Connected intimate devices are crossing an invisible threshold. The global sex toy market is expected to hit $80 billion by 2030—a scale that transforms a niche category into mainstream consumer electronics. And that scale brings an uncomfortable truth: these devices are collecting sexual behavior data, usage patterns, location information, and IP addresses with the same casual approach most IoT manufacturers apply to refrigerators and doorbells. Wired's investigation reveals the moment when consumer privacy concerns collide with mainstream adoption.

There's a specific moment when a product category stops being fringe and starts being infrastructure. Connected vibrators are hitting that moment right now. When Wired's Chloé Valentine downloaded multiple sex toy apps to examine their data practices, she was documenting something bigger than consumer education. She was documenting the infrastructure moment—the point when mainstream adoption demands mainstream privacy accountability.

The numbers mark the inflection. A $80 billion projected market by 2030 isn't niche anymore. That's mainstream consumer electronics scale. And when intimate devices reach mainstream scale, the data collection practices that were previously invisible become suddenly very visible. Sexual behavior data. Usage frequency. Intensity settings. Partner connections. Location data. IP addresses. All of it flowing through apps with privacy policies most users skip past at install.

What makes this inflection valuable for technology observers isn't the category itself. It's what the category reveals about how IoT device makers approach consumer data at scale. These manufacturers have adopted the same data playbook used across consumer electronics for a decade: collect everything, monetize where possible, disclose minimally. The difference is that sexual behavior data hits differently than thermostat usage patterns when it gets sold to data brokers.

According to privacy experts quoted in the investigation, companies selling intimate device data to data brokers create second revenue streams. "Brokers can sell the data to anyone who wants it and can afford to pay for it," according to Comparitech's research. That includes government agencies, private investigators, and advertisers. The data gets matched with other sources, packaged by device ID or email address, and sold for behavioral targeting. The infrastructure already exists. The only question is whether regulators will care enough to intervene.

The precedent exists. California's Consumer Privacy Act requires disclosure when personal data is sold and gives consumers opt-out rights. But enforcement and awareness lag. Lelo's vague response when pressed on data storage—"we retain personal data only for as long as necessary"—shows how companies exploit policy ambiguity even in regulated states. Deleting the app doesn't delete server-side data. Want your data gone? Contact customer service via phone number in privacy policy. That's not a consumer-friendly mechanism. That's friction designed to maintain data possession.

Contrast that with Satisfyer's approach: explicit opt-out of data collection before app launch, readable privacy policy using plain language, automatic log deletion every 60 days. Svakom's current app lets users operate as guests without registration, with explicit policy stating no data collection from unregistered users. These aren't technically complex solutions. They're design choices. Companies that prioritize user privacy make it easy. Companies that don't, don't.

The real inflection point isn't whether these devices are collecting data. It's the moment when mainstream consumer awareness of that collection collides with regulatory frameworks designed for broader data protection. The CCPA was written for a different era. Its intimate-data-specific application is still being litigated. State privacy laws proliferate without coordination. Federal baseline legislation remains stalled. Meanwhile, the $80 billion market grows toward inevitable regulatory collision.

When a product category reaches mainstream scale, three things happen in sequence. First, adoption accelerates beyond early adopters who tolerate privacy tradeoffs. Second, consumer awareness of data practices spreads—usually through incidents or investigation. Third, regulatory attention follows consumer concern. We're at stage two. Wired's how-to-protect-yourself guide signals the moment when mainstream consumers are asking the right questions. Stage three won't be far behind.

For IoT manufacturers broadly, this matters because the intimate devices category is ahead of the adoption curve—the privacy reckoning will hit this segment first, then generalize to connected health devices, smart home systems, and wearables following similar patterns. Companies like Svakom and Satisfyer that have already built privacy-first practices are positioning themselves for a market where privacy compliance becomes mandatory baseline, not differentiator.

For investors and acquirers in the IoT space, the timing is now. Privacy frameworks that seem optional today become regulatory requirement within 18-24 months of mainstream market reach. Companies that have baked privacy into product architecture from day one have structural cost advantages when compliance becomes mandatory. This is the pattern we've seen with enterprise SaaS, cloud infrastructure, and mobile apps—privacy leaders become scale leaders because they don't have to retrofit compliance later.

The most revealing detail in Valentine's investigation might be the smallest one: when she downloaded Lelo's app in August 2024 and clicked on sex advice articles, everything was stored in app history with no user option to clear it. Lelo still hasn't changed this design six months later. That's not technical limitation. That's choice. It's the choice that exists only before regulatory enforcement makes choice irrelevant.

Connected intimate devices reaching $80 billion market scale represents the moment when a consumer electronics category transitions from niche privacy-ignorant phase to mainstream privacy-accountable phase. For builders: this is the window to establish privacy-first design as competitive moat before compliance becomes mandatory. For investors: privacy infrastructure and practices matter more at scale inflection than feature sets. For decision-makers at device manufacturers: companies like Satisfyer demonstrate that transparent data practices increase trust faster than they decrease features. For professionals in IoT security: the regulatory reckoning is 12-18 months away based on mainstream adoption patterns. Watch for the first major state-level enforcement action against intimate device data sales—that moment marks the inflection from voluntary to mandatory privacy standards across consumer IoT.