What is The Non-Consensual Cookie Bandit?

A satirical web experience that parodies cookie consent popups by "auditing your life" instead of tracking your data. It's a humorous exploration of digital consent culture.

Is this actually tracking my cookies?

No. Despite the name, we don't actually track cookies in the traditional sense. This is a parody project that uses "cookies" as a metaphor for life decisions.

Is the life audit real?

The audit is generated for entertainment purposes only. Results are satirical and should not be taken as genuine life advice.

Can I play games on this site?

Yes! We have several mini-games including the Reject Button Game and Cookie Clicker. More games are being added regularly.

Does PayPal sell my financial data?

PayPal shares data with affiliates, marketing partners, and financial industry companies. They do not use the term 'sell' but the data sharing described in the policy constitutes commercial use of transaction data. Under CCPA, PayPal offers a 'do not share my personal information' opt-out.

What happened with the PayPal $2,500 fine for misinformation?

In October 2022, PayPal added a clause to its acceptable use policy allowing it to fine users $2,500 per incident of 'misinformation.' The clause was so broadly worded it applied to almost any dispute. PayPal retracted the clause within days, attributing it to an 'error.' The Bureau notes that such errors do not typically appear in legal documents by accident.

Venmo transactions are public by default — your friends and their friends can see your payment descriptions. This setting must be manually changed to private for each transaction or globally in settings. The Bureau recommends changing the default to private immediately upon signup, which most users do not do.

← Hall of Shame

C-

PayPal

fintechpaymentsfinancial-dataadvertisingnetwork

11,200

Word Count

45 min

Reading Time

0 min

Human Patience

7/10

Sneakiness

Translation Service

What They Say

PayPal's privacy policy is 11,200 words — the longest in our archive — and covers their operations as a financial services provider, their consumer payment services, and the entire PayPal family of companies including Venmo, Braintree, and Honey. They explain their data use for fraud prevention, creditworthiness assessment, and service improvement. Financial services companies are subject to additional regulatory requirements which PayPal complies with.

What They Mean

PayPal has your complete financial transaction history across millions of merchants. This creates an income profile, a spending behaviour model, and a financial risk assessment that is commercially valuable beyond its payment processing function. In 2023, PayPal updated its acceptable use policy to include a $2,500 fine for 'misinformation' — a clause so broadly worded that it triggered widespread account closures before being retracted. The Honey browser extension (acquired 2019) tracked user price comparison shopping and allegedly redirected affiliate commissions — a practice that became the subject of a class action lawsuit and significant media coverage.

Worst Clause — Exhibit A

"PayPal may share personal information with our affiliates and subsidiaries, companies that we plan to merge with or acquire, joint marketing partners, companies in the financial services industry, co-branded product and service partners, and other third-party service providers who provide services to us."

Bureau Translation:

Your financial transaction data is shared with 'companies in the financial services industry' as a category — which includes credit bureaus, insurance companies, and financial product providers. The ability to market financial products using your transaction history, across the full PayPal family (Venmo, Honey), represents a financial profiling operation of significant scale. The Bureau notes that most users think of PayPal as a payment processor rather than a financial data broker.

Evidence Tags — Data Collected

Complete transaction history with merchants and individualsBank account and credit card informationIncome, creditworthiness, and financial behaviour signalsPurchase category data across all PayPal merchantsDevice information and login behaviourConnected account data (Venmo, Braintree, Honey)Communication records with PayPal support

Bureau Verdict

"PayPal's data collection is appropriate for a financial services company and their regulatory compliance is real. The Bureau's concerns are with the commercial use of financial transaction data for advertising and third-party sharing, and the Honey affiliate commission controversy. Grade C- reflects the legitimate regulatory framework PayPal operates in, offset by data uses that exceed what payment processing requires."

C-

Overall Grade

Comprehensive and Deliberately So

Frequently Asked Questions

Dark Patterns Documented

Hidden Costs →Bait and Switch →

See the full Dark Pattern Encyclopedia for documentation of each technique.

← All Companies Dark Pattern Encyclopedia →Terms Nobody Read →

Audited: 2026-03-20