EvilCorporations.com
■
Corporate Accountability Project
■
Healthcare Privacy
Class Action Filed January 2026
Gameday Men’s Health Secretly Sold Patients’ Sexual and Medical Data to Google, TikTok, and Zeta
While promising “your information is secure,” the 400-location men’s health franchise embedded invisible tracking pixels that broadcast patients’ erectile dysfunction and testosterone treatment details to ad giants in real time.
⚠ CRITICAL SEVERITY | Protected Health Information Compromised | Nationwide + California Subclass
TL;DR
Gameday Men’s Health, a franchise chain with over 400 locations across the United States, secretly embedded tracking code from Google, TikTok, and Zeta Global into its appointment-booking website. Every time a patient booked care for conditions like erectile dysfunction, low testosterone, or weight loss, that intimate health information was transmitted in real time to three of the world’s largest advertising platforms without the patient’s knowledge or consent. Gameday did this for profit. It sold the privacy of the most vulnerable moments in its patients’ health journeys to fuel targeted advertising campaigns. A federal class action, filed in January 2026 in the Northern District of California, accuses Gameday of violating the Electronic Communications Privacy Act, the California Invasion of Privacy Act, and the California Constitution.
Your medical data is not a marketing asset. Demand that healthcare providers face real consequences for treating patient privacy as a commodity.
By the Numbers
400+
Gameday Locations Nationwide
70
California Locations Implicated
3
Ad Giants Receiving Patient Data
900M+
Emails in Zeta’s Identity Graph
$5,000
Per-Violation Penalty Under CIPA
99.24%
Browser Fingerprint ID Accuracy
Core Allegations
What Gameday Did
Core allegations from the complaint
| 01 | Gameday deliberately embedded tracking code from Google, TikTok, and Zeta Global into its patient-facing appointment booking website, creating what the complaint calls a “software-based wiretap” installed on every patient’s device the moment they visited the site. | High |
| 02 | When patients booked appointments for erectile dysfunction, low testosterone, peptide therapy, or weight loss, the tracking pixels transmitted the specific health condition, appointment location, patient name, email address, and phone number to all three ad platforms in real time without patient consent. | High |
| 03 | While the booking page displayed the message “Your information is secure,” Gameday was simultaneously broadcasting that information to Google’s DoubleClick ad network, TikTok’s Pixel, and Zeta’s marketing platform. | High |
| 04 | Gameday contractually granted Zeta Global “a non-exclusive worldwide license to use the [Customer] Data for its own business and marketing purposes,” meaning patient health data was not just shared but formally licensed to a data broker with over 240 million consumer profiles. | High |
| 05 | The tracking technologies captured both the identity of patients (via IP address, User-ID, hashed email, hashed phone number, and browser fingerprint) and the content of their communications (which health conditions they were seeking treatment for). | High |
| 06 | The plaintiff began receiving targeted advertisements for men’s health products after booking appointments, demonstrating that the data collected was actively used for commercial ad targeting. | Med |
Profit Over Patient Privacy
How Gameday monetized patient vulnerability
| 01 | Gameday installed the tracking technologies not as an accident or technical oversight but as a deliberate commercial strategy: the complaint alleges Defendant “engages in this deceptive conduct for its own profit at the expense of its patients’ privacy.” | High |
| 02 | Men seeking help for erectile dysfunction, low testosterone, and related conditions face significant social stigma. Gameday exploited precisely this vulnerability, knowing patients would be unlikely to discover or challenge the data sharing. | High |
| 03 | Google, whose advertising revenue topped $209.5 billion in 2021, benefits directly from receiving detailed patient health profiles, enabling it to target users who have disclosed sensitive medical conditions to a healthcare provider. | Med |
| 04 | The data sharing continued regardless of whether a patient had a TikTok or Google account, meaning even users who never signed up for those platforms had their health information ingested into advertising databases. | Med |
| 05 | The complaint states plainly that patients “would not have made an appointment on the Website if he knew Defendant was sharing his PHI with unknown third parties,” confirming Gameday’s business model depended on patient ignorance. | High |
Health Privacy Violations
Laws broken, rights violated
| 01 | California’s Confidentiality of Medical Information Act (CMIA) explicitly prohibits healthcare providers from disclosing patient medical information without authorization. Gameday disclosed this information to three separate commercial entities without any patient authorization. | High |
| 02 | The California Privacy Rights Act designates information about sexual health, hormone levels, and reproductive status as “sensitive personal information” requiring elevated protection. Testosterone levels, erectile dysfunction diagnoses, and related data fall squarely within this category. | High |
| 03 | The Federal Wiretap Act (ECPA) prohibits the real-time interception of electronic communications. Gameday’s tracking pixels captured and transmitted patient communications the instant they were entered into the booking form, constituting interception “in transit.” | High |
