Gravy Analytics (acquired by Unacast) has emerged as one of the most controversial data providers in the United States. As specialists in privacy and data governance, Data Allegiance highlights the significant reasons why Gravy Analytics is considered a risky data partner — based on regulatory actions, major data breaches, and questionable data practices.

If you're evaluating third-party data providers, understanding the risks associated with Gravy Analytics is critical for protecting your organization’s reputation and compliance posture.

1. FTC Enforcement Action Against Gravy Analytics for Selling Sensitive Location Data

In December 2024, the Federal Trade Commission (FTC) charged Gravy Analytics and its subsidiary, Venntel, with illegally selling precise location data tied to consumers visiting highly sensitive locations such as hospitals, religious institutions, and military sites — without obtaining meaningful consumer consent.

By January 2025, the FTC finalized an order permanently banning Gravy Analytics and Venntel from selling, licensing, or sharing sensitive location data except under strict circumstances.

This enforcement action highlights serious regulatory risk for any company sourcing data from Gravy Analytics.

2. Gravy Analytics Suffered a Massive Data Breach Exposing Location Data

In January 2025, Gravy Analytics disclosed a major data breach that exposed millions of consumers' location histories. Hackers accessed the company's AWS cloud storage, revealing sensitive information about individuals’ real-world movements, including visits to homes, workplaces, and secure facilities.

For businesses concerned with data security, this breach raises substantial reputational and compliance concerns.

3. Gravy Analytics Collected Consumer Data Without Proper Disclosure

Further investigations found that Gravy Analytics aggregated location data not through direct app partnerships, but primarily via Real-Time Bidding (RTB) streams — meaning that app users were unaware their movements were being monetized.

Apps like Candy Crush, Tinder, and MyFitnessPal were implicated, even though users never knowingly agreed to have their locations sold to third parties.

This practice significantly erodes consumer trust and exposes businesses to privacy litigation risks if they rely on Gravy-sourced data.

4. Sale of Consumer Location Data to U.S. Government Agencies

Gravy Analytics, through Venntel, has sold location datasets to government bodies such as:

• Department of Homeland Security (DHS)

• Immigration and Customs Enforcement (ICE)

• Customs and Border Protection (CBP)

These transactions occurred without clear user consent, sparking outrage from privacy advocates and lawmakers alike.

This exposure to political controversy makes Gravy a strategic risk for companies that value public trust.

Final Verdict: Why Gravy Analytics Is a High-Risk Data Source | Data Allegiance

Data Allegiance strongly advises companies to exercise extreme caution when considering Gravy Analytics as a data provider. With a record of FTC violations, a high-profile data breach, lack of user transparency, and controversial government contracts, Gravy Analytics presents a material risk for any organization concerned with privacy compliance, data ethics, and brand reputation.

Data Allegiance is an independent outlet and we suggest conducting your own diligence when evaluation data providers.