Plenty of Fish

Warning: *Privacy Not Included with this product

Dating Apps Valentine's Day

Plenty of Fish

Match Group, LLC
Wi-Fi

Review date: March 15, 2024

|
Mozilla researched 6 hours
|

Mozilla says

|
People voted: Very creepy

Launched in 2003, Plenty of Fish, aka POF, is one of the OG dating services available in 11 languages and more than 20 countries. It bills itself as "the most friendly way to date" where users can "come exactly as [they] are." They take a choose-your-own-adventure approach to dating with lots of different ways to connect. Those ways include live streaming, dating games, DMs, and yes, swiping. Recently, in the interest of eliminating "uncomfy moments" that you didn't sign up for, POF introduced a "No D*ck Pics" badge users can add to their profiles... Which is probably another situation where "opt-in" consent would make way more sense. Free users can sign up, send messages, get matches, and more. Premium user features include viewing extended user profiles, seeing read receipts, and an ad-free app experience. Sounds great! Unfortunately, POF is not exactly great at privacy.

What could happen if something goes wrong?

Plenty of Fish has a new look and a new promise. They say it’s the most friendly, playful, relaxed way to date -- where you can be you! The catch? The sleeker-looking Plenty of Fish still gets plenty of privacy dings from us.

This dating app asks users to provide a whole lot of personal information when you sign up -- everything from your ethnicity and whether you smoke to if you own a vehicle and if your parents are married (seriously, they ask for that!). And though their privacy policy says that information is “optional,” it doesn't seem like there’s any way to get set up without working your way through their many intense questions. And some of that data is going to be sensitive, so know that just providing it counts as “consenting to [Plenty of Fish’s] processing of that information”. On top of that, there’s your profile information, the photos you upload, your sexual orientation, interests, and more. Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're online, and who you interact with. Oh and your geolocation! Even while you're not using Plenty of Fish. You can also choose to give access to biometric information (information about your unique face shape) if you want Selfie Verification. And let's not forget your chats! To be sure you're not engaging in harmful or illegal behavior, chats can be filtered by automated tools and may be reviewed by humans. Your conversations also help train those tools.

Plenty of Fish can collect even more information about you from “partners” and affiliates like those many other dating apps owned by their parent company, Match Group (over 40+ apps!). And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. It’s a lot!

And that does worry us a bit because Plenty of Fish can use your personal information for reasons that likely won't bring you closer to meeting your #couplesgoals, like showing you ads. They can also share your information with the many other Match Group apps which include OkCupid, Tinder, Hinge, and dozens more. And Plenty of Fish even goes a step further -- in a bad direction -- than most Match Group apps. They can "sell" your personal information to social networks, ad networks, and others. Ugh. We can't let you off the hook for that one, POF.

Not to open a can of worms here, but there is more. Plenty of Fish's parent company Match Group doesn't have the best track record. In 2022, the United States Federal Trade Commission filed a petition against Match Group Inc. to force them to hand over documents about a possible data-sharing deal between one of their apps and an AI company, where images of users’ faces were reportedly used to train facial recognition software. Tinder was also hit with lawsuits about their photo verification feature in 2022 and 2023. One says that the app didn't get proper consent from users to process their biometric information and the other claims the feature “verified” a fake account created with the plaintiff's stolen photos. Oh no! And research by Cybernews in 2023 found that a simple hack would make it possible to “track [Match Group-owned] OkCupid users and find their exact location.” Whoa. Match Group's shaky track record makes us a little nervous about their eagerness to double down on the privacy minefield of AI integration. That's something we'll be keeping a close eye on.

Here is one good thing. Plenty of Fish says they may share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard, and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see. Just beware, all those dating app chats could end up in law enforcement's hands if they have a court order.

After reading this, users might decide they'd like to access to and delete all the information this app and its parent company has collected on them. That's fair, but unfortunately Plenty of Fish doesn't guarantee that right to all their users regardless of where they live. Boooo hiss! So what's could go wrong with Plenty of Fish? Well, the fact that POF says they can "sell" (under the California CCPA definition of sell) your email, internet activity, and demographic data to advertising networks makes this whole thing feel more like a fishing expedition than a chance to find your true love. Good thing there are plenty of dating apps in the sea (too bad most of them also raise our privacy eyebrows though)! We also wonder if the risk you take in giving up your data to POF is worth it -- especially since love on Match Group-owned apps might be a losing game. A lawsuit filed February 2024 in the United States against claims Match Group’s apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Yeesh. That's always a danger when a happy ending is bad for business.

Tips to protect yourself

- Turn off Match Group data sharing in the app's Privacy Preferences
- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.

  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product as it 'sells' personal data as this term is defined in California; it can use personal information to provide offers and operate advertising and marketing campaigns; and it may receive information about you from its partners where its ads are published on a partner’s service.

Privacy Policy

"If you choose to provide us with information that may be considered “special” or “sensitive” in certain jurisdictions, such as your sexual orientation, you’re consenting to our processing of that information in accordance with this Privacy Policy. From time to time, we may ask for your consent to collect specific information such as your precise geolocation or use your information for certain specific reasons. In some cases, you may withdraw your consent by adapting your settings (for instance in relation to the collection of precise geolocation) or by deleting your content (for instance where you entered information in your profile that may be considered “special” or “sensitive”). In any case, you may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Policy."

"You may decide to share information with us through your social media account, for instance if you decide to create or log into your Plenty of Fish account via your social media or other account (e.g., Facebook, Google or Apple) or to upload onto our services information, such as photos from one of your social media accounts (for example, Facebook or Instagram)."

