Privacy GuideJuly 4, 20268 min read

Privacy Risks of Sports Betting and Fantasy Sports Apps

SC

By Sarah Chen

Head of Privacy Research

Privacy Risks of Sports Betting and Fantasy Sports Apps

Don't want to do this by hand? We remove your info from 100+ broker sites automatically.

Sports betting and fantasy sports apps have exploded in popularity since the Supreme Court struck down the federal ban on sports wagering in 2018. Platforms like DraftKings, FanDuel, BetMGM, and Caesars now operate across dozens of states, generating billions in revenue. But the price of placing a bet goes far beyond the wager itself. These apps collect staggering amounts of personal data — from your Social Security number and government-issued ID to your precise location, behavioral patterns, and even details about other apps on your phone. Here is what you need to know about the privacy risks before you place your next bet.

What Data Do Sports Betting Apps Collect?

The scope of data collection by major sports betting platforms rivals or exceeds that of social media apps. According to research into app data practices, DraftKings leads the industry by collecting 22 distinct data points, including:

  • Precise and approximate location — tracked continuously while the app is in use and sometimes in the background
  • Photos, videos, and files stored on your device
  • Contact lists and information about other installed apps
  • Messages and documents on your phone
  • Betting history, transaction records, and account balances
  • Device identifiers, IP addresses, and browsing behavior

FanDuel collects 14 data points, including precise and approximate location, photos, and a list of installed apps. Caesars and BetMGM gather similarly broad datasets. Even less prominent platforms request permissions that go well beyond what is necessary to place a wager.

Identity Verification: Handing Over Your Most Sensitive Data

Unlike most apps, licensed sportsbooks are legally required to perform Know Your Customer (KYC) verification. This means they collect and store some of your most sensitive personal information:

  • Full legal name, date of birth, and home address
  • Social Security number (full or last four digits)
  • Government-issued photo ID (driver’s license, passport, or state ID)
  • Financial information including bank account details, payment card numbers, and transaction history

Sportsbooks claim they handle this data with bank-level encryption, but the reality of how long they retain it — and who else can access it — is often buried deep in privacy policies that few users read.

Offshore Betting Sites Are Even Riskier

Some bettors turn to unlicensed offshore sportsbooks that advertise no-verification betting. These platforms are not subject to U.S. data protection laws, state gaming commission oversight, or any regulatory accountability. Providing your SSN or ID to an offshore site is extremely risky — you have no legal recourse if your data is stolen or misused.

Location Tracking: Always Watching Where You Are

Sports betting apps require precise location data for a legitimate regulatory reason: they must confirm you are physically located in a state where online wagering is legal. But the data collection often goes far beyond compliance.

FanDuel’s privacy policy states that it uses location data to process payments, perform analytics, deliver targeted ads, and share your location with vendors. DraftKings and other platforms similarly leverage location data for purposes well beyond simple geofencing. Your location history can reveal where you live, where you work, which bars and casinos you visit, and how you spend your free time — all of which builds a detailed behavioral profile that has significant commercial value.

Skip the manual work

PrivacyOn removes your personal information from 100+ data broker sites and keeps it removed — automatically.

Start your free scan

★★★★★ 4.8/5 · Trusted by thousands of families

Data Sharing with Advertisers and Data Brokers

The data these apps collect does not stay within the platform. Research has found that on average, sports betting apps share 6 data points with third parties. Some are far worse: FanDuel shares 11 of its 14 collected data points with outside companies, including precise location and in-app search history. Caesars shares 14 data points with third parties, the most of any major platform.

This data flows to advertising networks, analytics firms, and data brokers who aggregate it into detailed profiles. A 2025 lawsuit filed by the city of Baltimore alleged that one Flutter-owned company (FanDuel’s parent) collected at least 186 attributes for each bettor, including their propensity to gamble and susceptibility to marketing. This information is used for behavioral profiling — identifying addictive traits and targeting high-risk gamblers with promotions designed to keep them betting.

Investigations have also revealed that over 150 gambling websites use hidden Meta Pixel tracking tools to send visitor data to Facebook, allowing Meta to profile people as gamblers and target them with ads — often without explicit consent.

Major Data Breaches in the Sports Betting Industry

The massive stores of sensitive personal data held by sportsbooks make them attractive targets for hackers. More than half of the major sports betting apps have been directly or indirectly affected by a data breach.

  • BetMGM (2022): Hackers obtained records of approximately 1.5 million customers, including names, addresses, dates of birth, Social Security numbers, account identifiers, and transaction information. The breach lasted from May to November 2022 before the company detected it.
  • DraftKings (2022): A credential stuffing attack exposed the personal information of over 67,000 customers, including names, addresses, phone numbers, email addresses, account balances, partial payment card numbers, and transaction details. Some affected accounts saw unauthorized withdrawals totaling approximately $300,000.
  • FanDuel (2023): Customer names and email addresses were accessed by hackers after a breach at a third-party mail service provider used by FanDuel.

What Makes Betting App Breaches Especially Dangerous

Unlike a breached email address, the data stolen from sportsbooks often includes Social Security numbers, government IDs, and financial information — the exact combination needed for identity theft, fraudulent tax filings, and financial fraud. If your data is exposed in a betting app breach, the consequences can follow you for years.

How to Minimize Your Privacy Risk

If you use sports betting or fantasy sports apps, take these steps to limit your exposure:

  1. Review app permissions carefully. Deny access to contacts, photos, files, and other data the app does not need to function. On both Android and iOS, set location access to “Only while using the app” rather than “Always.”
  2. Use a dedicated email address. Create a separate email account for betting apps so your primary inbox and associated accounts stay insulated from breaches.
  3. Enable two-factor authentication. Every major sportsbook offers 2FA. Turn it on to prevent credential stuffing attacks like the one that hit DraftKings.
  4. Opt out of marketing and data sharing. Check the privacy settings within each app and opt out of personalized advertising, promotional communications, and third-party data sharing wherever possible.
  5. Use strong, unique passwords. Never reuse passwords across betting accounts and other services. A password manager makes this practical.
  6. Monitor your credit and identity. Place a credit freeze at all three bureaus and monitor for signs of identity misuse, especially if you have provided your SSN to a sportsbook.
  7. Read the privacy policy. Before signing up, check what data the app collects, how long it retains it, and which third parties it shares with. If the policy is vague about data sharing, consider that a red flag.

Remove Your Data from the Brokers Who Already Have It

Locking down app permissions and using strong passwords protects you going forward, but it does not address the data that sportsbooks and their partners have already shared with data brokers. Your name, home address, phone number, email, and even your gambling activity may already be listed on people-search sites and marketing databases where anyone can find it.

PrivacyOn removes your personal information from 100+ data broker sites, continuously monitors for re-listings, and provides dark web monitoring to alert you if your data surfaces in breach dumps or underground markets. Family plans cover up to 5 people starting at just $8.33 per month — making it practical to protect everyone in your household, not just the person placing the bets. If you use sports betting apps, pairing responsible privacy settings with a data removal service like PrivacyOn is the most effective way to keep your personal information from being exploited.

SC
Sarah Chen

Head of Privacy Research

CIPP/US CertifiedIAPP MemberB.S. Computer Science

CIPP/US-certified privacy researcher with over a decade of experience helping consumers remove their personal information from data brokers.

Your info is on 100+ broker sites. Take it down.

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.

★★★★★ 4.8/5 · Trusted by thousands of families