Aviso: *Privacidade não incluída neste produto

TanTan

Tantan Cultural Development Beijing Limited

WiFi

Data da avaliação: 15 de Março de 2024

Opinião da Mozilla

TanTan was founded in 2014 with an ambitious plan: to solve the modern dating dilemma and cater to the needs of millenials. The Beijing-based app, which is sometimes nicknamed Chinese Tinder, also claims to host the largest community of Asian singles in the world. They say they use a powerful moderation system that keeps TanTan free of bots and fakers. A quick look at their App Store reviews suggest it might not be that simple. The app works pretty much the same way that many dating apps do these days. Build a profile then get to swiping. Swipe left if you're not interested, swipe right if you are. When you swipe right on someone who swiped right on you, you have a chance to chat. VIPs or paid members have more options -- like changing their location to explore single Asians around the world. With TanTan, 2024 could be the year you meet your #BaeGoals, so says their website. So, how is TanTan's privacy? Well, we'd recommend swiping left on it, as it doesn't seem great at all.

O que pode acontecer se algo der errado?

We have too many unanswered questions about ten-year-old "Chinese Tinder," Tantan. We can't confirm whether the app meets our Minimum Security Standards, we're unclear about how the app shares (or sells?) your personal data, and we're not sure if all users can get that data deleted.

On top of that, we have some serious concerns about the long list of exceptions for which TanTan's privacy policy says they can share your personal data without your consent -- things like "national security," "significant public interests," and this quite vague catch all reason, "the personal information is collected for the protection of the life, property and other significant legitimate rights and interests of the subject of the personal information or another person, and it is difficult to obtain your consent." Geesh!

Tantan's privacy policy is not that detailed about the data the app can collect. It does mention the basics, like your email and phone number, as well as some profile information, like your nickname and gender. It also says they may collect "facial recognition information" (which sounds like it could be biometric information) if you use their "facial recognition service" -- and we're not sure if using that feature is optional. Like most dating apps, Tantan also collects information automatically from your device (including geolocation) and about how you use the service. We'd like to see a little more detail here so that we could find out if something that TanTan was called out for back in 2019 is still true -- that Tantan reportedly asks for "excessive data access and making this access a condition for being able to use the app". That sure doesn't sound good. And that came after Tantan promised to tighten security following a 2015 investigation showing Tantan didn't use encryption for communication between the app and server. Because the data was sent unprotected, users' personal information, passwords, messages, and in-app activity could easily have been stolen in transit. Yikes.

We're also curious about something we read back in 2018 that suggests Tantan uses artificial intelligence for matching and ad targeting. If that's still happening, we'd like to know more about how the AI works, whether users have the option to opt out, and whether any personal information can be used for training. But, again, we didn't find the answers on Tantan's website.

And as for Tantan's data-sharing, we're a little unclear on that too. It says they can share your personal information with "affiliates" and "authorized partners that provide support to [Tantan's] business." Hmm. "Support" seems pretty broad. The privacy policy lists some examples of what that support can include, like "measuring the effectiveness of ads" and "carrying out academic research and surveys", but also says it "is not limited" to those examples. See, so many questions left unanswered in their privacy policy.

Can we at least say for sure that Tantan delete your personal information if you ask them to? No, we can't. There are some situations where you can "request" that your personal data be deleted, like if the processing of it is against the law, if you no longer want to use the service, or if Tantan didn't get your express consent to collect your data in the first place. That almost sounds reasonable -- even though we don't think there should be any conditions at all to meet to get your own data deleted -- but then the privacy policy says "[i]f we decide to respond to your request for deletion..." oh. OK. So you can only ask for your personal data to be deleted in certains situations and you might be ignored anyway. Cool cool cool.

Finally, we couldn't confirm if Tantan has a way of managing security vulnerabilities. That means we can't confirm whether the app meets our Minimum Security Standards. Ouff. We think China's second most popular dating app Tantan can do better! On top of their privacy and security problems, we should also point out that just like the other Tinder, Tantan's been known to attract romance and investment scams, though that's true of most dating apps with millions of users. Still, that's another risk with Tantan. So what could go wrong with Tantan? Since the app can share your personal data with authorized partners for "carrying out academic research," your super witty profile could be studied and held up as a paragon in academic circles -- setting the bar way too high for the average swiper. Or, all your very personal dating information could just be shared with who knows who because someone, somewhere determined in was a matter of national security or in the public interest. Yeah, no, that doesn't sound good to us.

