Data brokers have quietly become a core input to modern intelligence and analytic stacks. Companies such as Gravy Analytics built product lines that translate raw mobile location pings into audiences and behavioral signals. Large identity providers and marketing platforms, including TransUnion’s TruAudience marketplace, have integrated location-derived audiences from partners like Gravy to improve targeting and identity resolution in commercial contexts.

That commercial pathway is technically straightforward and operationally attractive. Apps and ad exchanges feed location signals into aggregators; aggregators cluster those signals, apply heuristics and infer attributes, and then sell either audiences or enriched identity graph nodes to customers. But attractive does not mean harmless. The Federal Trade Commission publicly challenged and then moved to prohibit certain uses of this chain when it concluded that some brokers were collecting and selling sensitive location-derived information without meaningful consumer consent. In December 2024 the FTC announced action against Gravy Analytics and its subsidiary Venntel alleging unlawful sale of sensitive location data, and the agency finalized an order in January 2025 restricting the sale and use of sensitive location products and requiring deletion and supplier-assessment controls.

Two operational facts from those actions should change how defense organizations think about this data. First, the FTC complaint and reporting show that location-derived products can reveal visits to extremely sensitive categories of sites, from health clinics to places of worship to military installations. Second, the complaint and contemporaneous reporting documented that Venntel sold or provided access to location datasets to multiple government customers and contractors, raising constitutional and operational security questions when such data are used for investigative or targeting purposes without oversight.

Those regulatory and reporting findings materialized alongside an acute operational failure: a January 2025 incident in which Gravy disclosed unauthorized access to cloud storage and researchers and reporters showed samples that included tens of millions of location points. The exposure underscored how fragile the promise of anonymization can be when datasets contain high-resolution spatiotemporal traces. In short, aggregation plus retention equals risk.

What does this mean for defense-focused cyber and operational security? Four clear implications emerge:

  • Personnel and facility safety. Location histories can reveal the routines and residences of service members, contractors, and support staff. That leads to stalking, coercion, or physical compromise risks if such data enter adversarial hands.

  • Reidentification and operational exposure. Even allegedly ‘‘pseudonymized’’ data are often reidentifiable when fused with identity graphs, vendor enrichment, or simple OSINT. Identity providers that combine credit, device, and location signals can re-link individuals to records. Procurement teams should treat fusion products as de facto identity resolution, not inert analytics.

  • Supply chain and governance gaps. Many brokered location products depend on upstream SDKs and ad-tech auctions. That creates weak links: a single misbehaving supplier or an insecure cloud bucket can expose downstream consumers. The FTC orders themselves require supplier assessments and deletion obligations because vendors repeatedly failed at these governance steps.

  • Legal and oversight exposure. Government and contractor use of commercial location products invites constitutional scrutiny when used for domestic surveillance. The documented purchases of Venntel data by federal entities raised questions about whether agencies treated commercially available location feeds as a warrant-free surveillance shortcut.

For cyber defenders, program managers, and procurement officers working in defense contexts, treating location intelligence as both a powerful analytic tool and a high-risk supply is essential. Practical steps to reduce risk include the following:

1) Apply stricter procurement controls for location and identity-enriched products. Require vendors to document data lineage, consent models for upstream suppliers, and independent attestations that sensitive-location filtering is effective and auditable. Contract language should include deletion and notification obligations mirroring FTC requirements.

2) Prefer in-place analytics and clean-room architectures. When third-party enrichment is necessary, insist on clean-room models or provider-hosted enclaves that allow queries without handing over raw linkable identifiers. TransUnion and other major data companies have pushed clean-room integrations in commercial markets; these architectures reduce blunt data transfers when implemented properly.

3) Limit retention and prevent fusion. Architect systems so that high-resolution spatiotemporal data are not retained in long-term identity graphs unless there is a compelling, documented mission need and robust oversight. Where enrichment is required, implement strict minimization processes and require providers to remove or de-sensitize records that indicate visits to protected-site categories.

4) Harden cloud and access controls. The Gravy incident demonstrated that unsecured or improperly configured cloud storage can convert a privacy risk into an operational compromise. Enforce zero-trust access, least privilege on ingestion pipelines, and continuous monitoring of any third-party dataset you host.

5) Require legal review for law enforcement or intelligence use. If a vendor indicates that its product is already consumed by federal investigative bodies, legal teams must evaluate Fourth Amendment, statutory, and policy compliance before reuse or resale. Contracts should explicitly forbid repurposing commercial products for warrantless surveillance without documented legal authorization.

6) Build incident and disclosure playbooks that assume large-scale deanonymization. Prepare to treat any brokered location dataset breach as one that could expose routes, residences, and facility access. That planning includes rapid takedowns, individual notification where required, and operational mitigations for potentially exposed personnel.

Finally, the broader policy takeaway is that market-scale identity and location fusion is now a national security and civil liberties problem as much as it is a privacy problem. Regulatory moves such as the FTC’s enforcement actions show that agencies will impose structural requirements on high-risk brokers. Defense organizations must not outsource their risk calculus to advertising industry norms. Instead, procure with an expectation of both regulatory change and the technical reality that high-resolution location data are inherently identifying when combined. The right posture is pragmatic and anticipatory: use the analytic value of location intelligence, but build governance, technical controls, and legal guardrails before that intelligence is operationalized against people or places you are charged to protect.