Advertencia: *Privacidad no incluida con este producto
Coffee Meets Bagel
For online dating done a little differently, there's Coffee Meets Bagel, a dating service founded by three sisters and launched in 2012. The idea behind Coffee Meets Bagel is you don't swipe around looking for matches. Instead, the app uses your "must-haves" to send you matches curated to your tastes everyday at noon. It gets a little complicated as men get 21 curated matches (or bagels as they awkwardly call them) and have 24 hours to pass or like. Women get 6 matches of people who have liked them. Or something like that, it's a bit confusing. If putting your profile up for everyone on a dating app to see makes you nervous, Coffee Meets Bagel could be good for you because users can't search your profile out. Only users who have matched with you will be sent your profile to view. And hey, if you buy "beans" to spend on "likes" you might find a partner faster, saving you the trouble of having to learn about confusing dating app rules and currencies again. So, how is Coffee Meets Bagel at privacy? Well, we could say their privacy is a bit like a cup of bad coffee -- weak and puzzling.
¿Qué podría pasar si algo falla?
Back in 2019, CoffeeMeetsBagel was forced to send out an email on Valentine’s Day admitting the personal information of six million of their users was hacked, stolen, and put up for sale on the dark web. Not a great way to show their users love, but at least they notified their users pretty quickly of this data breach. And they did take measures to tighten their security after that. It might not have been enough though because in August of 2023, CMB had more bad news for their users: that an app outage was the result of a cyberattack. The company's systems were breached and some data was deleted. Today, we aren't able to confirm whether CoffeeMeetsBagel meets our Minimum Security Standards. All in all, we have some concerns about their security. Which isn't good.
Because they also have some work to do on their privacy policies. Coffee Meets Bagel says in their privacy policy they can use your personal information for research and share it with third-parties for things like targeted advertising. That's a shame because CMB, like most dating apps, can collect a lot of personal information about you. You have to provide your email address, zip code, birthday, gender, and gender preference, and potentially your biometric data for account verification. You'll also be asked to upload photos of yourself. If you do, the data collected will "include location metadata and inferred characterizations or data" in those image files. CMB then goes on to add that they can draw inferences about your for all the personal information they collect to create a profile on you as a consumer and then share those inferences with third parties for advertising purposes. Yuck!
Here's another potential yuck. CMB also says that if you use the video chat feature, you'll need to give access to your microphone and camera. That makes sense. But then they add that they "may collect the content and information you make available using our video chat feature" which makes us think the contents of those video chats are not totally private. Aside from the information you have to give about yourself and how you interact with other bagels (or is it coffees?) you might include more information when creating your profile: Your occupation, ethnicity, religion, political views, information relating to your sex life, and more. Providing that information, CoffeeMeetsBagel's privacy policy says counts as "explicitly consent[ing]" that it be used for matching purposes. Alrighty.
On top of all that, CMB can collect some data from Facebook, if you choose to connect your account. And from the way the privacy policy is worded, it seems like that might be required sometimes. Things like "your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends". When you connect dating apps to social media, that can open the door for both apps to exchange information about you. That's why we don't recommend doing that. CMB can collect data from other third parties too.
That's a lot of personal information for a company with a not-so-great security track record to have about you. Worse, we couldn't confirm whether the app meets our Minimum Security Standards because we couldn't determine whether or not they use encryption and whether they have a way to manage security vulnerabilities. We did email them to ask, we promise. But, alas, we never heard back from them. All this makes it extra worrisome to us that CMB's privacy policy doesn't seem to guarantee all uses the same rights to have their data deleted.
What could go wrong with CoffeeMeetsBagel? Well it would be very disappointing but not that surprising if they had another data breach that exposed their users' private information. Imagine the whole wide internet knowing how you ~like your bagels~ so to speak.
Consejos para protegerte
- Follow CoffeeMeetsBagel's Safety Tips.
- Visit the app's privacy preferences at the app and opt out from personalized advertsing as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertisement.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
¿Me puede espiar?
Cámara
Dispositivo: No aplica
Aplicación: Sí
Micrófono
Dispositivo: No aplica
Aplicación: Sí
Rastrea la ubicación
Dispositivo: No aplica
Aplicación: Sí
¿Qué se puede usar para registrarse?
Correo electrónico
No
Teléfono
Sí
Cuenta de terceros
Sí
Facebook sign-up avalaible (on Android only)
¿Qué datos recopila la empresa?
Información personal
Email, phone number; Username and password, email address, zip code, birthday, gender, and gender preference; Mobile Device ID (e.g., IMEI, AD ID); Geolocation (GPS); Device Information/Specifications. Technical information about your device: type of device, web browser, operating system, IP address; Usage Information; Cookies; Web Beacons; Race, ethnicity, religion, philosophical or political views, sex life or sexual orientation, school, occupation, current city.
Información biométrica
Photos, videos
Información social
Messages; Facebook account information, including information about you and your Facebook friends who might be common Facebook friends with other Coffee Meets Bagel users.
¿Cómo utiliza la empresa estos datos?
¿Cómo puedes controlar el uso de tus datos?
¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?
In August 2023, CoffeeMeetsBagel's systems were breached by cybercriminals, who deleted company data.
In February, 2019, CoffeeMeetsBagel disclosed a data breach that leaked the personal iniformation, including name and email address, for 6 million of their uesrs. Accordoing to CoffeeMeetsBagel, the data breach happened in February 11, 2019 and they notified their users on February 14, 2019.
Información sobre privacidad infantil
¿El producto se puede usar sin conexión?
¿La información de privacidad es fácil de entender?
Enlaces a información de privacidad
¿El producto cumple nuestros estándares mínimos de seguridad?
Cifrado
We cannot confirm encryption at rest and in transit for this app.
Contraseña fuerte
Actualizaciones de seguridad
Gestiona las vulnerabilidades
Política de privacidad
The app uses a deep neural network to curate matches for users.
¿Es poco confiable esta IA?
¿Qué tipo de decisiones toma la IA acerca de ti o por ti?
¿La empresa es transparente acerca del funcionamiento de la IA?
¿Tiene el usuario control sobre las características de la IA?
Profundiza más
-
How Coffee Meets Bagel leverages data and AI for loveCIO Dive
-
Coffee Meets Bagel says recent outage caused by destructive cyberattackBleeping Computer
-
Dating App Coffee Meets Bagel Sends Valentine’s Day Alert About Data BreachFortune
Comentarios
¿Tienes algún comentario? Queremos escucharte.