Workplace Apps Share Up to 26 Data Types, Gmail Leads the Pack

Context Employees increasingly run work tools on the same smartphones used for banking, messaging, and navigation. A recent Incogni analysis of Google Play listings for ten widely used apps—Gmail, Microsoft Teams, Zoom Workplace, Slack, Notion, Outlook, Google Meet, Trello, Todoist and Workday—reveals extensive data collection across the board.

Key Facts - Each app in the study captures about 19 distinct data points, ranging from approximate location to user identifiers. - Gmail tops the list, gathering 26 different data types, including precise location, app interactions and user IDs for advertising. - Microsoft Teams follows closely with 25 types, and Zoom Workplace records 23, both pulling precise location data.\n- Notion stands out for outbound data flow, sharing eight distinct data types—email addresses, names, user IDs, device IDs and interaction metrics—with advertising partners and other third parties. - Six apps, including Gmail, Slack, Notion, Outlook, Todoist and Zoom Workplace, use collected data for advertising or marketing; Slack, Todoist and Notion also transmit employee email addresses for that purpose. - Workday is the only app that does not offer a user‑initiated data‑deletion option, raising additional privacy concerns. - Most of the apps have documented breach histories; a 2026 leak exposed 48 million Gmail credentials, while Slack, Zoom and Notion have faced prior incidents.

What It Means The data landscape shows that routine productivity tools double as extensive profiling engines. Employers allowing Bring‑Your‑Own‑Device (BYOD) setups may inadvertently expose employee location, contact details and work content to advertising networks and third‑party services. Notion’s extensive sharing amplifies risk for organizations storing sensitive roadmaps or HR notes in the platform. The lack of a deletion mechanism in Workday means personal payroll and employment records could persist indefinitely, even after an employee leaves.

Regulators are tightening rules—EU guidance now demands tighter justification for AI training data—yet the sheer volume of collected points suggests many users remain unaware of the trade‑offs. Companies should audit app permissions, enforce strict data‑retention policies and consider alternatives with stronger privacy controls.

Looking Ahead Watch for comparative studies of iOS privacy disclosures, which could reveal whether Apple’s ecosystem offers a different data‑collection profile for the same apps.