"We never sell your data": it depends what "sell" means

A vendor's privacy page tells you plainly: "we never sell your data." You read that as a promise, and it usually is one, sincerely offered. The word doing the work in that sentence is "sell," and the vendor gets to define it.

That is not a criticism of any particular platform. It is how most privacy policies are written, and it is worth thirty seconds of your attention before you take the sentence as the whole answer.

What "we do not sell" usually means

Most policies that make this promise define "sell" narrowly: exchanging personal information for money. If a company never takes a check from a data buyer, the sentence is true under that definition, full stop.

That narrow definition leaves room for a lot of activity the sentence does not cover. A policy can say "we do not sell personal information" in one paragraph and, a few paragraphs later, describe sharing information with "partners" for advertising measurement, product improvement, or operating the service. Neither statement is false. They are answering different questions.

Here is a pattern you will see across privacy policies, composite phrasing rather than a quote from any one vendor: "we do not sell personal information," paired elsewhere with "we share information with service providers and partners who help us operate and improve the service." Read together, the first sentence rules out a cash transaction. The second describes something else entirely, an exchange of student data for a service the company receives in return.

Whether that second kind of exchange counts as a "sale" is not settled by the vendor's own definition alone. Some state privacy laws define "sale" broadly enough to include exchanges of value that are not cash, so a transfer of data for a service or a benefit can fall inside a legal definition of "sale" even when a company's own policy would not call it one.

This is not a state-by-state survey, and it is not a claim about which law applies to which vendor. It is a reason the word "sell" cannot be read as self-evident. Two documents can use the same word and mean different things by it, and a family or a consultant reading the policy has no way to tell which meaning is in play without asking.

What to ask instead of accepting the sentence

Three questions get past the word to the practice underneath it.

How does the policy define "sell"? Ask for the definition in plain terms, not a page reference. If the answer is "an exchange of money," ask whether that is the only kind of exchange that happens.

Who are the categories of recipients the data goes to, and why? "Partners" and "service providers" are broad labels. Ask what kind of company sits in each category and what they receive from the vendor in return for whatever they provide.

Does sharing survive account deletion? A "we do not sell" promise made today does not tell you what happens to a record that has already been shared with a partner, or what a policy update six months from now might permit. Ask specifically whether deleting an account stops future sharing and what happens to copies already sent out.

None of these questions accuses anyone of hiding something. They ask a vendor to say in plain language what its own policy already implies but rarely states outright.

The word "sell" has more than one definition The sentence "We never sell your data" is shown with a magnifying glass held over the word "sell." Two branches lead out from the magnified word: one labeled "for money, their definition," marked as excluded and covered by the promise, and one labeled "for anything of value, some laws' definition," marked as unaddressed and not covered by the promise. One word, two definitions "We never sell your data" for money (their definition) excluded, covered for anything of value (some laws' definition) unaddressed the promise answers the left branch and is silent on the right

The practical takeaway

"We never sell your data" is a true statement about a narrow, specific transaction: trading data for cash. It is not, by itself, a statement about whether data moves to partners, advertisers, or service providers in exchange for something other than money, and it is not a statement about whether that kind of exchange might meet a broader legal definition of "sale" somewhere.

Before you treat the sentence as a full answer, ask how "sell" is defined in the policy you are reading, who the recipient categories actually are, and whether sharing stops when an account is deleted. The checklist walks through these and the related questions in order. Two related reads: how free platforms make money from student data when they are not charging a subscription, and what a policy's use of "de-identified" actually means for the data that remains after a name is removed.


Bring this to your next vendor demo: the full checklist.