Coffee Meets Bagel

Aviso: *Privacidade não incluída neste produto

Aplicativos de namoro Dia dos namorados

Coffee Meets Bagel

Coffee Meets Bagel, Inc
WiFi

Data da avaliação: 15 de Março de 2024

|
A Mozilla investigou por 8 horas
|

Opinião da Mozilla

|
Votos das pessoas: Muito assustador

For online dating done a little differently, there's Coffee Meets Bagel, a dating service founded by three sisters and launched in 2012. The idea behind Coffee Meets Bagel is you don't swipe around looking for matches. Instead, the app uses your "must-haves" to send you matches curated to your tastes everyday at noon. It gets a little complicated as men get 21 curated matches (or bagels as they awkwardly call them) and have 24 hours to pass or like. Women get 6 matches of people who have liked them. Or something like that, it's a bit confusing. If putting your profile up for everyone on a dating app to see makes you nervous, Coffee Meets Bagel could be good for you because users can't search your profile out. Only users who have matched with you will be sent your profile to view. And hey, if you buy "beans" to spend on "likes" you might find a partner faster, saving you the trouble of having to learn about confusing dating app rules and currencies again. So, how is Coffee Meets Bagel at privacy? Well, we could say their privacy is a bit like a cup of bad coffee -- weak and puzzling.

O que pode acontecer se algo der errado?

Back in 2019, CoffeeMeetsBagel was forced to send out an email on Valentine’s Day admitting the personal information of six million of their users was hacked, stolen, and put up for sale on the dark web. Not a great way to show their users love, but at least they notified their users pretty quickly of this data breach. And they did take measures to tighten their security after that. It might not have been enough though because in August of 2023, CMB had more bad news for their users: that an app outage was the result of a cyberattack. The company's systems were breached and some data was deleted. Today, we aren't able to confirm whether CoffeeMeetsBagel meets our Minimum Security Standards. All in all, we have some concerns about their security. Which isn't good.

Because they also have some work to do on their privacy policies. Coffee Meets Bagel says in their privacy policy they can use your personal information for research and share it with third-parties for things like targeted advertising. That's a shame because CMB, like most dating apps, can collect a lot of personal information about you. You have to provide your email address, zip code, birthday, gender, and gender preference, and potentially your biometric data for account verification. You'll also be asked to upload photos of yourself. If you do, the data collected will "include location metadata and inferred characterizations or data" in those image files. CMB then goes on to add that they can draw inferences about your for all the personal information they collect to create a profile on you as a consumer and then share those inferences with third parties for advertising purposes. Yuck!

Here's another potential yuck. CMB also says that if you use the video chat feature, you'll need to give access to your microphone and camera. That makes sense. But then they add that they "may collect the content and information you make available using our video chat feature" which makes us think the contents of those video chats are not totally private. Aside from the information you have to give about yourself and how you interact with other bagels (or is it coffees?) you might include more information when creating your profile: Your occupation, ethnicity, religion, political views, information relating to your sex life, and more. Providing that information, CoffeeMeetsBagel's privacy policy says counts as "explicitly consent[ing]" that it be used for matching purposes. Alrighty.

On top of all that, CMB can collect some data from Facebook, if you choose to connect your account. And from the way the privacy policy is worded, it seems like that might be required sometimes. Things like "your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends". When you connect dating apps to social media, that can open the door for both apps to exchange information about you. That's why we don't recommend doing that. CMB can collect data from other third parties too.

That's a lot of personal information for a company with a not-so-great security track record to have about you. Worse, we couldn't confirm whether the app meets our Minimum Security Standards because we couldn't determine whether or not they use encryption and whether they have a way to manage security vulnerabilities. We did email them to ask, we promise. But, alas, we never heard back from them. All this makes it extra worrisome to us that CMB's privacy policy doesn't seem to guarantee all uses the same rights to have their data deleted.

What could go wrong with CoffeeMeetsBagel? Well it would be very disappointing but not that surprising if they had another data breach that exposed their users' private information. Imagine the whole wide internet knowing how you ~like your bagels~ so to speak.

Dicas para se proteger

- Follow CoffeeMeetsBagel's Safety Tips.

- Visit the app's privacy preferences at the app and opt out from personalized advertsing as well as all non-essential data collection.

- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.

- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.

- Do not share sensitive data through the app.

- Do not give access to your photos and video or camera.

- Do not log in using third-party accounts.

- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.

- Do not give consent for sharing of personal data for marketing and advertisement.

- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.

- Do not use social media plug-ins.

- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).

- Keep your app regularly updated.

- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).

- When starting a sign-up, do not agree to tracking of your data if possible.

  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Sim

Microfone

Dispositivo: Não aplicável

Aplicativo: Sim

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Sim

O que pode ser usado para se inscrever?

Facebook sign-up avalaible (on Android only)

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product for sharing personal information as well as inferences drawn from personal information to third parties for targeted advertising purposes.

