Coffee Meets Bagel

Waarschuwing: *Privacy niet inbegrepen bij dit product

Dating-apps Valentijnsdag

Coffee Meets Bagel

Coffee Meets Bagel, Inc
Wifi

Beoordelingsdatum: 15 maart 2024

|
Mozilla onderzocht 8 uur
|

Mozilla zegt

|
Mensen stemden op: Heel griezelig

For online dating done a little differently, there's Coffee Meets Bagel, a dating service founded by three sisters and launched in 2012. The idea behind Coffee Meets Bagel is you don't swipe around looking for matches. Instead, the app uses your "must-haves" to send you matches curated to your tastes everyday at noon. It gets a little complicated as men get 21 curated matches (or bagels as they awkwardly call them) and have 24 hours to pass or like. Women get 6 matches of people who have liked them. Or something like that, it's a bit confusing. If putting your profile up for everyone on a dating app to see makes you nervous, Coffee Meets Bagel could be good for you because users can't search your profile out. Only users who have matched with you will be sent your profile to view. And hey, if you buy "beans" to spend on "likes" you might find a partner faster, saving you the trouble of having to learn about confusing dating app rules and currencies again. So, how is Coffee Meets Bagel at privacy? Well, we could say their privacy is a bit like a cup of bad coffee -- weak and puzzling.

Wat kan er gebeuren als er iets misgaat?

Back in 2019, CoffeeMeetsBagel was forced to send out an email on Valentine’s Day admitting the personal information of six million of their users was hacked, stolen, and put up for sale on the dark web. Not a great way to show their users love, but at least they notified their users pretty quickly of this data breach. And they did take measures to tighten their security after that. It might not have been enough though because in August of 2023, CMB had more bad news for their users: that an app outage was the result of a cyberattack. The company's systems were breached and some data was deleted. Today, we aren't able to confirm whether CoffeeMeetsBagel meets our Minimum Security Standards. All in all, we have some concerns about their security. Which isn't good.

Because they also have some work to do on their privacy policies. Coffee Meets Bagel says in their privacy policy they can use your personal information for research and share it with third-parties for things like targeted advertising. That's a shame because CMB, like most dating apps, can collect a lot of personal information about you. You have to provide your email address, zip code, birthday, gender, and gender preference, and potentially your biometric data for account verification. You'll also be asked to upload photos of yourself. If you do, the data collected will "include location metadata and inferred characterizations or data" in those image files. CMB then goes on to add that they can draw inferences about your for all the personal information they collect to create a profile on you as a consumer and then share those inferences with third parties for advertising purposes. Yuck!

Here's another potential yuck. CMB also says that if you use the video chat feature, you'll need to give access to your microphone and camera. That makes sense. But then they add that they "may collect the content and information you make available using our video chat feature" which makes us think the contents of those video chats are not totally private. Aside from the information you have to give about yourself and how you interact with other bagels (or is it coffees?) you might include more information when creating your profile: Your occupation, ethnicity, religion, political views, information relating to your sex life, and more. Providing that information, CoffeeMeetsBagel's privacy policy says counts as "explicitly consent[ing]" that it be used for matching purposes. Alrighty.

On top of all that, CMB can collect some data from Facebook, if you choose to connect your account. And from the way the privacy policy is worded, it seems like that might be required sometimes. Things like "your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends". When you connect dating apps to social media, that can open the door for both apps to exchange information about you. That's why we don't recommend doing that. CMB can collect data from other third parties too.

That's a lot of personal information for a company with a not-so-great security track record to have about you. Worse, we couldn't confirm whether the app meets our Minimum Security Standards because we couldn't determine whether or not they use encryption and whether they have a way to manage security vulnerabilities. We did email them to ask, we promise. But, alas, we never heard back from them. All this makes it extra worrisome to us that CMB's privacy policy doesn't seem to guarantee all uses the same rights to have their data deleted.

What could go wrong with CoffeeMeetsBagel? Well it would be very disappointing but not that surprising if they had another data breach that exposed their users' private information. Imagine the whole wide internet knowing how you ~like your bagels~ so to speak.

Tips om uzelf te beschermen

- Follow CoffeeMeetsBagel's Safety Tips.

- Visit the app's privacy preferences at the app and opt out from personalized advertsing as well as all non-essential data collection.

- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.

- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.

- Do not share sensitive data through the app.

- Do not give access to your photos and video or camera.

- Do not log in using third-party accounts.

- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.

- Do not give consent for sharing of personal data for marketing and advertisement.

- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.

- Do not use social media plug-ins.

- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).

- Keep your app regularly updated.

- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).

- When starting a sign-up, do not agree to tracking of your data if possible.

  • mobile

Kan het me bespioneren? informatie

Camera

Apparaat: Niet beschikbaar

App: Ja

Microfoon

Apparaat: Niet beschikbaar

App: Ja

Volgt locatie

Apparaat: Niet beschikbaar

App: Ja

Wat is er nodig om u aan te melden?

Facebook sign-up avalaible (on Android only)

Welke gegevens verzamelt het bedrijf?

Hoe gebruikt het bedrijf deze gegevens?

We ding this product for sharing personal information as well as inferences drawn from personal information to third parties for targeted advertising purposes.

Privacy policy

"Information we obtain from other sources:

Facebook. In order to register with certain Coffee Meets Bagel apps, you may be asked to sign in using your Facebook login. If you do so, you are authorizing us to access and process certain Facebook account information, including information about you and your Facebook friends who might be common Facebook friends with other Coffee Meets Bagel users. By allowing us to access your Facebook account, you understand that we may obtain and process certain information from your Facebook account, including your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends. We only obtain information from your Facebook account that you specifically authorize and grant us permission to obtain.
Third-Party Services: We may receive the information described in this Privacy Policy from third party services, such as analytics providers and advertising partners.
Other users. Users of Coffee Meets Bagel may provide us with information about you, including through customer support inquiries."

