随著更多小装置需要配套 App 控制，情趣玩具也加入「App 连线」潮流；研究显示全球情趣玩具市场持续稳定成长，预计到 2030 年将突破 800 亿美元。这也让隐私风险更具体：这类 App 可能收集高度敏感的使用资料，例如使用频率、强度设定、使用方式、远距伴侣连线资讯，以及位置与 IP 位址等，并可能用于产品改良或行销投放。

一旦企业选择出售顾客资料，资料可能被资料经纪商收购、再打包并转售给广告商，甚至其他付得起钱的买家；每位使用者的资料通常会与电子邮件、装置 ID、IP、追踪 cookie 等识别码绑定，使资料在多方之间流转。能否被通知或选择退出，取决于所在地法律差异；例如加州《消费者隐私法》(CCPA) 要求揭露是否出售个资，并提供加州居民退出权。

案例显示风险也可能来自设计与留存策略：Svakom 在 2015 年曾贩售带摄影机并需 Wi‑Fi 的 Siime Eye，其预设 Wi‑Fi 密码为「88888888」，若不更改便可能被近距离旁观；该型号后已停产。部分 App 提供「访客」模式并宣称不收集未注册者资料，Satisfyer Connect 甚至可先选择退出搜集，且表示日志每 60 天删除；相对地，作者自 2024 年 8 月下载 Lelo App 后，点击纪录持续被保存且难以自行清除，删 App 也不等于删伺服器资料，需另行申请删除。

As more gadgets require companion apps, sex toys are increasingly app-connected; the global sex toy market is described as steadily growing and expected to top $80 billion by 2030. That shift raises concrete privacy stakes: these apps may collect highly sensitive usage data—frequency, intensity settings, how a toy is used, long-distance partner connections—plus location and IP addresses, often framed as product improvement or targeted marketing.

If a company sells customer data, it can be bought by data brokers, matched with other sources, and resold to advertisers or other paying parties; user records are commonly tied to identifiers like an email address, device ID, IP address, or tracking cookie, meaning the data can pass through multiple hands. Whether you’re notified or can opt out depends on where you live; for example, California’s CCPA requires disclosure of data sales and provides Californians an opt-out right.

Examples highlight both security and retention risks: in 2015, Svakom sold the Wi‑Fi camera-tipped Siime Eye with a default password “88888888,” leaving unchanged devices vulnerable to nearby snooping; the model is now discontinued. Some apps offer guest use and claim no collection for unregistered users, and Satisfyer Connect allows opting out up front and says it deletes logs every 60 days; by contrast, activity inside the Lelo app remained stored since August 2024, couldn’t be easily cleared, and deleting the app didn’t delete server-side data without a separate request.