Beauty Subscription Service Birchbox Doesn't Seem to Give a Shit About Your Privacy [Updated]

Photo: Getty
Photo: Getty

A monthly box of personalized beauty products may sound like a nice gift if you don’t have time to shop or if you suffer from decision fatigue, but opting in to receive a box of sample-sized junk shouldn’t come with the risk of getting doxed.


A Consumerist report revealed that when you get someone a Birchbox gift card or subscription, the company will share the recipient’s mailing address with you. In the event that you don’t have the address of the person you are sending a gift to, you can just put the recipient’s email address in. Birchbox will then prompt the recipient to provide their address. Once the gift is shipped, the company will send you the giftee’s address and tracking information.

When Consumerist asked Birchbox if there was a way for customers to withhold their mailing address from senders, the company reportedly responded with “not at this time.” We have reached out to Birchbox for comment.


Sharing your address without your permission is a gross invasion of privacy, and not affording someone the ability to opt out of it is a disregard for consumer security. If someone with malicious intent wanted to trick you into voluntarily handing over your mailing address, all they would need is an internet connection, your email, and $30—the price of a Birchbox gift subscription.

Update 12:28pm: Birchbox told us in a statement that it takes the privacy of its customers “very seriously” and that sending recipient’s mailing address “was an oversight.”

“We have taken immediate action to ensure that gift recipients’ addresses and box tracking information are no longer shared with the gift giver,” a Birchbox spokesperson said.


Share This Story

Get our newsletter



Doxing? Really?

Doxing is when someone deliberately puts your physical address in public view with the intent that it will reduce your security, privacy, and bring you harm. That simply isn’t what happened here.

It was unintentional, and it was only shared with the person giving the gift. Like you said, it could easily give someone the ability to dox you, but the word you were looking for is “negligence”. Something that is becoming all too common with regards to customer information.