OkCupid

Warning: *Privacy Not Included with this product

OkCupid

Match Group
Wi-Fi

Review date: March 15, 2024

|
|

Mozilla says

|
People voted: Very creepy

OkCupid, the only dating app that matches you on what matters to you -- or so they say -- turns 20 years old (yes, you're old too). To sign up, you fill out a personality test and give your personal information. Based on that personality quiz, OkCupid's algorithm shows you a measurement of compatibility with potential matches. It's basically a percentage score that represents how likely OkCupid's algorithm thinks you are to click with someone. With no real transparency into their algorithm, who knows how accurate their compatibility measurement is. Good news though, you can increase the odds by paying extra for premium features or to "SuperBoost" your profile and have it shown to more users for three, six, or twelve hours. As their slogan says, "Dating deserves better." Guess what, we think your privacy on OkCupid deserves better too.

What could happen if something goes wrong?

OkCupid’s privacy and security is… not OK. In 2020, the app came under fire for possible GDPR violations for what a Norwegian consumer group called “out of control” data sharing with advertisers and third parties. The same year, researchers found security vulnerabilities in OkCupid that could let hackers steal users’ sensitive information or hijack their accounts. Then in 2022, the United States Federal Trade Commission filed a petition to learn more about a possible data-sharing deal with an AI company, Clarifai AI, where images from OkCupid were reportedly used to train facial recognition software. Ouff. And in 2023, research by Cybernews discovered that a simple hack would make it possible to “track OkCupid users and find their exact location.” Whoa. Match Group's shaky track record makes us a little nervous about their eagerness to double down on the privacy minefield of AI integration. That's something we'll be keeping a close eye on.

So OkCupid and their parent company Match Group have not been known for their security or transparency. You’d think a dating app that’s open about their love for data would be better at keeping it safe. Indeed, OkCupid’s mysterious matching algorithm involves crunching the numbers on your answers to 15 to 500 personality-quiz-style questions -- some of which are written by ChatGPT. That means they can publish some really interesting findings about the state of digital dating. Nice, cool. But it also means its users are volunteer research subjects who end up giving away a ton of super intimate information -- about sex, pizza toppings, politics, and whether they believe the sun is bigger than the earth -- to improve their chances of finding someone special. Answering more questions and frequently updating your profile will lead to more matches, OkCupid says. Other things they suggest to get more matches, aside from providing more data? On their guide to their working their algorithm, OKCupid seems to suggest connecting your Instagram to your OKCupid account will help you get more matches. That tip gets a thumbs down for us. You should know that when you connect your social media to dating apps, both platforms can potentially collect more information on you. That is NOT a match made in heaven.

Speaking of getting social, “[o]f course,” OkCupid’s privacy policy says, “we also process your chats with other users as well as the content you publish to operate and secure the services, and to keep our community safe.” And yeah, dating apps probably need to somehow monitor your in-app conversations to make sure no one is being a jerk. But just be aware that DMs on OkCupid and most dating apps aren't what we would call private since they could be reviewed by other humans.

As for the rest of OkCupid's policies, they're not great. That worries us because, on top of your answers to their questions, they sure can collect a lot of information about you. There’s information you give about yourself when you set up your account like your contact information, gender, and who you’d like to meet. Your profile information, the photos you upload, your sexual orientation, interests, and more. Some of that data's going to be sensitive, so you should know that "choos[ing] to provide" it counts as giving your consent for it to be processed by Match Group. K. Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're online, and who you interact with. Oh and your geolocation! Even while you're not using OkCupid. You can also choose to give OkCupid access to biometric information (information about your unique face shape) if you want to have verified status.

OkCupid can also collect more information about you from “partners” and affiliates like other sites owned by Match Group -- that includes Hinge, Match, Tinder, and dozens more. And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. And then they say they can use those inferences they make about your with all that personal information they get from data in your profile for things like "providing advertising or marketing services," and " the contextual customization of ads." Uhg.

Plus, OkCupid can use your information for reasons that won’t help you find someone you vibe with, like showing you ads. We're sure glad OkCupid at least says they won't sell your personal information. That’s cool! They do share it around though, like with those other Match Group-owned companies. OkCupid’s privacy policy also says they can share “non-personal information” and “de-identified” information for targeted ads on Match Group’s services and on third party apps and websites too. And we should point out that researchers say it can be easy to re-identify that information.

OkCupid might share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see.

