Articles / Data
Data

The Line You Don't Cross: Data Ethics for Toll Operators

Never use subscriber data in a way a reasonable subscriber would not expect if they could see your dashboard. That is the line operators hold.

June 10, 2026 · 6 min read

A few months into running my second toll position, a merchant reached out directly. “I see you’re sending a lot of high-quality traffic our way,” they said. “We’d love to get the email list of buyers who didn’t complete checkout. We’ll pay $2 per contact.”

Four thousand contacts. Eight grand. For a spreadsheet export that would take me ninety seconds.

I said no. Didn’t even think about it.

But here’s why I’m telling you this: I could have. The data was mine. The contacts opted into my infrastructure. Legally, depending on the privacy policy, it might have been defensible. And the merchant would have sent relevant follow-ups — probably. Maybe.

That moment is when I understood the line. Not as an abstract principle. As a specific temptation with a specific dollar amount that arrives in your inbox one random Tuesday.

An operator stands calmly on one side of a line painted on the office floor while a rumpled figure on the other side counts cash next to a shredder full of trust

At five partners, you have a behavioral map of thousands of people that no individual creator, no individual merchant, and no advertising platform can replicate. The cross-network intelligence is the structural advantage of the entire model.

That advantage creates a responsibility. And the responsibility has a line.

The line

The line is simple to state and occasionally hard to follow:

Never use subscriber data in a way the subscriber wouldn’t expect if they could see your dashboard.

Not “wouldn’t approve of” — people approve of things they never would have expected. And not “wouldn’t want” — people often don’t know what they want until they see it. The standard is wouldn’t expect. Would a reasonable person who joined your list by entering their email on a landing page expect you to do this with their data?

Sending them a product recommendation based on their demonstrated interest? Yes. Expected. That’s the implicit deal — they gave you their email in exchange for curated recommendations.

Selling their email address to a third party? No. Not expected. Even if it’s technically legal in some jurisdictions. Even if the privacy policy allows it. Even if the buyer would send them relevant content. The subscriber didn’t sign up for that.

Sharing their individual behavioral data with a merchant? No. The subscriber expected you to recommend products. They didn’t expect you to tell the merchant “subscriber #4,712 clicked on three product pages but didn’t buy — here’s their email so you can follow up directly.”

Using aggregate, anonymized data to improve product placement? Yes. “37% of subscribers who buy Product A also buy Product B within 60 days” is intelligence that helps everyone — better recommendations for subscribers, better revenue for you, better understanding for merchants. No individual is identified. The insight benefits the entire system.

Why the line matters commercially

This isn’t just ethics. It’s economics.

The trust that subscribers place in your curation is the core asset of the toll position model. That trust is why they open your emails. It’s why they click your links. It’s why they buy through your recommendations instead of searching Google.

Trust is earned slowly and destroyed instantly. One data breach, one “how did they get my email?” complaint from a subscriber, one merchant who starts sending unsolicited emails to people in your list — and the trust that took months to build evaporates.

The damage isn’t theoretical. I’ve watched an operator share subscriber email addresses with a merchant as a “bonus” to negotiate a higher commission rate. The merchant loaded those emails into a cold outreach campaign. Subscribers started receiving emails they never signed up for, from a company they’d never heard of, and traced it back to the operator’s list.

The unsubscribe spike was 12% in a single week. But the lasting damage was worse: the subscribers who didn’t unsubscribe stopped engaging. Open rates dropped 15 percentage points over the following month. Click rates fell by half. The operator’s entire portfolio — not just the affected list, but all of their lists — underperformed for months because the behavioral data was contaminated with disengaged subscribers.

The commission bonus from the data share: $2,400. The estimated revenue lost from degraded list performance: $18,000+ over six months.

