Stop me if you’ve heard this one before, but it looks like Facebook may have been sharing more of your data than you thought it was. The Wall Street Journal reported Friday that the social network cut deals with a number of companies to provide access to user records and friend data even after its policy change that prevented apps from scraping that very information.

According to the report, Facebook reached agreements with a number of major corporations to provide data about the friends of its users. The information handed over to companies included details like phone numbers and a metric called “friend link” that determined how much communication and connectivity there was between users and their friends.

Disclosure of the deals punctures a hole in the picture Facebook has tried to paint as a suddenly user-friendly, privacy-minded company after 2014—not that anyone was buying that image anyway. That year, Facebook cut off the significant amount of access app developers could pull from users on the platform, including completely restricting the ability to scrape data from a user’s friends without their consent.

Prior to 2014, Facebook allowed app makers to suck up a significant amount of data from people without their permission—a policy the company has since had to pay for while facing scrutiny over the Cambridge Analytica scandal. The UK-based political data firm acquired information on more than 87 million people collected without consent through a Facebook app.

Facebook supposedly realized the error of its ways and turned off the spigot that allowed friend data to be collected—but as it turns out you could just buy your way back in if you really wanted. Citing “court documents, company officials and people familiar with the matter,” the Wall Street Journal reported that Facebook made deals with Royal Bank of Canada, Nissan—both advertisers on the platform—and Nuance Communications, which was working with Fiat at the time. The agreements were also completely separate from Facebook’s data sharing program with device manufacturers, which the company owned up to earlier this week.

Facebook has copped to the agreements, which it said lasted between just weeks to several months, but tried to minimize them as much as possible. “As we were winding down over the year, there was a small number of companies that asked for short-term extensions, and that, we worked through with them,” Ime Archibong, Facebook’s vice president of product partnerships told WSJ. “But other than that, things were shut down.”

Per the Journal, Facebook internally called the deals “whitelists,” which may be a little bit of insight into how the company viewed the arrangements. Whitelisting someone typically means providing them access that they otherwise wouldn’t have. At the time, Facebook had cut off access to friend data that was previously accessible to app developers using Facebook. These companies were effectively whitelisted to use that data. Access is never truly cut off if you have some money to throw around.

[Wall Street Journal]