Tinder

Warning: *Privacy Not Included with this product

Dating Apps Valentine's Day

Tinder

Match Group
Wi-Fi

Review date: March 15, 2024

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Super creepy

Tinder is the app that made swiping right for love--or a hookup--popular. Since its launch in 2012, the world’s most popular free dating app wants you to know that it’s changed. They recently added quizzes and profile prompts so that users can swipe (and match) on more than just photos. It’s a “rizz-first redesign,” they said! And their subscription tiers now include a pricey “Tinder Select” option where, for $499/month, you can send messages to people you haven't swiped right on you and be seen by Tinder’s most “sought after profiles”--a weird promise from a company that says their matching algorithm doesn’t rank users by desirability (anymore?). As always, Tinder also lets you connect via Facebook, add your Instagram and link your Spotify. All those extras mean Tinder can collect a whole lot of personal data on its users. Unfortunately, from what we can see, they’re (still) not doing enough to keep all that personal information private and safe.

What could happen if something goes wrong?

Yeah, Tinder is pretty bad for your privacy and security. Back in 2020, over 70,000 photos of women from Tinder ended up on a dodgy site known for criminal activity. The same year Tinder came under fire for possible GDPR violations for what a Norwegian consumer group called “out of control” data sharing with advertisers and third parties. In 2022, the United States Federal Trade Commission filed a petition against Tinder’s parent company, Match Group Inc. to force them to hand over documents about a possible deal between one of their apps and an AI company, where images of users’ faces were reportedly used to train facial recognition software. Tinder was also hit with lawsuits about their photo verification feature in 2022 and 2023. One says that Tinder didn't get proper consent from users to process their biometric information and the other claims the feature “verified” a fake account created with the plaintiff's stolen photos. Yikes! Match Group's shaky track record makes us a little nervous about their eagerness to enter the privacy minefield of AI integration. That's something we'll be keeping a close eye on.

Besides security concerns and being the subject of Netflix’s most-watched documentary, other controversies have kept people talking about Tinder. People started asking questions about Tinder’s matching algorithm after their CEO at the time said it involves a secret “desirability” score. It raised a lot of questions about discrimination, racial basis, and (based on the bajillion articles written about how to reset, optimize, and overcome your “score”) probably made people feel bad about themselves. By 2019, Tinder called that scoring system “old news” and said they no longer “rely on it.” But their blog post on the topic raised more questions than answers about how it all works now. The post says that “Likes and Nopes [how people react to your profile] are obviously key pieces of insight into what members like” and are still taken into account for matching. Hmmm. What’s not so obvious is how that’s so different and if the new way is less vulnerable to biases. People also had questions about Tinder’s wacky and inconsistent premium subscription pricing model -- including Mozilla. We partnered with Consumers International to shine a light on the app’s confusing personalized pricing that seemed to take age and other mysterious factors into account. This, again, raised more questions about Tinder’s behind-the-scenes number-crunching in a way that felt icky. It took until 2022 for Tinder to finally announce that they’re phasing out age-based pricing for all markets. And in March 2023, following a lengthy dialogue with the European Commission and other consumer groups, Tinder finally committed to "inform consumers that discounts they propose for premium services are personalised by automated means" because the "network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law."

So Tinder and their parent company Match Group has not been known for their security or transparency. That’s a shame because, as a dating app, they sure can collect a lot of information about you. There’s information you give about yourself when you set up your account like your contact information, gender, and who you’d like to meet. Your profile information, the photos you upload, your sexual orientation, interests, and more. Some of that data's going to be sensitive, so you should know that "choos[ing] to provide it" counts as giving your consent for it to be processed by Match Group. K. You should also know that your DMs may be reviewed by Tinder’s human agents. To be sure you're not sending messages that go against its community guidelines, chats can be filtered by automated tools and may be reviewed by humans. Your conversations also help train those tools. But this and other chat-scanning safety features have apparently helped to cut down inappropriate messages, so that part is good.

Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're on Tinder, and who you match with. Oh and your geolocation! Even while you're not using Tinder. That's extra worrisome since Match Group doesn't have a rock solid reputation for protecting users' precise location. You can also choose to give Tinder access to biometric information (information about your unique face shape) if you want to be a Verified Cutie. Tinder can also collect more information about you from “partners” and affiliates like other sites owned by Match Group -- that includes Hinge, Match, OKCupid, and dozens more. And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. And then they say they can use those inferences they make about your with all that personal information they get from data in your profile for things like "providing advertising or marketing services," and " the contextual customization of ads." Uhg.

As for the rest of Tinder’s policies, they're not great. Tinder can use your information for reasons that won’t help you get sparks flying, like showing you those targeted ads. We're sure glad Tinder at least says they won't sell your personal information. That’s cool! They do share it around though. Like with all those many other Match Group-owned companies. Tinder also may share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see.

Tinder’s privacy policy also says they can share “non personal information” and “de-identified” information for targeted ads on Match Group’s services and on third party apps and websites too. And we should point out that researchers say it can be relatively easy to re-identify personal information, especially when location information is collected. Oh, and remember, when you log into Tinder with an existing Facebook, Apple, or Google account or connect your Instagram or Spotify to your profile, both platforms can potentially collect more information together. That's why we recommend users don't link their dating apps to social media.

What else? Well, Tinder has been a bit of a lightning rod for romance scams. It turns out the notorious Tinder Swindler is not alone. In 2023, Tinder did launch a campaign to help spot and stop scammers on the platform. And as of February 2024, Tinder expanded its ID verification program to help users confirm that they're talking to the same person they see in users' profile pictures (when those users have opted in to extra verification). You should know that opting in to that feature does come with some risk to your privacy -- you'll have to trust Match Group with your biometric data. We really hope that will finally help solve the problem of dishonest and fake profiles! It's a big problem, and one that should have been on Match Group’s radar for a while.

So what could go wrong with Tinder? Well, it would be terrible if all of the personal information you share with Tinder's parent company Match Group in hopes of meeting someone special was actually just helping a huge company learn how to make more money off of you and people just like you in your search for love. Hang on, that sounds just like this lawsuit filed in February 2024 in the United States against Match Group. It claims their apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Dang! What a waste that would be of all those precious personal details that make you, you.

Tips to protect yourself

  • Turn off Match Group data sharing in the app's Privacy Preferences
  • Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
  • Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
  • Do not share sensitive data through the app.
  • Do not give access to your photos and video or camera.
  • Do not log in using third-party accounts.
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
  • Do not give consent for sharing of personal data for marketing and advertising.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

You can use Apple, Google or Facebook account to log in.

What data does the company collect?

How does the company use this data?

We ding this product as it can use personal information to provide offers and operate advertising and marketing campaigns; and as it can share non-personal information with other Match Group companies and third parties (notably advertisers) to develop and deliver targeted advertising on its services and on websites or applications of third parties, and to analyze and report on advertising you see. They may also combine this information with additional non-personal information or personal information in hashed, non-human readable form collected from other sources.

Tinder Privacy Policy

"Read on for more details about how your information is shared with others.
With other members <...>
With our service providers and partners <...>
With our affiliates <...>
Sharing functionality <...>
For corporate transactions <...>
With law enforcement / when required by law <...>
To enforce legal rights <...>
With your consent or at your request"

"Of course, we also process your chats with other members as well as the content you publish to operate and secure the services, and to keep our community safe."

"In addition to the information you may provide us directly, we receive information about you from others, including:
Members: Members may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.
Social Media: You may decide to share information with us through your social media account, for instance if you decide to create and log into your account via your social media or other account (e.g., Facebook, Google or Apple) or to upload onto our services information such as photos from one of your social media accounts (e.g., Instagram or Spotify).
Affiliates: We are part of the Match Group family of businesses. Match Group considers the safety and security of members a top priority. If you were banned from another Match Group service, your information can be shared with us to allow us to take necessary actions, including closing your account or preventing you from creating an account on our services.
Other Partners: We may receive information about you from our partners where our ads are published on a partner’s service (in which case they may pass along details on a campaign’s success). Where legally allowed, we can also receive information about suspected or convicted bad actors from third parties as part of our efforts to ensure our members’ safety and security."

"Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) have a “Do Not Track” (“DNT”) feature that tells a website that a user does not want to have his or her online activity tracked. <...> For this reason, many businesses, including ours, do not currently respond to DNT signals."

"If you choose to provide us with information that may be considered “special” or “sensitive” in certain jurisdictions, such as your sexual orientation, you’re consenting to our processing of that information in accordance with this Privacy Policy. From time to time, we may ask for your consent to collect specific information such as your precise geolocation or use your information for certain specific reasons. In some cases, you may withdraw your consent by adapting your settings (for instance in relation to the collection of our precise geolocation) or by deleting your content (for instance where you entered information in your profile that may be considered “special” or “sensitive”). In any case, you may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Policy."

"We use vendors to help us operate, distribute, market and improve our services, such as data hosting and maintenance, analytics, customer care, marketing, advertising, payment processing and security operations. We also share information with vendors who distribute and assist us in advertising our services. For instance, we may share limited information on you in hashed, non-human readable form to advertising vendors."

"We may use and share non-personal information (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioral data, location in de-identified form), as well as personal information in hashed, non-human readable form, under any of the above circumstances. We may also share this information with other Match Group companies and third parties (notably advertisers) to develop and deliver targeted advertising on our services and on websites or applications of third parties, and to analyze and report on advertising you see. We may combine this information with additional non-personal information or personal information in hashed, non-human readable form collected from other sources."

Tinder uses data "to provide offers and operate advertising and marketing campaigns:
Perform and measure the effectiveness of advertising campaigns on our services and marketing our services off our platform.
Communicate with you about products or services that we believe may interest you."

Safety Tips

"Unlike other social apps, our business model is focused on providing users with premium features, including in-app upgrades and subscriptions, to enhance their experience on our app. We do not sell data to third parties or depend on advertising to maintain or grow our business. In fact, in 2018 less than five percent of all revenue was generated through advertising."

"Additionally, we are constantly improving our defenses in the battle against those with malicious intent. However, we do not discuss any specific security tools we use or enhancements we may implement to best protect our users and avoid tipping off any would-be offenders."

CCPA Privacy Notice Addendum

"Some of the information we collect also constitutes “sensitive personal information” under the CCPA, including information that reveals your social security, driver’s license, state identification card, or passport number, precise geolocation, racial or ethnic origin, sex life or sexual orientation, religious or philosophical beliefs, biometric information, and contents of your messages. We do not use sensitive personal information we collect for purposes other than providing and improving our services to you and protecting our services and our community, and we do not use sensitive personal information to infer characteristics about you."

"Categories of personal information collected over the 12-month period prior to the effective date of our Privacy Policy ...
Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes."
Those inferences are "Created from data in your profile" and can be shared with "vendors and professional services organizations who assist us in relation to the business or commercial purposes laid out herein" and can be used for "advertising and marketing services" and " the contextual customization of ads. "

"We do not “sell” or “share” your personal information so no opt out choice is necessary. This means that we do not sell, share, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate in any way your personal information to another company for monetary or other valuable consideration or for cross-context behavioral advertising."

"Not all of the items listed in the Table below are relevant to you. For example, we do not collect Social Security numbers from our users, but we may collect this data in the course of evaluating a job applicant."

How can you control your data?

We ding this product as it is unclear if all users regardless of location can get their data deleted. Also, users are practically forced into 'consent' to provide their precise geolocation.

Tinder Privacy Policy

"Depending on where you live, you may have the right to:

Access/know. You may have the right to request a copy of the information we keep about you, and in certain circumstances to receive this in a portable format. You can exercise your right to access directly within the service by putting in a request.

Delete/erase. You may request that we delete the personal information we keep about you. You can exercise your right to delete by submitting a request.

Correct/rectify/update. You can correct most information you provided to us by editing your profile directly in the service. If you believe the information we hold about you is inaccurate, you may contact us to rectify it.

Object/restrict. You may also have the right to object to or request that we restrict certain processing. To do so, please contact us."

