Clubhouse Is Recording Your Conversations. That’s Not Even Its Worst Privacy Problem

The popular new social media platform is scooping up more data than you might think.

Clubhouse was sort of perfectly made for the pandemic. People aren’t going out, and they’re desperately searching for social connections and entertainment. The app provides both in a way, while also capitalizing on the draw of celebrity influencers on the platform.

It’s also built on one of the most effective strategies for generating buzz and excitement–scarcity. In order to join Clubhouse, you have to have an invite from someone who is already a member. Not only that, they have to have your phone number and give Clubhouse access to their iPhone contacts. No access, no invites. 

From a business standpoint, it certainly makes sense that Clubhouse is taking this approach. Building a social graph from scratch is very hard, and requiring users to upload their contacts list is the most effective way to determine connections. 

There’s a problem, however. As always, the problem comes down to figuring out the right balance between protecting user privacy and the use of data to provide the best experience for both the user and the business behind the app.

In that sense, it’s worth considering that Clubhouse has a few policies that aren’t exactly privacy-friendly. Even worse is the fact that you have to do a bit of digging to even understanding what those policies actually are. I reached out to Clubhouse multiple times but did not immediately receive a response to my questions about how it uses data.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

1. Clubhouse is recording your audio.

One of the “features” of Clubhouse is that it’s ephemeral. You can’t listen to it later, or even pause the room you’re in. You have to show up live in order to participate in the experience. That’s one thing that sets it apart from, say, podcasts, which are recorded and can be listened to at any time. You can’t even record conversations on Clubhouse.

Except, Clubhouse can, and does record what you say. The app’s privacy policy says that Clubhouse rooms are recorded: 

Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live. If a user reports a Trust and Safety violation while the room is active, we retain the audio for the purposes of investigating the incident, and then delete it when the investigation is complete. If no incident is reported in a room, we delete the temporary audio recording when the room ends.

That means that if someone does report a problem, everything that happened in the room is recorded and saved. And, Clubhouse isn’t clear about what happens to it then other than it is saved in order for the company to make a determination. It doesn’t say who can listen to it, or under what conditions.

2. You can’t delete information other people share about you. 

Even if you haven’t created an account, if someone you know has, there’s a good chance Clubhouse already has your phone number. That’s because the app encourages users to upload their entire contacts database in order to send invitations. You can only invite someone who is in your contacts, and it doesn’t include any ability to only share specific contacts. It’s all or nothing. 

In addition, not only might those friends have shared their contact list, but if they connect their social media profiles, that information is collected as well. Clubhouse specifically says that when you “create your account, and/or authenticate with a third-party service like Twitter, we may collect, store, and periodically update information associated with that third-party account, such as your lists of friends or followers.”

What if, say, you have no interest in Clubhouse at all? There’s still no mechanism to have any personal information about you, whether via a phone number or through other social media networks like Twitter or Instagram. 

3. You can’t just delete your account. 

In fact, even if you have an account, you can’t delete it without sending an email to a support account. There’s no option anywhere in the app to delete your account, and neither are there any instructions on what to do if you want to delete it. You have to send an email to “[email protected]” in order to request that your account be canceled, and wait for someone to take action.

4. They can share your personal information without notifying you. 

One of the biggest questions surrounding Clubhouse is how it intends to eventually make money. Looking through the privacy policy, it’s clear that it will likely involve some form of advertising or sponsorship system. To get ready for that, Clubhouse is making clear that it “may share Personal Data with our current and future affiliates.” 

That’s fine, but that same section makes clear that Clubhouse “may share the categories of Personal Data described above without further notice to you.” That means you have no right to know that your personal information that was collected by Clubhouse is now being used outside of Clubhouse.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

5. Clubhouse is tracking you.

The privacy policy says it uses cookies, pixels, and tracking technologies to monitor what you do within Clubhouse, and across the web even though they aren’t currently monetizing the app. This is both confirmed by the privacy policy, as well as traffic monitoring, which shows it uses activity tracking and analytics tools to understand what you are doing with the app.

The company’s privacy policy also explicitly says:

We may share Identification Data and Internet Activity Data with social media platforms and other advertising partners that will use that information to serve you targeted advertisements on social media platforms and other third party websites – under certain regulations such sharing may be considered a “sale” of Personal Data.

It seems pretty clear that Clubhouse is getting ready to monetize the platform it’s building. That’s fair–every business should have a plan for making money. If that plan includes monetizing its users’ activity and data, I think we can all agree it should be upfront and transparent about that fact.