Dicas para se proteger

- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.

mobile

Pode me bisbilhotar?

Câmera

Dispositivo: Não aplicável

Aplicativo: Sim

Microfone

Dispositivo: Não aplicável

Aplicativo: Sim

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Sim

O que pode ser usado para se inscrever?

Facebook sign-up is available

Que dados a empresa coleta?

Pessoal

Mobile phone number, email address, profile photo, nickname, gender, username, WeChat account, bank card number, Alipay account; device model, operating system version, device settings, unique device identifier, software and hardware features, location of the device, IP address, GPS location, Wi-Fi access point, Bluetooth, base station, other sensor information; device information, log information; Cookies, web beacons, pixel tags.

Como a empresa usa esses dados?

We ding this product as it is unclear to us from their privacy policy how the data is being shared/sold. Also, the list of exemptions of when the company says they can share your personal information without your consent is long and worrisome to us.

Privacy policy

"Sharing
We will not share your personal information with any company, organization and individual other than the service providers of Tantan, except in the following circumstances.

3.1.1 Sharing upon obtaining your express consent: we will share your personal information with another party upon obtaining your express consent.

3.1.2 Sharing when required by law: we may externally share your personal information in accordance with the provisions of laws and legislations, based on the requirements of resolving actions and disputes or as legally required by an administrative or judicial authority.

3.1.3 Sharing with affiliates: your personal information may be shared with our affiliates to facilitate our joint provision of services to you based on the associated account, recommend information that may be of interest to you or protect the personal safety of and prevent infringement of the property of the affiliates of Tantan, other users of Tantan or the public. We will only share the necessary personal information, such as sharing your necessary account information with our affiliates to facilitate your use of the Tantan account and the products or services of the affiliates, and we will seek your authorization and consent again if we share your sensitive personal information or the affiliates change the purpose for using and processing your personal information.

3.1.4 Sharing with authorized partners:
We may send the information to the suppliers, service providers and other partners that provide support to our businesses, where such support includes but is not limited to providing technical infrastructure services, analyzing how our services are used, measuring the effectiveness of advertisements and services, providing customer service, facilitating payments or carrying out academic research and surveys. We will enter into strict data protection agreements with companies, organizations and individuals with which and whom we share personal information and require them to process the personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.

We may send the information to the suppliers, service providers and other partners that provide support to our businesses, where such support includes but is not limited to providing technical infrastructure services, analyzing how our services are used, measuring the effectiveness of advertisements and services, providing customer service, facilitating payments or carrying out academic research and surveys. We will enter into strict data protection agreements with companies, organizations and individuals with which and whom we share personal information and require them to process the personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures."

"We will not transfer your personal information to any company, organization and individual, except in the following circumstances.

(I) Transferring upon obtaining your express consent: we will transfer your personal information to another party upon obtaining your express consent.

(II) In the case of a merger, acquisition or bankruptcy liquidation, or in other circumstances involving a merger, acquisition or bankruptcy liquidation, if the transfer of personal information is involved, we will require the new company and organization holding your personal information to continue to be bound by this Policy, otherwise, we will require such company, organization and individual to seek your authorization and consent again."

"To improve the security of your use of the services provided by us and our affiliates and partners, protect the personal safety of and prevent infringement of the property of yourself, other users, or the public, take better measures against phishing websites, fraud, network vulnerabilities, computer viruses, cyberattacks, network intrusions and other security risks, and more accurately recognize violations of laws and legislations or the provisions of relevant agreements and regulations of Tantan,we may use or combine your user information, transaction information, device information, related network logs and information shared by our affiliates and partners with your authorization or in accordance with the law to comprehensively determine your account and transaction risks, conduct identity verification, detect and prevent security incidents, and conduct the necessary recording, audit, analysis and disposal measures in accordance with the law."

