Facebook and Google aren’t the only companies hoovering up every kilobyte of our digital lives—our late-night shopping habits, social-media posts, travel plans, and celebrity obsessions—and turning that personal data into dollar signs. As the recent leak of nearly 200 million voter profiles shows, political analytics companies are major players in the Big Data space, too—and their methods, if not their security protocols, are getting ever more sophisticated. The terabyte of data that Gizmodo reports Deep Root Analytics left on a cloud server, without password protection, included “home addresses, birth dates, and phone numbers,” along with “advanced-sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem-cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity.” Even more worrying, some of the firm’s voter-registration data was cross-referenced against Reddit users’ profiles, suggesting a wide-ranging, multi-platform effort to build psychological profiles of American citizens.

None of this is illegal, nor is it clear whether such information is particularly useful. Gizmodo reports show that the Republican National Committee paid Deep Root $983,000 last year, and that other conservative groups paid millions more. But as The New York Times revealed last year, preference-prediction software peddled by companies like Cambridge Analytica is still an imperfect science.

Still, Deep Root Analytics and Cambridge Analytica aren’t the only entities racing to mine the treasure trove of online data for political insights. As Bloomberg recently reported, Russian hackers infiltrated voter databases and software systems in 39 U.S. states as part of a wide-ranging effort to disrupt and influence the 2016 presidential election. A U.S. government probe has since concluded that four out of every five state-voting systems was hacked, though it’s not clear whether this had any effect on the outcome of the election. More recently, G.O.P. operative Aaron Nevins acknowledged that he'd asked for and received 2.5 gigabytes of Democratic Congressional Campaign Committee documents and voter data from the hacker known as Guccifer 2.0, which U.S. intelligence agencies believe is a front for Russian military intelligence. Nevins told the hacker, in a series of exchanges reviewed by The Wall Street Journal, that Democrats had probably “spent millions probably to figure out who these people are that are conducive to their message and now it’s exposed for the other side.” He later posted the analysis to his blog, allowing anyone to review voter-analysis data for a number of critical battleground states, including Pennsylvania, which Donald Trump won by fewer than 70,000 votes.

In the case of Deep Root, there could be enough data to flip an election. “If the Russians have this data, then they have targeted information that could allow them to try to swing the vote,” Archie Agarwal, the founder of the cybersecurity firm ThreatModeler, told Business Insider. “There is nothing more valuable to some people out there than this kind of information,” Chris Vickery, the cyber-risk analyst who first discovered the Deep Root leak, added. “This is what you can use to steal an election at the state and local level. It tells you who you need to advertise to to swing votes.”

Although Deep Root doesn’t believe its data was hacked by a malicious third party in the 12 days it was exposed to the public, it serves as a terrifying reminder of how political analysts are turning to all publicly available data about voters online—your Facebook profile, the Reddit groups you peruse, the rest of your digitally available identity—to sell to political and lobbying groups. More important, it underscores just how much of our daily lives has become intertwined with technologies that are ultimately designed to turn our psychological profiles into profit. Facebook apparently knows when you’re pregnant, the better to serve ads for Huggies diapers and other baby paraphernalia. Google monitors credit-card purchases to better allow advertisers to measure the impact of their marketing. Amazon’s voice-activated smart-home device, the Echo, uses artificial intelligence to personalize itself based on your purchasing behavior, and machine learning to help you get dressed in the morning. Amazon’s Echo Look, which is equipped with a webcam, could theoretically track your weight or size to offer better-fitting clothes, or to know when a baby is on the way. (New moms are among the most valuable consumers.) With Amazon’s acquisition of Whole Foods last week, the e-commerce giant could soon know what kinds of food you eat, too. Enjoy vegan? There may be more tailored advertisements on their way.

Political analysts are now using the same tools to predict human behavior. But instead of trying to sell you clothes or movies, they want to sell you a candidate. “You can do things that you would not have dreamt of before,” Alexander Polonsky, chief data scientist at consulting firm Bloom, told the Times earlier this year. “It goes beyond sharing information. It’s sharing the thinking and the feeling behind this information, and that’s extremely powerful.” In a data leak like Deep Root’s, there’s more at stake than just your personal information getting exposed. The potential for companies, politicians, or foreign governments to understand our desires, and to learn how to manipulate our behavior, is far scarier than having your e-mail address or phone number posted online.