"If you use our video chat feature, you will need to provide the Coffee Meets Bagel app with access to your camera and microphone. We and others you video chat with may collect the content and information you make available using our video chat feature."

"Pursuant to the terms of this Privacy Policy, we may use the information we collect from you for the following business purposes:
1. facilitate matches with other Coffee Meets Bagel users;
2. respond to your comments and questions and provide customer service;
3. to tailor and provide communications to you about Coffee Meets Bagel and related offers, promotions, advertising, news, upcoming events, and other information we think will be of interest to you;
4. monitor and analyze trends, usage and activities;
5. investigate and prevent fraud and other illegal activities;
6. provide, maintain, and improve Coffee Meets Bagel and our overall business;
7. where we otherwise have a legitimate interest in doing so, for example, direct marketing, research (including marketing research), network and information security, fraud prevention, and enforcing our terms, conditions and policies or defending against legal claims; and
8. for any purposes disclosed to you at the time we collect your information or pursuant to your consent."

"Use for Research. In addition to the uses outlined above, by using Coffee Meets Bagel, you agree to allow us to anonymously use the information from you and your experiences to continue our research into successful relationships, including how to create and foster these relationships, so that we may continue to improve the Coffee Meets Bagel experience. This research may be published in our blogs or interviews. However, all of your responses will be kept anonymous, and we assure you that no personal information will be published."

"Unless otherwise stated in this Privacy Policy, Coffee Meets Bagel does not sell personal information to third parties. Coffee Meets Bagel does permit third parties to collect the personal information described above through our service and shares personal information with third parties for business purposes as described in this Privacy Policy, including but not limited to providing advertising outside of our service based on users’ online activities over time and across different sites, services, and devices (so-called “interest-based advertising”). The information practices of these third parties are not covered by this Policy."

"“Do Not Track.” Some browsers transmit “do-not-track” signals to websites. Because of differences in how browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals."

Supplemental Notice for California Residents

CoffeeMeetsBagel shares the following categories of information with advertising partners: "identifiers", "commercial information", "internet or other electronic network activity", "inferences drawn from other personal information to create a profile about a consumer".

"“Sales” of Personal Information under the CCPA. For purposes of the CCPA, Coffee Meets Bagel does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age."

How do I create a Coffee Meets Bagel account?

"We will never share your phone number or access your Facebook data without your permission."

Hoe kunt u uw gegevens beheren?

We ding this product as it is unclear if all users, regardless of location, can get their data deleted.

Privacy policy

"In accordance with applicable law, you may have the right to:

Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; or (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (aka the right of data portability);

Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;

Request Deletion of your personal information;

Request Restriction of or Object to our processing of your personal information; and

Withdraw Your Consent to our processing of your personal information.

If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws."

"Data Retention

Coffee Meets Bagel retains the personal information we receive as described in this Privacy Policy for as long as you use our services or as necessary to fulfill the purpose(s) for which it was collected, provide our services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. As outlined above, Coffee Meets Bagel works with a third-party identity verification company, Persona, to use biometric identifiers and associated information for photo verification. Biometric data will be destroyed when the verification purposes have been satisfied, within no more than 3 years of your last interaction with Persona, unless otherwise required by law or legal process to retain the data."

Hoe staat het bedrijf bekend als het gaat om het beschermen van gebruikersgegevens?

Verbetering nodig

In August 2023, CoffeeMeetsBagel's systems were breached by cybercriminals, who deleted company data.

In February, 2019, CoffeeMeetsBagel disclosed a data breach that leaked the personal iniformation, including name and email address, for 6 million of their uesrs. Accordoing to CoffeeMeetsBagel, the data breach happened in February 11, 2019 and they notified their users on February 14, 2019.

Privacyinformatie voor kinderen

"You must be at least 18 to use the Services."

Kan dit product offline worden gebruikt?

Nee

Gebruikersvriendelijke privacy-informatie?

Nee

Koppelingen naar privacy-informatie

Voldoet dit product aan onze minimale beveiligingsnormen? informatie

Onbekend

Versleuteling

Kan niet bepalen

We cannot confirm encryption at rest and in transit for this app.

Sterk wachtwoord

Niet beschikbaar

Beveiligingsupdates

Ja

Beheert kwetsbaarheden

Kan niet bepalen

Privacybeleid

Ja

Gebruikt het product AI? informatie

Ja

The app uses a deep neural network to curate matches for users.

Is deze AI onbetrouwbaar?

Kan niet bepalen

Wat voor soort beslissingen neemt de AI over u of voor u?

The app generates potential matches for users.

Is het bedrijf transparant over hoe de AI werkt?

Kan niet bepalen

Heeft de gebruiker controle over de AI-functies?

Kan niet bepalen

*Privacy niet inbegrepen

Dieper duiken

  • How Coffee Meets Bagel leverages data and AI for love
    CIO Dive Koppeling opent in een nieuw tabblad
  • Coffee Meets Bagel says recent outage caused by destructive cyberattack
    Bleeping Computer Koppeling opent in een nieuw tabblad
  • Dating App Coffee Meets Bagel Sends Valentine’s Day Alert About Data Breach
    Fortune Koppeling opent in een nieuw tabblad

Opmerkingen

Hebt u een opmerking? Laat het ons weten.