Description-Behavior Mismatch
High
- Confidence
- 97% confidence
- Finding
- The privacy notice says returned comments, bullet chats, activities, private messages, and contacts may contain personal information or sensitive UGC, which expands the apparent data scope far beyond the stated 'public notes and user data' capability. Even if the API is intended to be read-only, documenting handling of private messages or contacts normalizes collection of highly sensitive content and can encourage over-collection or misuse of personal data.
