Magic Leap has finally unveiled its much-hyped augmented reality hardware platform, promising that the first units will ship next year. These will be first-generation development kits, but they’re a step toward Magic Leap’s ultimate (if lofty) goal: creating ubiquitous lightweight glasses that add virtual objects to the real world. And that, in turn, sets off major privacy alarms.

Like most smart glasses, Magic Leap’s headsets will collect a constant stream of user data. They feature an array of cameras and microphones that capture everything you see and hear. The cameras detect shapes in your surroundings, and the microphones can take audio commands. But Magic Leap’s patents suggest more sophisticated, and sometimes downright creepy, uses.

One Magic Leap patent outlines a hypothetical partnership where Starbucks would use object recognition to sense when a user is staring at a Starbucks cup, detect the location of the nearest Starbucks, and send a notification offering coffee. Others imagine glasses automatically scanning products in a grocery store and offering price comparisons, or cereal companies sponsoring games based around specific products. Whether or not Magic Leap is actually doing any of these things, the company has spent a lot of time thinking about how to analyze and monetize your new reality.

Even noncommercial augmented reality applications would collect and cross-reference information, even if it’s something as benign as a list of art you’ve looked at or landmarks you’ve visited. And then there’s all the data from applications themselves — which games you’re playing, what you’re watching on virtual TV screens, and what you say to Magic Leap’s planned AI assistant, just to name a few examples. With its eye tracking sensors, Magic Leap’s headset will know precisely where your attention is focused to a greater degree than even modern VR headsets.

If you’ve got an iPhone, an Alexa speaker, a Windows PC, or many other popular electronic devices, you’re already giving up some of these bits of privacy — which is worrying in its own right. But at the very least, Apple, Amazon, and Microsoft are rightly operating under heavy scrutiny from security experts, regulators, and the public. They’re not immune to shocking security breaches, but they’re also held to a comparatively high standard, and they have big security teams to find and fix vulnerabilities.

We don’t really know anything about Magic Leap’s security practices, and despite its rapid expansion and big investors, it’s not going to have the same resources as these juggernauts. Hopefully the company is working on a great security system and privacy policy behind the scenes; I’ve emailed a request for more details on both. For now, Magic Leap’s whimsical public image makes it hard to tell whether it understands the responsibilities it’s taking on. And we’ve already seen what happens when startups play fast and loose with powerful products. It looks like the internet of things — a dangerously insecure mess that gives hackers alarming access to people’s private lives.

Many threats don’t emerge through obscure software exploits, but through designers’ blind spots around harassment and stalking — like Snap Maps and the defunct Google Buzz. These are often gendered problems, and Magic Leap was the subject of a bizarre sex discrimination lawsuit, which described a work environment somewhere between a Mad Men office and a five-year-old boy’s tree fort. Among other things, it specifically alleged that designers ignored recommendations from female employees, and that their ideas for appealing to women stopped at making a pink headset. The lawsuit was settled, and its claims were never tested. But until we know more about the platform, they’re still worrying.

If Magic Leap handles its power responsibly, it could hold app developers to a high privacy standard, and make sure users know what it’s doing with their data — earning money through hardware and virtual entertainment instead of gathering and selling private information. But that would require clear communication around a set of mundane-sounding problems — which, so far, isn’t the company’s strong suit.