GoodRx Saves Money on Meds—It Also Shares Data With Google, Facebook, and Others

To determine how GoodRx shares data, we monitored traffic using a data packet-capturing tool to observe the company's Android mobile app and website as we searched for deals on a number of prescription medications.

Several of the company’s business partners received the names of the medications, along with ID numbers and other information that can be used to single out individuals. The data can reveal intimate information that many people would keep private from all but their close friends and family.

As a test, we looked for discounts on Lexapro, an antidepressant; PrEP and Edurant, used to prevent and treat HIV, respectively; Cialis, for erectile dysfunction; Clomid, a medication used in fertility treatments; and Seroquel, an antipsychotic often prescribed to control schizophrenia and bipolar disorder. With the information coming off our test phone and browser, a company could infer highly intimate details about GoodRx users suffering from serious chronic conditions, and make educated guesses about their sexual orientation.
Braze, a marketing firm, received the names of the drugs, the pharmacies where we sought to fill prescriptions, and ID numbers that advertising and analytics companies use to track the behavior of specific consumers across the web.

Like other companies we talked to, Braze assures Consumer Reports that the data collected isn’t shared broadly with data brokers or advertising companies. Braze says the data is only used to help GoodRx target its own users with information.

Similarly, a company called Branch says it only uses the data it collects from GoodRx to make sure that links within the mobile app work correctly. GoodRx executives say the company doesn’t sell or share users’ health data with other companies to support targeted advertising.
“When we believe a user is running out of medication, we use Braze to email or text a reminder," says Thomas Goetz, chief of research at GoodRx. "We may also notify users when we are able to find a better price for their prescription,” he says. “To reach new customers who might find GoodRx useful, we place advertisements for GoodRx on third-party platforms, including Facebook and Google, and retarget users who have visited GoodRx to encourage them to come back and use the service.” Both Google and Facebook deny using prescription information for targeting individuals with ads. “We prohibit personalized advertising and advertising profiles based on sensitive information, including a user’s prescriptions,” a Google spokesperson says.

A Facebook spokesperson says, “We don’t want websites sharing people’s personal health information with us—it’s a violation of our policies. After an initial review, we think GoodRx’s use of our business tools requires a deeper investigation, and we’re reaching out to the company.”

Our testing of the GoodRx app and website was led by Bill Fitzgerald, a privacy researcher in CR’s Digital Lab. “We observed sensitive information being passed along," he says. "If Facebook doesn’t want this information, and GoodRX doesn’t want to send it, it shouldn’t be happening. The app and site don’t need to be designed this way.”

GoodRx users we reached out to say they are surprised such intimate information was being shared for any purpose.

“I just assumed that there had to be some kind of protection laws or something associated with it because, you know, it’s medical data,” says Cam, a GoodRx user who works as a business analyst in New York. “My instinct was that it was okay, probably because of my past experience with medical information,” Marie of Philadelphia says. “I just assumed, you know, this was my private prescription app."

“It doesn’t feel right,” she says.

Similar Articles:

Does Deleting FaceApp Make You Safe Again?

Does Deleting FaceApp Make You Safe Again?

Millions of Facebook Records Found on Amazon Cloud Servers

Millions of Facebook Records Found on Amazon Cloud Servers

Facebook wants to pay you for your data — read this before you sign up

Facebook wants to pay you for your data — read this before you sign up

Another Facebook data row. But who to blame?

Another Facebook data row. But who to blame?