Privacy policy

"Information we obtain from other sources:

Facebook. In order to register with certain Coffee Meets Bagel apps, you may be asked to sign in using your Facebook login. If you do so, you are authorizing us to access and process certain Facebook account information, including information about you and your Facebook friends who might be common Facebook friends with other Coffee Meets Bagel users. By allowing us to access your Facebook account, you understand that we may obtain and process certain information from your Facebook account, including your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends. We only obtain information from your Facebook account that you specifically authorize and grant us permission to obtain.
Third-Party Services: We may receive the information described in this Privacy Policy from third party services, such as analytics providers and advertising partners.
Other users. Users of Coffee Meets Bagel may provide us with information about you, including through customer support inquiries."

"If you use our video chat feature, you will need to provide the Coffee Meets Bagel app with access to your camera and microphone. We and others you video chat with may collect the content and information you make available using our video chat feature."

"Pursuant to the terms of this Privacy Policy, we may use the information we collect from you for the following business purposes:
1. facilitate matches with other Coffee Meets Bagel users;
2. respond to your comments and questions and provide customer service;
3. to tailor and provide communications to you about Coffee Meets Bagel and related offers, promotions, advertising, news, upcoming events, and other information we think will be of interest to you;
4. monitor and analyze trends, usage and activities;
5. investigate and prevent fraud and other illegal activities;
6. provide, maintain, and improve Coffee Meets Bagel and our overall business;
7. where we otherwise have a legitimate interest in doing so, for example, direct marketing, research (including marketing research), network and information security, fraud prevention, and enforcing our terms, conditions and policies or defending against legal claims; and
8. for any purposes disclosed to you at the time we collect your information or pursuant to your consent."

"Use for Research. In addition to the uses outlined above, by using Coffee Meets Bagel, you agree to allow us to anonymously use the information from you and your experiences to continue our research into successful relationships, including how to create and foster these relationships, so that we may continue to improve the Coffee Meets Bagel experience. This research may be published in our blogs or interviews. However, all of your responses will be kept anonymous, and we assure you that no personal information will be published."

"Unless otherwise stated in this Privacy Policy, Coffee Meets Bagel does not sell personal information to third parties. Coffee Meets Bagel does permit third parties to collect the personal information described above through our service and shares personal information with third parties for business purposes as described in this Privacy Policy, including but not limited to providing advertising outside of our service based on users’ online activities over time and across different sites, services, and devices (so-called “interest-based advertising”). The information practices of these third parties are not covered by this Policy."

"“Do Not Track.” Some browsers transmit “do-not-track” signals to websites. Because of differences in how browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals."

Supplemental Notice for California Residents

CoffeeMeetsBagel shares the following categories of information with advertising partners: "identifiers", "commercial information", "internet or other electronic network activity", "inferences drawn from other personal information to create a profile about a consumer".

"“Sales” of Personal Information under the CCPA. For purposes of the CCPA, Coffee Meets Bagel does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age."

How do I create a Coffee Meets Bagel account?

"We will never share your phone number or access your Facebook data without your permission."

Como você pode controlar seus dados?

We ding this product as it is unclear if all users, regardless of location, can get their data deleted.

Privacy policy

"In accordance with applicable law, you may have the right to:

Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; or (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (aka the right of data portability);

Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;

Request Deletion of your personal information;

Request Restriction of or Object to our processing of your personal information; and

Withdraw Your Consent to our processing of your personal information.

If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws."

"Data Retention

Coffee Meets Bagel retains the personal information we receive as described in this Privacy Policy for as long as you use our services or as necessary to fulfill the purpose(s) for which it was collected, provide our services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. As outlined above, Coffee Meets Bagel works with a third-party identity verification company, Persona, to use biometric identifiers and associated information for photo verification. Biometric data will be destroyed when the verification purposes have been satisfied, within no more than 3 years of your last interaction with Persona, unless otherwise required by law or legal process to retain the data."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Precisa de melhorias

In August 2023, CoffeeMeetsBagel's systems were breached by cybercriminals, who deleted company data.

In February, 2019, CoffeeMeetsBagel disclosed a data breach that leaked the personal iniformation, including name and email address, for 6 million of their uesrs. Accordoing to CoffeeMeetsBagel, the data breach happened in February 11, 2019 and they notified their users on February 14, 2019.

Informações de privacidade infantil

"You must be at least 18 to use the Services."

Este produto pode ser usado offline?

Não

Informações de privacidade fáceis de entender?

Não

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Desconhecido

Criptografia

Não foi possível determinar

We cannot confirm encryption at rest and in transit for this app.

Senha forte

Não aplicável

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Não foi possível determinar

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Sim

The app uses a deep neural network to curate matches for users.

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

The app generates potential matches for users.

A empresa é transparente sobre como funciona a inteligência artificial?

Não foi possível determinar

O usuário tem controle sobre os recursos da inteligência artificial?

Não foi possível determinar

*Privacidade não incluída

Mergulhe mais fundo

  • How Coffee Meets Bagel leverages data and AI for love
    CIO Dive O link é aberto em uma nova aba
  • Coffee Meets Bagel says recent outage caused by destructive cyberattack
    Bleeping Computer O link é aberto em uma nova aba
  • Dating App Coffee Meets Bagel Sends Valentine’s Day Alert About Data Breach
    Fortune O link é aberto em uma nova aba

Comentários

Tem um comentário a fazer? Nos diga.