Rumors that retail giant Walmart was tracking in-store customer activity even if the patron paid for a product with cash — and without using anything to overtly link back to the patron’s account — circulated online in December 2025.
Users on social media platforms like Instagram (archived), Reddit and YouTube posted the rumor throughout the 2025 holiday shopping season, with some offering proposed explanations for the purported claim, like facial recognition technology and the collection of other biometric data.
The claims appeared to originate with a user on TikTok who posted a video (archived) on Nov. 30, 2025, claiming he received an email from Walmart to review a product he paid for in store with cash. The user stated he did not use the Walmart app or even have his phone on him at the time of purchase, raising concerns about Walmart’s data-collection policies.
A spokesperson for Walmart told Snopes via telephone:
We are always working toward a more meaningful and personalized shopping experience for our customers. Today, the most likely explanation for an email following a cash transaction is that the customer was prompted at checkout to enter their phone number and opt in to link the transaction to a Walmart account that shared that phone number.
Snopes reached out to the user who posted the TikTok video that spread the claim to ask if he indeed entered his phone number at checkout. We will update this article if we hear back.
Snopes tried replicating the scenario by making a purchase in a Walmart store at self-checkout, in cash, without entering any information such as a phone number. As of this writing, we had not received a follow-up email asking us to review the product.
Though the company stated there was a probable explanation for the TikTok user’s experience and our own test yielded no results, based on Walmart’s privacy policy on data collection, we could not definitively rule out other possible explanations. Therefore, we have left this claim unrated.
Walmart’s official privacy policy listed on its website stated the company reserved the right to collect all kinds of information from its customers, which would include the type of information needed to track purchases, such as “purchase and transaction history information,” “login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information,” “background checks and criminal convictions” and “inferences drawn from and related to shopping patterns and behaviors, intelligence, and aptitudes.”
The policy did not state anything about tracking cash purchases versus other payment methods, but did specifically reference biometric data, a concern for some users sharing the claim.
Such data would include “voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints,” according to the company.
The company claimed that “not all categories of personal information will be collected or received about every individual.”
The full section of Walmart’s privacy policy outlining data that could be collected included the following:
Basic Personal Identifiers, such as name, telephone number, physical address, email address, government-issued identifiers (e.g., national identification numbers, driver’s license numbers), and signatures.
Device and Online Identifiers, such as account login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information.
Internet and Other Network Activity Information, such as information about your browsing or search activity as well as your interactions with our websites, mobile applications, emails, or advertisements (for example keystroke patterns which help us determine if it is you or a bot who is interacting with us).
Commercial Information, such as purchase and transaction history information (products or services you have purchased, rented, or returned), details about products associated with services you receive from or through us (e.g., car make, model, year, odometer reading, and Vehicle Identification Number when you visit our Auto Care Center), product reviews, travel and vacation information, and sweepstakes and contest entries.
Communications, such as the content of emails, text messages, interactions with our bot (AI assistant chatbots), or other communications, call logs, and calendar information, where Walmart is a party to the exchange.
Demographic Information, such as age, gender, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information, family health, number of children, number of cars owned, and software or virtual assets owned.
Financial Information, such as credit or debit card numbers, and financial account numbers.
Biometric Information, such as voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints.
Geolocation, such as data about the location of your device, which may be imprecise (i.e., inferred from your device’s IP address). If you provide your consent, this data may be precise. For more information about precise geolocation, see the How Do We Collect Personal Information? > Collected Through Automated Means section below.
Sensory Information, such as audio, visual information, and other sensory information such as photographs and audio and video recordings.
Background Information, such as background checks and criminal convictions.
Inferences, such as individual preferences and characteristics. This may include inferences drawn from and related to shopping patterns and behaviors, intelligence, and aptitudes.
On Sept. 8, 2022, a class action lawsuit was filed against the company in Illionis, citing claims Walmart violated Illinois’ Biometric Information Privacy Act. The plaintiff voluntarily dismissed the suit on Oct. 28, 2022.
The Walmart spokesperson contacted by Snopes also pointed out their company is not the only major retailer to collect this type of data.
A 2012 New York Times article about data collection at retailers focused on Target, which was discovered to have sent “advertisements for maternity clothing, nursery furniture and pictures of smiling infants” to a teenage girl who turned out to be pregnant, much to the surprise of her family.
The article said that “the desire to collect information on customers is not new for Target or any other large retailer” and stated:
For decades, Target has collected vast amounts of data on every person who regularly walks into one of its stores. Whenever possible, Target assigns each shopper a unique code — known internally as the Guest ID number — that keeps tabs on everything they buy. “If you use a credit card or a coupon, or fill out a survey, or mail in a refund, or call the customer help line, or open an e-mail we’ve sent you or visit our Web site, we’ll record it and link it to your Guest ID,” [Target statistician Andrew] Pole said. “We want to know everything we can.”