"We may receive information about you from our partners where our ads are published on a partner’s service (in which case they may pass along details on a campaign’s success). Where legally allowed, we can also receive information about suspected or convicted bad actors from third parties as part of our efforts to ensure our users’ safety and security."

"Additionally, we use your information to help keep you and our community safe, and to provide you with advertising that may be of interest to you. <...>
To provide offers, operate advertising and marketing campaigns and understand their effectiveness

· Perform advertising campaigns on our services and advertise our services off our platform
 · Measure the effectiveness of advertising campaigns on our services and advertising our services off our platform
 · Communicate with you about products or services that we believe may interest you"

"In addition to the information you may provide us directly, we receive information about you from others, including:

· Users
Users may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.
 · Social media
You may decide to share information with us through your social media account, for instance if you decide to create or log into your Plenty of Fish account via your social media or other account (e.g., Facebook, Google or Apple) or to upload onto our services information, such as photos from one of your social media accounts (for example, Facebook or Instagram).
 · Other partners
We may receive information about you from our partners where our ads are published on a partner’s service (in which case they may pass along details on a campaign’s success). Where legally allowed, we can also receive information about suspected or convicted bad actors from third parties as part of our efforts to ensure our users’ safety and security."

"We may publish ads about third-party advertisers’ products and services on our service and publish ads promoting our own service on third-party sites and apps. To help improve the relevance of these ads, we provide certain info about you (such as device information and identifiers like your IP address and advertising identifiers, usage information like links clicked and conversion information, and demographic information like your age, gender and interests) to third parties, including advertising partners, or allow them to collect such information from our services (such as via cookies, SDKs, or similar technologies). Some of our advertising partners enable us to transform your email address, advertising identifiers or phone number into an identifier that can’t be used to identify you personally and then use that unique identifier to either exclude you from our marketing campaigns, or to target our ads at an audience that is similar to you in terms of background, interests or app usage. If you live in the United States, some of the activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under applicable laws, and we give you the choice to opt-out, as described in Section 8. In other countries, we may ask you to opt into these activities. More information on our use of cookies and similar technologies can be found in our Cookie Policy."

California privacy statement

"We may publish ads about third-party advertisers’ products and services on our service and publish ads promoting our own service on third-party sites and apps. To help improve the relevance of these ads, we may allow third parties to collect information about you through cookies and similar technologies or disclose information to them. While we do not sell your information for money, under California law, these activities may constitute “sharing” or “sales” of personal information."

In the last 12 months, Plenty of Fish may have used the following personal data for purposes including "providing advertising or marketing services", "providing analytics services", " or providing similar services": "Identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers"

"Some of the information we collect also constitutes “sensitive personal information” under the CCPA, including information that reveals your social security, driver’s license, state identification card, or passport number, precise geolocation, racial or ethnic origin, sex life or sexual orientation, religious or philosophical beliefs, biometric information, and contents of your messages. We do not use sensitive personal information we collect for purposes other than providing and improving our services to you and protecting our services and our community, and we do not use sensitive personal information to infer characteristics about you."

How can you control your data?

We ding this product as it is unclear if all users regardless of location can get their data deleted, and if all users regardless of location can opt out of data selling.

Privacy policy

"You may request that we delete the personal information we keep about you. "

"We keep your personal information only as long as we need it for legitimate business purposes and as permitted by applicable law. If you decide to stop using our services, you can close your account and your profile will stop being visible to other users. Note that we will close your account automatically if you are inactive for a period of two years."

"If you live in the United States, you may opt out of our activities that may constitute “targeted advertising,” “sales,” and “sharing” under applicable laws. To do so, please visit the “Your Privacy Choices” link in the footer of our website and in the Settings menu of the app and set the “Do Not Sell or Share My Personal Information” toggle to the “on” position.

"You can stop all information collection by an app by uninstalling it using the standard uninstall process for your device. Remember that uninstalling an app does NOT close your account. To close your account, please use the corresponding functionality on the service."

What is the company’s known track record of protecting users’ data?

Bad

In November 2022, the parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.

The FTC filed a petition on May 26, 2022 to force Match, owned by the parent company Match Group Inc., to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.

In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.

In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."

In February 2024, Plenty of Fish parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.

In March, 2024, Match Group owned Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."

Child Privacy Information

"No Children Allowed

Our services are restricted to individuals who are 18 years of age or older. We do not permit individuals under the age of 18 on our platform. If you suspect that a member is under the age of 18, please use the reporting mechanism available on the service."

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

"Plenty of Fish welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]."

"Plenty of Fish's bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion. We explicitly prohibit testing Denial of Service (DoS) or use of automated scanning tools against any of our applications or infrastructure."

Privacy policy

Yes

Does the product use AI? information

Yes

Plenty of Fish uses a matching algorithm to determine your top prospects.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Best Dating Apps for 2024
    CNET Link opens in a new tab
  • The best sexting apps for safe NSFW fun in 2024
    Mashable Link opens in a new tab
  • Plenty of Fish app was leaking users’ hidden names and postal codes
    TechCrunch Link opens in a new tab
  • Popular dating app leak puts millions of women at risk
    Cybernews Link opens in a new tab
  • Match Group leans into AI with new team
    Mashable Link opens in a new tab
  • Pssst! Match.com does not want you to know about this FTC case
    Reuters Link opens in a new tab
  • Match Group releases its guiding principles for integrating AI into its dating apps
    Fast Company Link opens in a new tab
  • How Match.com is using AI to make its user experience 'more human'
    IAB Link opens in a new tab
  • Why Plenty Of Fish Did A Hard Reset On Its Brand And Media Mix
    Ad Exchanger Link opens in a new tab

Comments

Got a comment? Let us hear it.