The next time you walk into a restaurant you could be added to a private database that records not just what time you were craving a burger, but also what you did before and after lunch.

Have you gone to a yoga class recently? Do you visit vegetarian restaurants more frequently than you visit this spot? Do you shop in the area? The radio technology in your smartphone that allows you to connect to Wi-Fi is tattling on you.

Smartphone owners may be familiar with "check-in" apps such as Foursquare, which require active participation of the smartphone user to report their location and other details. But Toronto-based Turnstyle Solutions Inc. uses passive technology to sniff out the radio signals that are constantly broadcast by your phone.

Story continues below advertisement

New details about Turnstyle's operation, which has placed data-recording beacons in about 200 businesses in downtown Toronto (the company has expanded to some cities in the United States and Europe as well), were reported Tuesday in a Wall Street Journal story.

The story tells of a restaurant owner who discovered his customers were frequent gym visitors thanks to Turnstyle's data, after which he tailored a promotion to capitalize on that behaviour.

While most Canadians are aware that their personal data is being collected by telecom providers, phone manufacturers and even some of the apps they use, many don't realize there are other parties accumulating databases of consumer behaviour without their knowledge.

Devon Wright, 26, who launched Turnstyle as CEO in June 2013, is aware of the potential privacy fears, but says the identifying data is encrypted at the point of collection before it is made available to clients. "No one wants to feel tracked or spied upon, that's really not the goal," he says.

Each business client who signs up for the Turnstyle tracker (a device that is smaller than most of the phones it tracks) gets tagged with some details about the type of establishment (for instance, that it's a coffee shop or a bakery, or both). That general data is shared with other Turnstyle clients, but not the specific location. So, according to Mr. Wright, even if a restaurant owner knows you go to the gym, they aren't sure who you are, and they don't know which gym.

In a The Globe and Mail story from August 2013, tech journalist Ivor Tossell offered this description of how Turnstyle works:

"Every smartphone is a chattering, multi-band radio station, constantly sending out inquiring signals to the world around it, even when it's in your pocket. If your phone is Wi-Fi enabled, then it's is constantly on the lookout for networks to join. As part of this process, it discloses a bit of information about itself: a unique identifier called a "Media Access Control" or MAC address.

Story continues below advertisement

"Turnstyle's system is essentially a listening post: a customized Wi-Fi base station that listens in as smartphones broadcast their MAC addresses as they look for hotspots. In the interests of privacy, the system immediately forgets the code itself, "hashing" it into a unique identifier that can't be traced to an individual. But it will remember if the same (anonymized) smartphone returns for another visit."

That final element, the collection of the user information into a database, is what allows Turnstyle to create patterns of user behaviour across multiple businesses.

Mr. Wright says his clients are excited by the ability to build profiles of their customers: "If you are a brick-and-mortar retailer you are getting smoked by e-commerce, and it is based completely on analytics." Cookies that tell Amazon and other e-tailers what kind of websites you visit helps them customize their offerings to you. Real-world tracking by Turnstyle and other firms like it present a chance for physical retailers to level the playing field.

And the service doesn't end there. If smartphone users agree to log in to the free Wi-Fi that some Turnstyle clients offer, the "terms of service" discloses that you will be adding even more demographic information about yourself, such as your gender or approximate age, to the database.

To address privacy concerns, the company has an opt-out feature on its website. By entering your phone's MAC you tell Turnstyle to stop tracking you. Another solution is to turn off Wi-Fi when you are not using it, but services like Google Maps will often suggest you turn it back on to help make their location-tracking more precise.

How do you know if a business you patronize is tracking you? For now, there is no way. Mr. Wright says he is working on some voluntary signs that businesses could post to warn customers, but he doesn't foresee the need to force clients to post those warnings in order to access his company's data.

Story continues below advertisement

He says Turnstyle is also working with the Future of Privacy Forum, a Washington D.C.-based think-tank that is attempting to get all data-collecting companies to sign up for a universal "do-not track" opt-out, a one-stop shop for citizens to signal that they don't want any companies to collect their information in databases – whether or not they know of those companies' existence.

Mr. Wright is candid about the potential negative reaction to the technology. While insisting that the public is well aware of how much commercial data tracking already exists, he cites the cautionary tale of Nordstrom Inc. Around the time Turnstyle was launching, in the summer of 2013, Euclid Analytics added Wi-Fi sensors to 17 Nordstrom stores in order to measure in-store traffic (how many people were in the junior miss department, how many in fragrances, and so on). After media attention raised the ire of customers, the department store abruptly ended the experiment.

After examples like that, Mr. Wright says it has been easier to sign up smaller businesses, which are less likely to face a massive backlash. "A lot of the bigger retailers are just wary about how the media likes to go after the low-hanging fruit," he says.

"The world will naturally do this when change occurs," says Mr. Wright. "Consumers and consumer groups and retailers should all ask questions."

Given the recent high-profile hack of Target customers' information, consumers may also be concerned about the security of the database. But Mr. Wright says the startup, which has raised $500,000, is confident in its precautions.

"We really [trod] slowly, we're comfortable now with our security and we're not exposing anyone to particular risk."

Story continues below advertisement

With files from Ivor Tossell