When we reviewed dating apps for the first time back in 2021, they did not do well against our privacy and security criteria. This time, our research shows they've gotten even worse for your privacy. And in 2024, the stakes are much higher.
Dating apps claim the more personal data you share, the more likely you are to find love. We have no way of knowing if that’s true. What we do know is that most dating apps fail spectacularly at protecting that information.
Misha Rykov, Researcher @ *Privacy Not Included
Like romantic AI chatbots, the nature of dating apps means they probably need to collect some sensitive and personal information from you. Fine! But we learned that companies often take advantage of that and use your personal information for reasons unrelated to love. They often say they can share it, sell it, or just don’t do the bare minimum to keep that data secure. At a time when the popularity of AI integration and AI-powered deepfakes means we need better privacy protections, dating apps seem to be doubling down on their bad-for-privacy practices. Dating apps just can’t get enough of your data!
Twenty two of the 25 (88%) dating apps we reviewed come with *Privacy Not Included.
“Share more about yourself,” “Answer more questions,” “Update your profile frequently” to get more matches, says OkCupid. And photos? “The More, the Better.” The amount of information most dating apps want from you is intense.
You might be asked how you’d react to slipping on a banana peel, whether your parents are divorced, or if you’ve ever asked for the manager as part of an unskippable setup questionnaire. And that’s before you’re asked to fill up your profile with photos, videos, “voice content”, and a treasure trove of other personal details that can be collected by the app. Those tidbits might include your religion, race, ethnicity, political views, sexuality, HIV status, weight and even information about your “sexual life experiences” according to the apps’ privacy policies. That last one is a new one, even for us! Most of the dating apps we reviewed now also kindly request your biometric information, if you want “verified status” to show other users you’re really you.
In their privacy policies, often the companies say that providing all this information is optional. And sometimes that’s true! Other times that’s a bit misleading, like when Tinder says they only collect your precise geolocation “with your consent” but the app won’t work without it. Ah, the ‘ol “if you don’t like it you can leave” consent model. We know it well.
There’s more information the companies can collect that you might not even realize you’re sharing like the “content and information you make available using [the] video chat feature”. Huh? It sounds like CoffeeMeetsBagel collects your video chats, but we’re still not sure. There’s also your DMs (usually for safety’s sake), and everything you do on the app. Yep, that’s every swipe you take, every match you make.
On top of all that, there’s more data that you almost definitely don’t know about like information that’s collected from third-parties, your device, or taken from your photos. About 25% of the apps collect metadata from your content -- which is information in the files about when the photo (or video) was taken, where, and what day. Others say they can scan your content for information using third party services to "help identify your interests and activities—such as if your photo includes pets, sports or trips—and to help [them] provide better matches for you." That seems unnecessary, especially when users are already asked about those things. But using some of your data to guess more data about you is pretty common -- 64% of the apps’ privacy policies mention creating “inferences” about you, usually to target you with more ads or services to get more of your money.
When dating apps encourage you to share, they usually say it’s so that their magic matching algorithm can find you more compatible friends or lovers. But that’s not all dating apps do with your data. Most dating apps (80%) may share or sell your personal information for advertising. And sometimes it’s not even clear to us whether your personal information is being sold or not (ahem, Bumble). It’s a bit strange because -- except for the totally “free” Facebook Dating -- all of the other apps work on a subscription model. So with dating apps, it’s not your money or your privacy. It’s often both.
We also couldn’t confirm whether half (52%) of the apps do the bare minimum to keep all your personal information safe, by meeting our Minimum Security Standards. So it’s also not surprising that the same number of apps (52%) earn our bad track record “ding” for a data breach, leak, or hack in the past three years. And those breaches have been… really bad. Like when location data from gay dating app Grindr ended up in data brokers’ hands and was purchased by a Catholic group in the US to monitor members of their clergy. Ouff.
Half of the dating apps we reviewed are already using artificial intelligence, for reasons that range from potentially good (like Bumble’s Deception Detector), to a little silly (like Tinder’s profile picture selector), to potentially bad (like many of the apps’ possibly discriminatory matching algorithms). But it seems like that’s just the beginning of dating apps’ plans for AI integration. That worries us because generative AI is a privacy minefield that we’re not confident already bad-at-privacy dating apps can handle.
The biggest dating app company in the world, Match Group, said in a letter to shareholders last year that they plan on “benefit[ting] from advances in AI” and hired a whole new team to work on AI-focused projects. In February, they started a partnership with ChatGPT, promising to “keep things safe and secure,” “with all the privacy bells and whistles in place.” But around here, Match Group is better known for privacy dings than bells and whistles. And their relationship with AI has already raised some red flags. Like when, in 2022, the US Federal Trade Commission (FTC) had to file a petition to learn more about a data-sharing deal that reportedly used images from Match-Group-owned OkCupid to train facial recognition software without users’ knowledge or consent. Yikes.