A final deal-breaker is that not everyone gets the right to delete their personal data or even have access to it. Bummer. So what could go wrong with OkCupid? Well, given OKC's less-than-OK track record, we're stressed your answers to that super-personal survey aren't totally safe. It's nobody's business if you sing along at concerts. We also wonder if the risk you take in giving up your data to OkCupid is worth it -- especially since love on Match Group-owned apps might be a losing game. A lawsuit filed February 2024 in the United States against claims Match Group’s apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Yeesh. That's always a danger when a happy ending is bad for business.

Tips to protect yourself

  • Turn off Match Group data sharing in the app's Privacy Preferences
  • Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
  • Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
  • Do not share sensitive data through the app.
  • Do not give access to your photos and video or camera.
  • Do not log in using third-party accounts.
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
  • Do not give consent for sharing of personal data for marketing and advertising.
  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product as it can use personal information to provide offers and operate advertising and marketing campaigns; and as it can share non-personal information with other Match Group companies and third parties (notably advertisers) to develop and deliver targeted advertising on its services and on websites or applications of third parties, and to analyze and report on advertising you see. They may also combine this information with additional non-personal information or personal information in hashed, non-human readable form collected from other sources.

OkCupid Privacy policy

"We may receive information about you from our partners where our ads are published on a partner’s service (in which case they may pass along details on a campaign’s success). Where legally allowed, we can also receive information about suspected or convicted bad actors from third parties as part of our efforts to ensure our users’ safety and security."

"The main reason we use your information is to deliver and improve our services. Additionally, we use your information to help keep you and our community safe, and to provide you with advertising that may be of interest to you.
<...>
C. To provide offers and operate advertising and marketing campaigns

Perform and measure the effectiveness of advertising campaigns on our services and marketing our services off our platform
Communicate with you about products or services that we believe may interest you

<...>

F. To ensure legal compliance

Comply with legal requirements
Assist law enforcement
"

"We use vendors to help us operate, distribute, market and improve our services, such as data hosting and maintenance, analytics, customer care, marketing, advertising, payment processing and security operations. We also share information with vendors who distribute and assist us in advertising our services. For instance, we may share limited information on you in hashed, non-human readable form to advertising vendors."

"We may use and share non-personal information (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioral data, location in de-identified form), as well as personal information in hashed, non-human readable form, under any of the above circumstances. We may also share this information with other Match Group companies and third parties (notably advertisers) to develop and deliver targeted advertising on our services and on websites or applications of third parties, and to analyze and report on advertising you see. We may combine this information with additional non-personal information or personal information in hashed, non-human readable form collected from other sources."

"OkCupid is part of the Match Group family of businesses.
We may share information about you with our affiliates and they may share information about you with us, for the reasons laid out below:\
To make all Match Group platforms safer, for instance by making sure that when a bad actor is found on one Match Group platform (for instance ours), they can be banned from all.
To assist each other in data processing operations, as service providers. This assistance may include technical processing operations, such as data hosting and maintenance, customer care, marketing and targeted advertising, analytics, finance and accounting, payment processing, service improvement, data security and fighting against spam, abuse, fraud, infringement and other wrongdoings.
To improve your chances at building significant connections with others, we may make you visible on other Match Group services or allow you to benefit from cross-platform functionalities. We will of course comply with applicable law and, where relevant, notify you of any such opportunity and allow you to agree or to refuse.
If you are located in the USA excluding California, Colorado, Utah, Connecticut and Virginia, to personalize your experience on Match Group platforms, including how you’re shown to other users and how others are shown to you, prices, discounts, ads and content you experience, to improve our marketing campaigns.
For other legitimate business purposes including corporate audit, analysis and consolidated reporting."

CCPA Privacy Notice Addendum

"Some of the information we collect also constitutes “sensitive personal information” under the CCPA, including information that reveals your social security, driver’s license, state identification card, or passport number, precise geolocation, racial or ethnic origin, sex life or sexual orientation, religious or philosophical beliefs, biometric information, and contents of your messages. We do not use sensitive personal information we collect for purposes other than providing and improving our services to you and protecting our services and our community, and we do not use sensitive personal information to infer characteristics about you."

"Categories of personal information collected over the 12-month period prior to the effective date of our Privacy Policy ...
Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes."
Those inferences are "Created from data in your profile" and can be shared with "vendors and professional services organizations who assist us in relation to the business or commercial purposes laid out herein" and can be used for "advertising and marketing services" and " the contextual customization of ads. "

"We do not “sell” or “share” your personal information so no opt out choice is necessary. This means that we do not sell, share, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate in any way your personal information to another company for monetary or other valuable consideration or for cross-context behavioral advertising."

