"We value your privacy" and "we share data with partners" appear in the same policies. Banks and card networks share transaction data with processors, fraud vendors, credit bureaus, data aggregators, and (jurisdiction-dependent) marketing partners — plus lawful government requests, which in most countries number in the hundreds of thousands per year.
The aggregator layer
Open-banking APIs and screen-scraping services pull full transaction histories into third-party apps. Each connection is another company holding your diary — with its own breach record and its own subpoena inbox.
Opting out, structurally
You can't opt out of a pipeline you're inside. You can exit it: pseudonymous rails collect no identity to share. Specter's policy is data minimisation — collect only what's operationally necessary, never sell personal information — enforced by having nothing to sell.