Grindr, one of the most popular dating apps targeting men seeking men, also announced plans to roll out “innovative artificial intelligence-based features” while saying their “commitment to safeguarding privacy” will be unchanged. Hmm. A promise not to change doesn’t bring us much comfort coming from an app with such a bad track record for protecting users’ privacy. A recent investigation says Grindr might be planning to use in-app chats to train some of those AI features in the future, such as a paywalled chatbot boyfriend -- a product with even more unique privacy challenges.
With AI in the mix, we’re dealing with a whole ‘nother level of potential privacy problems. We may even need more data privacy dings to address them all -- stay tuned for that. In the meantime…
- One app had NO privacy policy
We couldn’t find an English privacy policy for Lovoo even though it’s available for download in English-speaking countries like the US, Canada and the UK. If you speak German, there’s a privacy policy for you. But if English is your only language, no privacy policy love for you!
- About half of the apps are owned by just two companies
Match Group owns Tinder, OkCupid, Match, Hinge, Plenty of Fish, BlackPeopleMeet, OurTime, and dozens more dating apps. Spark Network owns Christian Mingle, Jdate, Elite Singles, and Zoosk from this list. Bumble and Badoo are also owned by the same company. That means your personal data can be shared from any of the apps within their bigger company. That’s a lot of potential sharing, and that’s not good.
- Lawsuits say: love is a losing game
On Valentine’s Day (aww!) Match Group was sued for “lock[ing] users into a pay-to-play loop that prioritizes corporate profits over its marketing promises and customers’ relationship goals.” Uh oh. OK-at-privacy eHarmony was also accused of “manipulative selling practices” that laid a “subscription trap” for users.
- AI is not-so-smart when it comes to matching humans
Tinder, OkCupid, Facebook Dating, Happn, CoffeeMeetsBagel, and Tantan all use AI in their matching algorithms. With little information about how these algorithms work, we’re worried they could double-down on real-world biases in dating like sexual racism and fatphobia -- stripping away users’ actual preferences where it really matters. We are all so much more than the sum of our swipes!
- Swindlers and romance-scammers are on the rise
Romance scammers use fake dating app profiles to target unsuspecting app users, pretending to be interested in your heart when what they really want is your money. They’re a huge problem worldwide with the United States’ Federal Trade Commission reporting that consumers lost millions of dollars to those scams in 2023. Although probably no app is immune, scams from Tinder, Tantan, Zoosk, Facebook Dating and Lovoo made the news recently.
- Online aliases are back!
Muzz and Her say in their privacy policies that daters can use nicknames or aliases on their apps. That’s cool!
If you identify as LGBTQ+ and are looking for community, you’re in luck. Queer-owned and operated app Lex is the only dating app we reviewed that earns a thumbs up from us. eHarmony and Happn are also OK! They’re not the best but they at least didn’t earn the *Privacy Not Included warning label because they seem to respect and protect your personal information a little better than the others.
If none of those apps speak to you, we recommend reading the reviews. There is some nuance between all the apps. It’s worth seeing for yourself if the risk to your privacy is worth it to you. The things we do for love, right? (Be warned though, it seems like dating apps might not deliver on that.)
For all dating apps, here are our top three privacy tips:
- Treat your dating profile more like your LinkedIn profile -- assume it could be seen by anyone and only post photos and details you’re OK with being public.
- Don’t log in with third party accounts and don’t link your social media accounts to your profile. That invites even more sharing of your personal information across more places that don’t always do a good job with it.
- Limit app permissions where possible from your device settings (like your location, address book, and camera roll). The less you share, the better!
You can find more detailed privacy advice under each of the reviews, too. But hey, wouldn’t it be cool if all apps everywhere were held to a higher standard of privacy by default? It sure would make our job less sad and life easier for all of us. If you agree, join us!
Jen Caltrider
During a rather unplanned stint working on my Master’s degree in Artificial Intelligence, I quickly discovered I’m much better at telling stories than writing code. This discovery led to an interesting career as a journalist covering technology at CNN. My true passion in life has always been to leave the world a little better than I found it. Which is why I created and lead Mozilla's *Privacy Not Included work to fight for better privacy for us all.
Misha Rykov
Kyiv-native and Berlin-based, Misha worked in big tech and security consulting, before joining Mozilla's privacy effort. Misha loves investigative storytelling and hates messy privacy policies. Misha is an advocate for stronger and smarter privacy regulations, as well as for safer Internet.
Zoë MacDonald
Zoë is a writer and digital strategist based in Toronto, Canada. Before her passion for digital rights led her to Mozilla and *Privacy Not Included, she wrote about cybersecurity and e-commerce. When she’s not being a privacy nerd at work, she’s side-eyeing smart devices at home.