Ok yes sorry I should have specified, what you’re saying might apply to the US.
What I said applies to the EU.
Thing is, companies need to know beforehand if they are dealing with a user from US or EU because they don’t wanna break laws when they have to deal with the court system anyway on stuff like this. So technically they could transmit information about US citizens, but in practice this is super tricky and risky.
Let’s say you got an IP. Alright you can pinpoint The location. Problem: you don’t know whether you just grabbed the target IP or an IP from a VPN or a proxy. There’s ways to obscure this so you might not even be able to find out. Now if you turn this over, there’s a small risk you just did a crime because they are spoofing their location. And if you just captured a VPN or proxy, you are now pursuing the wrong person and in EU law this won’t go over well.
So in practice there’s basically no way to do this and be sure you didn’t make a mistake, and mistakes in law are risky and costly. No company would ever take such a risk.
Now I could go into detail about all the technical details on why things work like that but it would make this twice as long.
TL;DR in theory you are right for US users, in practice there’s no way to tell and it gets risky pretty fast.
Also obligatory IANAL and always check in with a lawyer if you need specific legal advice.