| 04 | Gameday’s “hashing” of certain patient data (converting emails and phone numbers to coded values before transmission) did not anonymize the information. The FTC has explicitly stated that hashing is not anonymization because hashed values can be matched back to specific individuals. | Med |
| 05 | Google’s browser fingerprinting technology, enabled on Gameday’s site, can identify 99.24 percent of all users. Unlike cookies, users cannot clear or block their fingerprint, making Gameday’s data leakage permanent and irrevocable for virtually every patient. | High |
Corporate Accountability Failures
No disclosure, no consent, no accountability
| 01 | To date, Gameday has never publicly acknowledged, disclosed, or notified patients that their protected health information was shared with Google, TikTok, or Zeta. Patients had no way to discover this on their own. | High |
| 02 | The tracking technologies are entirely invisible to website visitors. No visual indicator, cookie banner, or privacy notice informed patients that their appointment details were being transmitted to three commercial advertising platforms. | High |
| 03 | Gameday actively concealed its conduct, giving rise to tolling of statutes of limitations. The complaint argues Defendant had “exclusive knowledge” of the tracking and “failed to disclose” it, preventing patients from learning they had been harmed. | Med |
| 04 | No patient signed a consent form authorizing the disclosure of their health data to Google, TikTok, or Zeta. The complaint makes clear that obtaining such consent was never part of Gameday’s process. | High |
Timeline of Events
2005–2020
Google Analytics and its evolving tracking capabilities are deployed across millions of websites. Google eventually earns over 80% of its revenue from advertising products reliant on this data pipeline.
2020
California passes the California Privacy Rights Act, expanding protections for sexual health and medical data. Gameday becomes legally obligated to protect patient information about testosterone levels, erectile dysfunction, and related conditions.
2024
Zeta Global acquires LiveIntent, adding a database of over 900 million active emails tied to 25 billion identifiers to its consumer profiling infrastructure. Gameday’s contract with Zeta grants it a license to use patient data for Zeta’s own commercial purposes.
Jan. 2025
The plaintiff books multiple appointments through Gameday’s website for low testosterone treatment at the Downtown San Francisco location. His health data, name, email, and phone number are transmitted to Google, TikTok, and Zeta with each booking.
Early 2025
The plaintiff begins receiving targeted advertisements for men’s health products, alerting him that his medical appointment data had been used for commercial ad targeting.
Jan. 15, 2026
Class action complaint filed in the U.S. District Court, Northern District of California (Case No. 3:26-cv-00433) by Bursor and Fisher, P.A. on behalf of all patients who used Gameday’s website to book appointments.
Direct Quotes from the Complaint
Quote 1
Gameday’s broken promise to patients
Core Allegations
“Defendant chose to do so despite representing to patients that ‘your information is secure.'”
💡 The complaint cites Gameday’s own website message as direct evidence of fraudulent misrepresentation. While patients read this assurance, tracking pixels were silently broadcasting their health data.
Quote 2
A healthcare provider acting as a wiretapper
Core Allegations
“Defendant is essentially handing its customers a tapped website and, once a webpage is loaded into the customer’s browser, the software-based wiretaps are quietly waiting for private communications on the webpage to trigger the Tracking Technologies.”
💡 This passage from the complaint establishes intentionality. Gameday did not accidentally leak data. It architected a system designed to intercept patient communications from the moment of page load.
Quote 3
Zeta’s contract terms reveal the scope of data misuse
Profit Over People
“Defendant entered a contract with Zeta granting the data broker ‘a non-exclusive worldwide license to use the [Customer] Data for its own business and marketing purposes.'”
💡 Gameday did not just share patient data. It formally licensed it to a data broker. This is the language of a commercial transaction, not a healthcare company protecting its patients.
Quote 4
Why this harm is uniquely serious
Health Privacy Violations
“Social stigmas, the societal pressure and negative stereotypes that discourage men from seeking medical advice, significantly impact health behaviors, often deterring individuals from seeking timely medical help.”
💡 Men with erectile dysfunction or low testosterone already face enormous barriers to seeking care. Gameday weaponized those vulnerabilities, creating a system where trusting a healthcare provider with your most private health concerns became a liability.
Quote 5
Hashing is not anonymization
Health Privacy Violations
“Companies should not act or claim as if hashing personal information renders it anonymized. FTC staff will remain vigilant to ensure companies are following the law and take action when the privacy claims they make are deceptive.” (FTC, July 2024)
💡 Gameday likely argued that transmitting “hashed” emails and phone numbers protected patient identity. The FTC has explicitly rejected this defense. Hashed data remains identifiable and harmful.