How can you control your data?

We ding this product as it is unclear if all users regardless of location can get their data deleted.

OkCupid Privacy Policy

"Depending on where you live, you may have the right to:

Access/know. You may have the right to request a copy of the information we keep about you, and in certain circumstances to receive this in a portable format. You can exercise your right to access by putting in a request here.
Delete/erase. You may request that we delete the personal information we keep about you. You can exercise your right to delete by submitting a request here.
Correct/rectify/update. You can correct most information you provided to us by editing your profile directly in the service. If you believe the information we hold about you is inaccurate, you may contact us here to rectify it.
Object/restrict. You may also have the right to object to or request that we restrict certain processing. To do so, please contact us here."

"We keep your personal information only as long as we need it for legitimate business purposes (as laid out in Section 4) and as permitted by applicable law. If you decide to stop using our services, you can close your account and your profile will stop being visible to other users. Note that we will close your account automatically if you are inactive for a period of two years. After your account is closed, we will delete your personal information, as laid out below:
To protect the safety and security of our users, we implement a safety retention window of three months following account closure. During this period, we keep your information in the event that it might be necessary to investigate unlawful or harmful conducts. The retention of information during this safety retention window is based on our legitimate interest as well as that of potential third-party victims.
Once the safety retention window elapses, we delete your data and only keep limited information for specified purposes, as laid out below:
We maintain limited data to comply with legal data retention obligations: in particular, we keep transaction data to comply with tax and accounting legal requirements, credit card information for the duration the user may challenge the transaction and “traffic data” / logs for one year to comply with legal data retention obligations. We also keep records of consents users give us for five years to evidence our compliance with applicable law.
We maintain limited information on the basis of our legitimate interest: we keep customer care records and supporting data as well as imprecise location of download / purchase(s) to support our customer care decisions, enforce our rights and enable us to defend ourselves in the event of a claim, profile data in anticipation of potential litigation, for the establishment, exercise or defense of legal claims, and data necessary to prevent users who were banned or people who were found to be under the age of 18 from opening a new account, for as long as necessary to ensure the safety and vital interests of our users.
Finally, we maintain information on the basis of our legitimate interest where there is an outstanding or potential issue, claim or dispute requiring us to keep information (in particular if we receive a valid legal subpoena or request asking us to preserve data (in which case we would need to keep the data to comply with our legal obligations) or if data would otherwise be necessary as part of legal proceedings."

What is the company’s known track record of protecting users’ data?

Bad

In November 2022, the parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.

The FTC filed a petition on May 26, 2022 to force Match, owned by the parent company Match Group Inc., to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.

In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.

In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."

In February 2024, OkCupid parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.

In March, 2024, Match Group owned Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."

Child Privacy Information

"No Children Allowed

Our services are restricted to individuals who are 18 years of age or older. We do not permit individuals under the age of 18 on our platform. If you suspect that a member is under the age of 18, please use the reporting mechanism available on the service."

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."

Strong password

Yes

OkCupid requires 6-digit password with no insecure passwords.

Security updates

Yes

Manages vulnerabilities

Yes

"OkCupid welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]."

"OkCupid’s bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion."

Privacy policy

Yes

Does the product use AI? information

Yes

OkCupid employs ChatGPT to generate prompts.

OkCupid employs the matching algorithm.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

The algorithm generates matches for users.

Is the company transparent about how the AI works?

No

"Our powerful algorithm first takes into account the basic criteria you’re looking for in a match, such as age, location, gender and orientation. If you want these preferences to be deal breakers, you can set them as such. (Gender and orientation preferences are automatically set as deal breakers for free). We then consider the people in that pool that are looking for you, too. What makes OkCupid special, though, is the final step where we consider all the questions you’ve answered, and how important you’ve ranked those questions (not important, somewhat important, or very important), and then match you with people who feel the same on everything from pineapple on pizza to voting rights. "

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Popular dating app leak puts millions of women at risk
    Cybernews Link opens in a new tab
  • OkCupid Employs ChatGPT to Interrogate Its Users
    Gizmodo Link opens in a new tab
  • Is ChatGPT to thank for your latest OkCupid match?
    Fast Company Link opens in a new tab
  • Pssst! Match.com does not want you to know about this FTC case
    Reuters Link opens in a new tab
  • Match Group releases its guiding principles for integrating AI into its dating apps
    Fast Company Link opens in a new tab
  • How Match.com is using AI to make its user experience 'more human'
    IAB Link opens in a new tab

Comments

Got a comment? Let us hear it.