"We keep your personal information only as long as we need it for legitimate business purposes (as laid out in Section 4) and as permitted by applicable law. If you decide to stop using our services, you can close your account and your profile will stop being visible to other members. Note that we will close your account automatically if you are inactive for a period of two years."

"Once the safety retention window elapses, we delete your data and only keep limited information for specified purposes, as laid out below:
a) We maintain limited data to comply with legal data retention obligations: in particular, we keep transaction data for 10 years to comply with tax and accounting legal requirements, credit card information for the duration the user may challenge the transaction and “traffic data” / logs for one year to comply with legal data retention obligations"

What is the company’s known track record of protecting users’ data?

Bad

In November 2022, Tinder parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.

The FTC filed a petition on May 26, 2022 to force Match to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.

In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.

In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."

In February 2024, Tinder parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.

In March, 2024, Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."

Child Privacy Information

"No Children Allowed

Our services are restricted to individuals who are 18 years of age or older. We do not permit individuals under the age of 18 on our platform. If you suspect that a member is under the age of 18, please use the reporting mechanism available on the service."

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

We know that Tinder announced encryption for photos since June 2018 and Tinder's documentation reads "We know that your time on the app is a private matter and have strict policies and technical systems in place, including encryption for user photos and messages and tools that restrict employee access to user communications and other user data." The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."

Strong password

N/A

Tinder uses 2FA with email and phone number, for a log-in.

Security updates

Yes

Manages vulnerabilities

Yes

Tinder runs a bug bounty program.

Privacy policy

Yes

Does the product use AI? information

Yes

Tinder uses its ML model called TinVec to provide recommendations for matches.

Tinder is testing Smart Picks, a tool that can help you find suitable profile pictures on your phone.

Tinder is testing a system that uses AI to suggest personalized bios based on users Interests and Relationship Goals.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

"The proprietary tool sifts through vast amounts of swiping data to find patterns—like your tendency to dig men with beards—and then searches for new profiles that fit those patterns. Tinder then adds those profiles to your swiping queue. The more you swipe, the sharper the predictions become, and (theoretically, at least) the more likely you are to swipe right on the profiles Tinder expects you will."

Is the company transparent about how the AI works?

Can’t Determine

"Brian Norgard, Tinder’s chief product officer, says Super Likeable synthesizes all kinds of data from a user's past swipes to predict future matches. “TinVec relies on users’ past swiping behavior, but that swiping behavior takes into account multiple factors, both physical and otherwise,” Norgard says. “The beauty of AI is that it incorporates all of those inputs into its ranking system.”"

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Tinder’s new warnings inform users when they’re potentially being inappropriate
    TechCrunch Link opens in a new tab
  • We Tried a Dating App That Lets a Chatbot Break the Ice for You. It Got Weird
    Wired Link opens in a new tab
  • Tinder and other Match dating apps will offer in-app tips on avoiding romance scams
    TechCrunch Link opens in a new tab
  • Your Tinder Photos Are Finally Encrypted
    Mobile App Daily Link opens in a new tab
  • Pssst! Match.com does not want you to know about this FTC case
    Reuters Link opens in a new tab
  • Tinder Users Claim Dating App Selfies Breach Biometric Privacy
    Bloomberg Law Link opens in a new tab
  • Tinder Privacy Settings to Adjust Right Now
    Consumer Reports Link opens in a new tab
  • Match Group releases its guiding principles for integrating AI into its dating apps
    Fast Company Link opens in a new tab
  • How Match.com is using AI to make its user experience 'more human'
    IAB Link opens in a new tab
  • Tinder’s new CEO takes the helm, calling it a ‘moment of transition for the industry’
    Fast Company Link opens in a new tab
  • Tinder commits to provide consumers with clear information about personalised prices
    European Commisson Link opens in a new tab
  • Are Dating Apps Racist? Here’s What Tinder And Others Can Do To Protect Users Of Color
    Mozilla Foundation Link opens in a new tab
  • Tinder Can Now Show Who It Thinks You'll Swipe Right On
    Wired Link opens in a new tab
  • Many on dating apps are already in relationships or aren't seeking actual dates, new study finds
    NBC News Link opens in a new tab

Comments

Got a comment? Let us hear it.