I used to think my doctor knew the most about my health. After digging into how supermarket loyalty programs work, I realized the truth is more unsettling: the card in my wallet — or the app on my phone — often knows far more about my daily habits and potential health concerns than any single clinician could. And unlike my medical record, that shopping data is routinely shared, bought and sold in ways that are hard to track or undo.

How grocery data becomes a health record

When I swipe a loyalty card or place an order online, I’m not just earning points. I’m building a detailed, time-stamped log of what I buy, when I buy it, how much I spend, and often where I live. Combine that with a payment method, email address or phone number, delivery address, and in-app behavior (what I browse, what coupons I click), and you get a remarkably rich behavioral profile.

Retailers and their marketing partners use that data to draw inferences: someone who buys gluten-free products, for instance, might be flagged as having celiac disease or a gluten sensitivity. Frequent purchases of antacids, nicotine replacement products, prenatal vitamins or incontinence supplies can signal particular medical conditions or life stages. Even combinations of seemingly innocent items — club soda, ginger ale and crackers — can imply an illness.

These inferences matter because they are used for targeted advertising, risk scoring, and even sold to data brokers who aggregate signals from many sources. I can see why insurers, advertisers and pharmaceutical companies would value this: it’s real-time insight into behavior outside the clinic. But it’s also often inaccurate, unregulated, and shared without the explicit, informed consent a patient would expect for medical data.

Why this can be more revealing than your doctor’s notes

Your primary care physician documents visits and test results, but those snapshots don’t capture daily life: what you snack on during late-night shifts, how often you reach for sugar-free gum, whether you bought cold medicine three times in a fortnight. Loyalty data fills those gaps. It can:

  • Reveal patterns: recurring purchases over months reveal chronic conditions or lifestyle habits.
  • Detect life events: buying baby formula and nursery items can flag pregnancy.
  • Predict behavior: abandoned carts, coupon usage and brand switches inform likely future needs.

    • Crucially, that data is structured for marketing and predictive modeling. Companies build algorithms specifically to infer and monetize those patterns. Your doctor is trained to treat disease, not to monetize your grocery habits.

    How retailers and third parties use the data

    Some concrete ways this information is used:

  • Targeted ads for prescription or over-the-counter drugs delivered via social media and email.
  • Pharmaceutical companies buying audience segments that include “likely pregnant” or “likely diabetic” shoppers.
  • Credit or insurance risk modeling that incorporates retail behavior alongside other data points.
  • Promotional pricing and coupons aimed at keeping you loyal — often nudging repeat purchases of specific brands.

    • Major retailers like Tesco, Kroger, Walmart and Carrefour operate sizable data analytics teams and partner with marketing firms. That doesn’t mean all retailers misuse data, but the incentives are clear: more personalization equals higher sales, and health-related signals are extremely valuable.

    What you can do to limit tracking and protect sensitive health signals

    I’ve changed several habits to reduce how much my grocery data reveals about me. Here are practical steps I use and recommend:

  • Skip the loyalty card for sensitive purchases. If you don’t want a purchase associated with your profile, skip scanning your card or use cash for items you consider private.
  • Use separate payment methods. A dedicated prepaid debit card or cash for sensitive buys decouples them from your main identity.
  • Choose guest checkout and avoid creating an account. Many sites offer one-time purchases without an account — use them when possible.
  • Opt out of targeted ads and data-sharing where available. Check account privacy settings and unsubscribe from marketing lists. Retailers sometimes offer “do not share my data” settings.
  • Use a secondary email and phone number for retail accounts. That prevents easy linking across services tied to your primary identity.
  • Delete or minimize loyalty accounts you don’t use. Closing an account reduces future data collection (but remember to request deletion of existing data too).
  • Block trackers and clear cookies. Use browser privacy tools, tracker blockers (like uBlock Origin or Privacy Badger) and delete cookies regularly.
  • Review app permissions. Retail apps often request location or access to contacts — deny unnecessary permissions.
  • Use privacy-forward alternatives. Consider cash or smaller independent grocers that track less. For online shopping, use privacy-first payment tools and wallets that limit merchant access to your details.

    • Know your legal rights

    Your rights depend on where you live. Under the EU’s GDPR, you can request access to personal data, ask for corrections, and demand deletion in some cases. The UK has similar rules. In the US, California’s CCPA gives residents the right to know what companies collect and to opt out of sales of personal information. These laws aren’t perfect, but they give you leverage.

    If you want to take action, I recommend:

  • Requesting a data export from the retailer — see what they hold about your purchases and profile.
  • Submitting a deletion request where legal frameworks apply.
  • Keeping records of opt-outs and communications — companies sometimes ignore or obfuscate requests.

    • What journalists and policymakers should push for

    As a reporter and editor, I want to see clearer rules about what constitutes “sensitive” commercial data. Health-adjacent shopping behavior should be treated with the same protections as medical records. That could mean:

  • Stronger definitions of sensitive inferred data and explicit limits on how it can be sold or targeted.
  • Mandatory, prominent opt-outs for health-related targeting.
  • Transparency obligations so consumers can see the inferences being made about them.

    • Until such rules exist, the burden falls on consumers to protect themselves. It’s imperfect — but small changes, like using cash for sensitive items or avoiding loyalty accounts for certain purchases, can meaningfully reduce the visibility of private health signals.

    Quick comparison: what supermarkets collect vs. what can be inferred

    Direct data collected Health or life-stage inferences
    Email, phone, loyalty ID Linkage to identity and long-term purchase history
    Purchased SKUs, quantities, timestamps Chronic conditions, medication use, dieting or pregnancy signals
    Delivery address, payment method Geolocation patterns, household composition, socio-economic status
    In-app browsing, coupons clicked Interests, intent to buy health products, quitting smoking attempts