Outlogic (formerly known as X-Mode Social and currently owned and operated by Digital Envoy) has been the subject of major regulatory action and public criticism over its data collection and sale practices.

Data Allegiance's investigation outlines why Outlogic presents significant privacy, compliance, and reputational risks to organizations and brands relying on third-party data.

1. FTC Settlement Prohibits Sale of Sensitive Location Data

In January 2024, the Federal Trade Commission (FTC) announced a major settlement with Outlogic that bans the company from selling or sharing sensitive location data.According to the FTC, Outlogic collected and sold information about visits to:

• Medical clinics

• Religious institutions

• Domestic violence shelters

• Addiction recovery centers

The FTC stated that Outlogic’s practices exposed consumers to discrimination, stigma, and potential physical harm, marking a major violation of consumer privacy rights.

2. Inadequate Consumer Consent and Deceptive Disclosures

The FTC complaint against Outlogic alleged that the company failed to properly inform consumers about:

• What data was collected

• How would that data be used

• Who the data would be sold to

Apps using Outlogic’s SDK collected precise geolocation data without clear and informed consumer consent — a direct violation of Section 5 of the FTC Act against deceptive practices.

3. Ignoring Android Privacy Settings and Opt-Outs

Outlogic was also found to have ignored opt-out settings on Android devices, collecting and sharing location data even when users had explicitly opted out of personalized advertising.This lack of respect for user privacy settings put millions of users at risk and added to Outlogic’s noncompliance history.

4. Sale of Location Data to Military and Government Contractors

Investigative reports revealed that Outlogic sold sensitive location data to:

• U.S. military intelligence contractors

• Federal government agencies

This raised serious national security and human rights concerns — especially given the lack of oversight on how the data was ultimately used.

5. Mandated Data Deletion and New Privacy Controls

Under the FTC settlement terms, Outlogic must:

• Delete all previously collected sensitive location data

• Delete any products built using such data

• Implement a comprehensive privacy program

• Obtain independent assessments of compliance every two years

These sweeping compliance requirements demonstrate the FTC’s view that Outlogic’s past behavior posed an unacceptable risk to consumers.

Conclusion: Why Outlogic Is a High-Risk Data Broker | Data Allegiance

Data Allegiance strongly advises exercising caution when working with Outlogic. Their record of deceptive practices, nonconsensual data collection, sales to sensitive entities, and regulatory enforcement actions make Outlogic a serious privacy, compliance, and reputational risk for any organization concerned with protecting customer trust and adhering to data laws.