Quote 6
Data transmitted included the specific health condition
Core Allegations
“When a patient books a consultation for low testosterone, Google, through its various tracking technologies, receives the appointment location and reason, in addition to the patient’s encoded email.”
💡 This is the most damning factual allegation in the complaint. The medical condition itself, not just vague browsing behavior, was transmitted to Google. The complaint includes a screenshot of the actual data packet proving it.
Quote 7
TikTok receives intimate health appointment details
Core Allegations
“TikTok receives the patient’s hashed phone number, hashed email, location of the appointment, and reason for booking (e.g. low testosterone).”
💡 TikTok, a platform primarily used for entertainment, received patients’ diagnoses and appointment locations. This data was transmitted to be used in TikTok’s ad-targeting infrastructure for commercial gain.
Quote 8
Patients would have gone elsewhere if they had known
Accountability Failures
“If patients knew Defendant was sharing their personal information for targeted advertising purposes, they would seek treatment with another company.”
💡 This confirms that Gameday’s data practices could only exist through deception. The business model required that patients never find out.
Commentary
What exactly did Gameday share, and with whom?
According to the complaint, Gameday’s booking website transmitted patient names, email addresses, phone numbers, IP addresses, and the specific reason for each appointment (including erectile dysfunction, low testosterone, peptide therapy, and weight loss) to three companies: Google, TikTok, and Zeta Global. This was not vague browsing data. It was individually identifiable health information paired with the exact medical condition being treated.
Is this lawsuit credible and does it have legal standing?
The lawsuit is filed by Bursor and Fisher, P.A., one of the leading consumer privacy litigation firms in the United States. The complaint is detailed and supported by screenshots of actual data packets showing the transmitted health data. It invokes both federal law (the Electronic Communications Privacy Act) and California state law (CIPA, CMIA, CPRA, and the California Constitution). The legal theories are well-established and have succeeded in similar healthcare pixel cases. This is a serious, evidence-based lawsuit.
Why is this especially harmful for men seeking health care?
Men already face severe social stigma when seeking help for sexual health conditions. Research cited in the complaint confirms that fear of exposure actively deters men from seeking timely medical care. Gameday’s conduct makes this problem worse: if men discover that booking a private appointment for erectile dysfunction means that information will be transmitted to TikTok and used to target them with advertisements, many will simply not seek care at all. The real harm extends beyond the patients already affected; it poisons the well of trust that makes healthcare possible.
Didn’t Gameday just use the same tracking tools as every other website?
No. Healthcare providers operate under a fundamentally different legal and ethical standard than retail websites. The California Confidentiality of Medical Information Act and the federal Electronic Communications Privacy Act impose specific obligations on healthcare entities that do not apply to ordinary commercial websites. A clothing retailer using Google Analytics is not the same as a healthcare provider transmitting patients’ sexual health diagnoses to advertising platforms. Gameday is a healthcare company. It knew it, represented itself as one, and benefited from the trust that designation creates. That trust was the core of its business, and it chose to betray it for ad revenue.
What is Zeta Global and why does its involvement matter?
Zeta Global is a data broker and marketing platform. Following its 2024 acquisition of LiveIntent, Zeta holds a database of over 900 million active email addresses tied to 25 billion identifiers and over 100 million home IP addresses. This is not a small analytics vendor. It is one of the most powerful consumer surveillance companies in the world. Gameday did not just share data with Zeta. It contractually licensed that data to Zeta for Zeta’s own commercial use. Patient health information from Gameday’s booking site flowed directly into a global data broker’s targeting infrastructure.
What can I do to prevent this from happening again?
If you booked an appointment on Gameday’s website, contact the law firm Bursor and Fisher (bursor.com) to learn about joining the class action. File a complaint with the California Attorney General’s Office and the FTC if you are a California resident. Contact your federal and state representatives to demand stronger enforcement of healthcare privacy laws, including extending HIPAA to cover all healthcare-adjacent digital services. When booking healthcare appointments online with any provider, use a private browsing session, a VPN, and a browser that blocks third-party trackers. Ask your healthcare provider directly whether it shares booking data with advertisers. Demand a privacy policy that explicitly prohibits this practice before providing any information.
What is this case part of a broader pattern of?
This lawsuit is part of an accelerating wave of healthcare pixel litigation. Hospitals, telehealth platforms, therapy apps, and specialty clinics across the country have faced similar suits for deploying Google Analytics, Meta Pixel, and TikTok Pixel on patient-facing websites. The pattern is clear: healthcare companies routinely treat standard advertising tools as harmless, failing to recognize or choosing to ignore that the same tools that are benign on a retail site are illegal on a medical booking page. The scale of this problem is enormous, and enforcement has lagged far behind the harm.
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