The specific lines

Here’s where the general principle meets specific decisions:

You CAN:

  • Use behavioral data to personalize recommendations (this is the core value proposition)
  • Segment subscribers by interest and behavior for targeted offers
  • Share aggregate, anonymized data with partners (“your audience converts at X% on products in Y category”)
  • Report performance metrics to creators (capture rates, revenue generated, sequence performance)
  • Use cross-network patterns to identify product placement opportunities
  • Analyze purchasing behavior to select better products for your inventory
  • Build predictive models for subscriber lifetime value

You CAN’T (or rather, shouldn’t):

  • Sell, rent, or share individual subscriber email addresses with anyone
  • Allow merchants to contact subscribers directly through your list
  • Share individual-level behavioral data with merchants (“this person almost bought”)
  • Retain data from subscribers who’ve unsubscribed
  • Use data collected under one creator’s brand to promote a competing creator’s products without clear consent
  • Scrape or supplement subscriber data with data from external sources they didn’t consent to
  • Deploy tracking mechanisms that exceed what was disclosed at the point of capture

That last one deserves emphasis. If your landing page says “enter your email to get our guide to [topic],” the implicit consent covers email communication related to that topic. It does not cover attaching a browsing pixel that follows the subscriber across the internet, building a shadow profile of their purchasing behavior on other sites, or linking their email to their social media accounts.

Could you do some of these things technically? Yes. Would the subscriber expect it? No. That’s the line.

Good data ethics isn’t just about what you don’t do. It’s about what you make clear.

Your landing page should communicate three things without legal jargon:

  1. What they’ll receive. Emails with recommendations, tips, and product suggestions related to [topic]. Specific. Not “marketing communications.”
  2. How often. Approximately X times per week. Not “from time to time” — that’s meaningless.
  3. How to stop. One-click unsubscribe in every email. And it works. Immediately.

Your privacy policy (which you need, and which should be linked from the landing page) should cover: what data you collect, how you use it, who you share it with (ideally nobody), and how to request deletion.

These aren’t nice-to-haves. CAN-SPAM, GDPR, and CCPA have legal requirements. But beyond compliance, clear communication builds the trust that makes the entire model work. A subscriber who knows exactly what they signed up for is a subscriber who won’t feel betrayed by what you send them.

The creator’s data obligations

As a toll operator, you often share data access with the creator. The creator has a legitimate interest in seeing how their traffic performs — capture rates, revenue generated, audience demographics.

But the creator’s access should be bounded:

  • Creators see aggregate performance data (how many captures, what revenue, which products convert)
  • Creators do NOT get raw subscriber lists (the list is jointly held, not given away)
  • Creators do NOT get individual behavioral data (which subscribers clicked what)
  • Creators CAN see their own product’s performance (how many sales, what revenue)

This boundary protects subscribers (their individual behavior stays private) and protects you (the intelligence layer — the behavioral data and cross-network patterns — is the asset that makes your operation valuable, and sharing it wholesale undermines your position).

The partnership agreement should specify data access levels. Don’t leave this to an informal understanding. Document what each party sees, what each party can export, and what happens to the data if the partnership ends.

The long game

The operators who will still be running profitable toll positions five years from now are the ones who treat subscriber data like the asset it is — which means protecting it, not exploiting it.

Every time you’re tempted to stretch the data — to share a list, to add tracking you haven’t disclosed, to use behavioral data in a way that would make subscribers uncomfortable — run the test: would they expect this?

If the answer is no, the short-term gain isn’t worth the long-term cost. The compound effect works in both directions. Trust compounds into revenue. Distrust compounds into decay.

The data is yours to use. The line is yours to hold.

Next →
Found Money: Revenue Already Hiding in Your Existing Infrastructure
Data

Want to build your intelligence moat?

This article covered the data dimension. The newsletter delivers measurement frameworks and signal patterns every week.

Unsubscribe in one click. Useful operator material only. Promotions, sponsors, and partner links will be disclosed.

More on Data

Data Apr 18

The Experiment Log: Why the Moat Isn't the Infrastructure
View all articles →