Amazon’s Ring smart doorbell surveillance product has been caught sending user data to Facebook and other companies without making Ring users aware their data was being shared. That’s according to an investigation from the Electronic Frontier Foundation (EFF). What’s even more alarming is Ring users are having their data sent to Facebook even if they themselves don’t have Facebook accounts.

The EFF examined Ring’s latest Android app and found that it had four unlisted trackers sending Ring user data back to four websites including branch.io, mixpanel.com, appsflyer.com, and facebook.com. This is despite Ring’s privacy policy, which purports to list all the trackers being used in its software. That privacy policy was last updated over a year and a half ago and doesn’t list three of the four new trackers discovered.

So what data is Ring sending to Facebook and other companies? The EFF says the information includes “the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.” As the EFF explains:

The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it. All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done.

After the EFF published their report, a Ring spokesperson told Gizmodo, “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing.”

Ring, of course, is used to privacy scandals. But sending user data to Facebook without a Ring user’s knowledge might be too much for some Ring users, who, by nature of the product they use, are concerned about their security. As the EFF points out, “Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system.”