Policy ostensibly prohibits vendors from uploading segments that “intend to target” certain sensitive topics, including precise location, defined as “Data that locates a device or person to a geographic area that is smaller than the area of a circle with a radius of 500m (i.e., 785,398 square meters, 0.785 square kilometers, or 0.303 square miles).”
In an email to The Capitol Forum a Life360 spokesperson said that “Life360 does not share precise geolocation data with LiveRamp. Instead, Life360 offers audiences like ‘visitors of [brand]’ on LiveRamp, without including any location data.”
The spokesperson added that Life360 began selling audience segments through LiveRamp in August 2024 “so that advertisers can reach relevant audience segments” and plans to continue selling segments on the Data Marketplace.
When asked how the company defines “aggregated data,” the spokesperson referred to this blog post on Life360’s aggregated data partnerships.
With regards to whether user data sold on the LiveRamp Data Marketplace will be linked to any personally identifiable information, the spokesperson said “RampIDs are encrypted. Life360 does not share Life360-generated PII [personally identifiable information] with LiveRamp.”
LiveRamp did not respond to a request for comment.
LiveRamp hosts audience segments based on potentially sensitive characteristics, assigns consumers unique identifiers. If sold on the LiveRamp Data Marketplace, a Life360 users’ data does not necessarily sit in a silo. According to LiveRamp’s 2023 annual filing, the Marketplace serves as a one-stop shop for data buyers, adtech companies, and leading global brands to purchase audience segments from more than 200 data providers to “improve [advertising] targeting, measurement, and customer intelligence” of “approximately 700 million consumers worldwide.”
Rather than conducting targeted advertising itself, LiveRamp’s Data Marketplace and the company’s “identity resolution” services help fuel the multi-billion-dollar data broker industry by painting a fuller picture of an individual or household’s online behavior “across devices, channels, and touchpoints.”
The Capitol Forum previously reported on how the Data Marketplace hosts thousands of segments that group consumers together by their specific race, ethnicity, or country of origin, along with a host of other potentially sensitive attributes, from religious affiliation and health conditions to political viewpoints and active-duty U.S. military status.
Consumers can be associated with multiple segments, thanks to RampID—a pseudonymized alphanumeric identifier LiveRamp assigns to individuals and their personally identifiable information—such as an email, name, phone number, or postal address. The identifier, akin to a digital Social Security number, is then linked to any online or offline information about the consumer, from a Facebook username to web browsing activities tracked by cookies, that LiveRamp has collected.
“[B]y associating an email address with a cookie, LiveRamp and third parties can link your browsing activity across different websites and other applications and services to your specific device associated with the email address, identifying the user behind the device,” LiveRamp says in its Product and Service Privacy Notice.
“This means that, even when browsing unrelated sites, your online activity can be connected to you for advertising and other marketing-related purposes, including email marketing and offline advertising,” the policy continues. “As technological capabilities increase, the ability of any consumer to maintain a state of not being known online will inevitably decline.”
Source: docs.Liveramp.com
LiveRamp further explains in its latest annual filing that “Data accessed through the LiveRamp Data Marketplace is connected via RampID and is utilized to enrich our customers’ first-party data and then can be leveraged across technology and media platforms, agencies, analytics environments, and TV partners.”
While LiveRamp touts RampID’s ability to provide an “accurate and comprehensive 360-degree view of your customers,” privacy experts say such forms of persistent identifiers are ripe for privacy abuse by making it easier for bad actors to potentially stitch together thousands of disparate consumer attributes and reidentify an individual.
“The ability to combine three or four datasets and know exactly how the rows and columns match up is potentially a great way of unmasking the people within those individual datasets,” Sherman said. “If you have a universal identifier for the people layered on top of that, it makes the privacy considerations even greater.”
While Life360 says in its privacy policy that it does “not make available your contact information (e.g. your name, email, phone number)” to the select business partners it discloses precise geolocation data to for advertising and monetization purposes, it does appear to provide such partners with users’ mobile advertising IDs (MAIDs) and similar digital identifiers.
Source: Life360-legal
In its own privacy notice, LiveRamp states that a MAID—a unique string of numbers that operating systems assign to a specific mobile device to help advertisers track and target the user—should be considered personal information as it is “reasonably capable of being associated with, or could reasonably be linked with a particular consumer or device.”
LiveRamp says it can send clients “files that map cookies, user IDs, and mobile devices to RampIDs on a regular cadence.”
Life360 Data Marketplace segments can target millions of users based on site visits, personal information. Life360 segments sold on the Data Marketplace as of March claim to help advertisers target millions of users who the app recorded as having visited thousands of different commercial locations or who share personal attributes such as gender, income, and even the age of their children.
Audience segments targeting commercial site visits—which range in type from laundromats, pet stores, and jewelry stores to hotels, movie theaters, and fast-food chains—are typically split into “Visitor” and “Frequent Visitor” segments. The latter segments claim to target visitors “falling within the top 30th percentile of visit frequency in the last 90 days.”
Life360’s privacy policy states the company does “not share or sell personal information of members we know to be children, nor do we show ads in child accounts,” although dozens of segments appear to target frequent visitors of children’s clothing retailers and toy stores. While advertisers may not be able to target users Life360 knows to be children directly through the app, The Capitol Forum previously reported on how hundreds of Data Marketplace segments appear designed to help advertisers reach children and teens by proxy audiences such as parents and households.
