You’ve signed up for a dating site, and it has promised up and down not to sell your data for marketing purposes. One year in, so far so good. Except the site folds, and someone else buys its assets — and those assets include all your personal info. The new owners made no privacy promise, and now your likes, dislikes, and dating history are floating down you-know-what creek without you.

Sound unlikely? Actually, it’s probably the norm.

The New York Times delved deeply into the privacy policies of a number of major web and app companies to see what, if any, protections their customers have in the event the company is sold. As you might guess, it’s not good news for consumers.

The Times looked at the policies for the 100 biggest sites in the U.S., as ranked by Alexa. Of those, 85 (including the New York Times’ own site) included language saying they could transfer their troves of user data if the company changed hands in any way– via merger, acquisition, bankruptcy, asset sale or other transaction.

The list of sites includes all of the major social networks, like Facebook, Twitter, Reddit, and LinkedIn, as well as major telecom companies, tech sites, travel sites, retailers, news sites, and a handful of adult sites.

Of the 100 sites, 17 had policies saying they would alert their customers in some way if their data were transferred to another entity. Only a tiny handful — the NYT mentions Etsy and Weather.com — stated they would give consumers a way of opting out.

We’ve seen the same problem play out in the brick-and-mortar bankruptcy world over the past few months, as Radio Shack has folded. Months of a will-they-won’t-they discussion over auctioning off customer data finally came to an end earlier this month, with a court agreement limiting the use of customer data.

Web businesses, however, essentially are data. They get bought, sold, purchased, and traded in large part based on the value generated by how large a mountain of consumer information they sit upon.

Sometimes, though, there is hope for consumer protection. The NYT points to the sale of Texas-based dating site True.com as an example. In 2013, as part of a bankruptcy proceeding, True tried to sell its database of 43 million members’ personal information to another dating site based in Canada. However, the site’s privacy policy had promised never to sell or share members’ details without their permission, so the Texas attorney general’s office was able to intervene.

“It’s ‘we are never going to sell your data, except if we need to or sell the company,'” Hal F. Morris, assistant attorney general for Texas, told the NYT. “That is the type of information that people were entitled not to have trafficked and sold to the highest bidder. I think it’s an important safety issue for consumers.”

When a Company Is Put Up for Sale, in Many Cases, Your Personal Data Is, Too [New York Times]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.