How do you approach data and privacy online?
Most people don’t have an answer to that question. Not because they don’t care, but because nobody ever gave them a framework for thinking about it. You either trust the app or you don’t, and if you don’t, you use it anyway because what else are you going to do.
I used to think that way too. And then I watched Adobe take my content and claim the contract allowed it. I watched a family album app tell me they didn’t have to honor my data rights. And I realized: if you don’t have a system for protecting yourself, companies will make that decision for you. And they will not decide in your favor.
So now I have a system. It’s simple. Three options for every product and service I use: buy, build, or bypass.
Buy
If a product is good, and the company shows they truly care about privacy, and their terms don’t contradict what they say — I’ll buy it. I’ll support that.
To be clear - I’m not anti-technology. I’m not anti-business. I’m not the person who thinks every company is out to get you. Some companies do it right. They have clear terms. They tell you what they collect and why. Their privacy policy matches their marketing. They give you real controls over your data. When those things line up, I’m happy to be a paying customer.
The key is the contradiction test. A company can say “we respect your privacy” all day long. But if their terms of service say they can use your data for “developing new features and services” — sound familiar? — then what they say and what they do are two different things. I look at the terms. Not the marketing. The terms tell you the truth.
When the terms match the promises, that’s a company worth supporting with your money.
Build
If a company doesn’t respect data privacy and I want the product, I look at whether I can build it myself.
Real example. I used to use a family album app. It was convenient. I liked the interface. My family was on it. But at some point I started thinking about where all those photos actually live and what the company can do with them. So I submitted a data request — I wanted copies of my data and the option to delete it.
Their response: “It appears that you are residing in the US, so GDPR law is not applicable.”
Read that again. I asked for my own data. Photos of my family. My children. And they said because I’m in the US, they don’t have to give it to me.
That told me everything I needed to know. Not just about that app, but about the gap between what companies are legally required to do and what they should do. GDPR gives European users strong data rights. But if you’re in the US, many companies treat your data like it’s theirs.
So I built my own. It’s called MemoryNest — memorynest.app. Privacy-focused family photo sharing. Because my family’s photos are not someone else’s data. That’s not a product pitch. That’s a principle.
Now, not everyone can build their own app. I get that. But the point isn’t that everyone should become a developer. The point is that when a company shows you they don’t respect your data, you should take that seriously. And if you have the ability to build a better alternative, even if it’s just for yourself and your family, there’s real power in that.
Bypass
And then there’s the third option. If a product isn’t worth building and the company doesn’t respect your privacy — but you still want to use the service for some reason — bypass.
What does that look like? Disposable email addresses. Disposable information. Even disposable payment cards. So they can never build a true data profile of you.
Most apps and services ask you for your real name, your real email, your real payment info. And most people hand all of it over without thinking about it. But you don’t have to. There are services that let you create disposable email addresses that forward to your real inbox. There are virtual card services that generate one-time-use card numbers so a company never gets your actual payment info. And you can use whatever name and information you want for accounts that don’t require legal verification.
The idea isn’t to be paranoid. The idea is to be intentional. If a company hasn’t earned your real data, why give it to them? If they get breached, it’s a disposable email, not your primary one. If they sell your data, it’s a profile that doesn’t connect to anything real. If they refuse to delete your information, there was nothing real to delete in the first place.
You control the relationship. Not them.
Why I Think About This the Way I Do
I think people underestimate how much of their life is sitting in systems they don’t control. Your photos. Your messages. Your purchase history. Your location data. Your creative work. All of it living on someone else’s servers, governed by someone else’s terms, accessible to someone else’s AI models.
I learned this the hard way with Adobe. I gave them 11,855 images under a licensing agreement I thought was straightforward. They used them to train AI. When I challenged it, they argued the contract allowed it because of the word “new.”
I read terms before I sign up. I think about what data I’m giving and what they could do with it. I ask myself: does this company deserve my real information? And if the answer is no, I have a plan. Buy, build, or bypass.
It’s not about living in fear. It’s about being aware. Most people sleepwalk through sign-ups and downloads and “I agree” buttons. And then one day they find out their family photos can’t be deleted. Or their creative work trained an AI. Or their data was sold to a broker. By then it’s too late.
The framework is simple. The hard part is remembering to use it.
If You Want to Start
You don’t have to overhaul your entire digital life this week. But here are a few things you can do right now.
Pick one app you use daily and go read their privacy policy. Not the marketing page. The actual terms. See what they say about data sharing, data retention, and what happens when you want to delete your account. You might be surprised.
Set up a disposable email service. There are options out there — some free, some paid — that let you create aliases that forward to your real inbox. Next time an app asks for your email, give them an alias instead of the real thing.
Look into virtual card services. Some banks and fintech companies let you generate one-time-use card numbers. That way, if a company gets breached or starts charging you unexpectedly, your actual card is never exposed.
And for the stuff that really matters to you — family photos, creative work, personal memories — think about where it lives and who controls it. If the answer isn’t you, that’s worth changing.