Other Life360 segments track users’ visits to business locations that could potentially reveal personal information like frequent substance use and eye or skin conditions.
Names of Life360 Data Marketplace segments reviewed by The Capitol Forum that group together users by shared geolocation visits included:
Examples of Life360 segments that target users based on shared personal traits, rather than geolocation data, included:
“These segments are really descriptive,” Suzanne Bernstein, counsel at the Electronic Privacy Information Center, said. “It’s all certainly beyond what a Life360 consumer, parent or child, would expect and what was disclosed to them in the privacy policy, which doesn’t include any description of LiveRamp […] It’s shocking to see.”
Although Life360’s privacy policy outlines how users can navigate to the “Your Privacy Choices” tab of their mobile app to disable the sale of personal information to third parties for commercial use or targeted advertising, Bernstein said an individual consumer likely doesn’t have the bandwidth to read this type of policy, let alone understand whether or not they should exercise the “opt out” right.
“It’s another hoop to jump through that I think Life360 is betting on consumers not doing as often,” she added.
According to Life360’s current privacy policy, which appears to have been updated after The Capitol Forum reached out for comment, 3,608,554 users requested to opt-out of sales of personal information over the course of 2024, which would represent less than 5% of the over 83 million monthly active users Life360 reported having as of this month. As of June 18, the policy only included the 2023 opt-out totals (1,466,302 users).
“Approximately 95% of Life360 members share their location, enabling the always-on, deterministic insights that gives advertisers a level of precision and context that fragmented, third-party models can’t match,” the company said in the June press release announcing its new ad products.
While Life360 users can opt out of data sales, they must agree to always share their location in order for the app to function properly and provide real-time alerts.
Source: Life360 app (iOS version)
After installing the app, if a user disables location sharing with Life360 through their mobile device’s operating system, the app displays a pop-up asking them to enable location sharing for the app to work “correctly.” The pop-up includes text indicating a users’ “location data will also be shared with third parties, including for research tailored advertising, and analytics purposes, in accordance to our Privacy Policy and user settings.”
But once their location is shared, a user must still read the policy to try and understand what data sharing with third parties actually entails and how to exercise their opt-out rights.
“It’s definitely not a sufficient privacy policy and it’s one of these examples of companies that just provide a carte blanche description of their sharing [practices] and they try to package it as a ‘privacy disclosure,’” Bernstein said.
Life360 pivots to ad revenue as state laws and attorneys general crack down on precise geolocation and children’s data sales. Since the end of its second quarter last year, Life360 has sold programmatic ads on its app, which is free to use but includes paid subscription tiers. In August CEO Chris Hulls said the company would see a “noticeable increase” in ad revenue as the company “further enable[s] our platform through service integrations like those in place with The Trade Desk, LiveRamp, PubMatic, and Google Ad Manager.”
On June 12, Life360 announced the launch of location-based ad targeting solution “Place Ads” and foot traffic analytics service “Uplift,” as part of its larger ad platform.
According to the company, Place Ads helps brands deliver “timely” messages triggered by “movement patterns and household-level insights,” such as when a user finishes a grocery run or pulls into a shopping center. Uplift meanwhile provides “deterministic footfall measurement” to measure ad impact and is available to advertisers running campaigns on Life360 or to assist with “broader programmatic efforts.”
“We can basically draw a circle around any point of interest that you think is interesting to your brand,” Brian McDevitt, Life360’s VP of ads, told AdExchanger regarding the Uplift product. The company says it does not geofence sensitive locations like medical clinics, schools, and places of worship.
Life360’s move into programmatic advertising and sale of audience segments on the Data Marketplace comes as state and federal enforcement agencies are increasingly cracking down on the unfair collection and use of consumers’ precise geolocation data and children’s personal information.
Allstate subsidiary Arity, which Life360 maintains its geolocation sharing partnership with, was sued by Texas Attorney General Ken Paxton in January for allegedly illegally collecting and selling millions of consumers’ smartphone location data. Texas is currently appealing an order granting special appearances in that case. Arity’s deadline to file a brief in response to the appeal was June 25 but as of time of publication the brief did not appear to have been available on the docket.
The Texas suit names Life360 as one source of Arity’s geolocation data and criticizes the Life360 app’s permissions page for telling users they needed to permit location sharing “to enable data use for the in-app map, Place Alerts, and location sharing with [a user’s] Circle,” without naming Arity or referencing Arity’s data practices.
On April 22 the FTC published its first updates to the Children’s Online Privacy Protection Rule since 2013, which, among other changes, will require companies to obtain separate parental consent before sharing kids’ personal information with a third party for any purpose, except to support the internal operations of the website or online service being used.
On the legislative front, Oregon became the second state to ban the sale of consumers’ precise geolocation data after Governor Tina Kotek signed an amendment to the Oregon Consumer Privacy Act on June 3. Maryland was the first state to approve such a measure, as part of its comprehensive data privacy law which is set to take effect October 1.
“This is not a partisan issue,” Sherman said. “When policy makers or members of the public know companies have piles of data on their 24/7 phone locations, they think it’s creepy.”