"We are not required to obtain your prior authorization and consent when sharing, transferring and publicly disclosing your personal information in the following circumstances:
(I) the personal information is related to national security and the security of national defense;
(II) the personal information is related to public security, public health and significant public interests;
(III) the personal information is related to the investigation of a crime, prosecutions, trials, judgment executions, etc.;
(IV) the personal information is collected for the protection of the life, property and other significant legitimate rights and interests of the subject of the personal information or another person, and it is difficult to obtain your consent;
(V) the personal information that is collected has been publicly disclosed to the general public at your own discretion;
(VI) the personal information is information that has been lawfully and publicly disclosed, such as lawful news reports, government information disclosures and other channels;

In accordance with laws and legislations, the sharing and transfer of personal information that has been de-identified with the condition that the data recipient cannot restore and re-identify the subject of the personal information shall not constitute sharing, transfer and public disclosure of personal information, and we are not required to notify you or seek your consent when storing and processing such data."

Como você pode controlar seus dados?

We cannot confirm if all users, regardless of location, can get their data deleted.

"You can delete part of your personal information through the approach specified in Clause '(5.1) Accessing Your Personal Information' in this section. You can request us to delete the personal information in the following circumstances: You can delete part of your personal information through the approach specified in Clause '(5.1) Accessing Your Personal Information' in this section. You can request us to delete the personal information in the following circumstances:

(I) if our processing of personal information violates laws and legislations;

(II) if we collect and use your personal information without obtaining your express consent;

(III) if our processing of the personal information is in material breach of our agreement with you;

(IV) if you no longer use our products or services;

(V) if we will never provide you with products or services again.

If we decide to respond to your request for deletion, we will also exercise our best efforts to notify the parties who have obtained your personal information from us, and request them to delete the personal information in a timely manner, except as otherwise provided for by laws and legislations, or when these parties have obtained your separate authorization.

When you delete the information from our services, we may not immediately delete the corresponding information in the backup system, but will delete such information when the backup is updated."

"We will exercise our best efforts to avoid collecting irrelevant personal information by taking reasonably practicable measures. We will only retain your personal information for as long as necessary to fulfill the purposes set forth in this Policy, except where it is necessary to prolong the retention period or permitted by law."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known data breaches discovered in the last three years.

However, in 2019, the app was called out by the Chinese Interagency group for asking users for excessive data access and making this access a condition for being able to use the app.

In 2015, TanTan was caught not using HTTPS to encrypt traffic and thus exposing almost all the user's personal data in its traffic.

In addition, Tan Tan has been used for scamming. Please be careful when a person you have never met IRL asks for money on a dating app.

Informações de privacidade infantil

"A minor must not create his or her own user account without the consent of his or her parent or guardian. If you are a minor, we recommend that you ask your parent or guardian to read this Privacy Policy carefully, and obtain the consent of your parent or guardian before using our services or providing us with information.

In the case that we collect the personal information of a minor who uses our products or services with the consent of his or her parent or guardian, we will only use, share, transfer or disclose such information as permitted by laws and legislations, with the express consent of the parent or guardian, or where necessary for the protection of minors."

Este produto pode ser usado offline?

Não

Informações de privacidade fáceis de entender?

Não

Links para informações de privacidade

Tantan Privacy Policy

Este produto atende aos nossos padrões mínimos de segurança?

Desconhecido

Criptografia

Sim

"Data exchanged between your browser and the server is encrypted with the SSL (Secure Socket Layer) protocol; we will use encryption techniques to improve the security of personal information"

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Não foi possível determinar

Política de privacidade

Sim

O produto usa inteligência artificial?

Sim

Tantan uses AI for its matching algorithm.

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

A empresa é transparente sobre como funciona a inteligência artificial?

Não foi possível determinar

O usuário tem controle sobre os recursos da inteligência artificial?

Não foi possível determinar

Mergulhe mais fundo

China’s Tinder embraces AI as it eyes growth from the country’s singles
South China Morning Post
Coffee Meets Bagel, Tantan dating app users duped into 'investment opportunities' by scammers
Stomp
Woman transfers $400,000 to man she met on dating app, he then becomes uncontactable
Stomp
Tantan dating app removed from Chinese app stores
ZDNET
Chinese Interagency Group Calls Out Apps for Illegally Collecting User Data
DigiChina
Chinese Tinder Clone Discloses All Your Personal Data and Dating Habits
Softpedia
Dating Apps Thrive in China, but Not Just for Romance
The New York Times