This Pride month, we’re calling on the dating app Grindr to prioritize LGBTQ+ user safety by making privacy the default across its platform. That means no more sharing personal data with advertisers or training AI on private information without users’ opt-in consent.
Grindr is a dating app for the LGBTQ+ community; and for queer people, privacy violations can have life-altering consequences. Information that reveals someone’s sexual orientation, gender identity, or HIV status can be used by employers, governments, family members, scammers, or bad actors to inflict harassment, discrimination, arrest, or violence. For example, data from Grindr and other gay dating apps was sold by data brokers and used to ‘out’ (the act of disclosing someone’s sexual orientation without permission) a gay priest in 2021.
Despite being the world’s most popular gay dating app, Grindr has repeatedly mishandled users’ sensitive data. Grindr has been caught sharing users’ HIV status and precise location with advertisers without obtaining valid consent, resulting in reprimands and fines in several countries. Its former Chief Privacy Officer even sued, alleging the company fired him for raising concerns about Grindr prioritizing “profit over privacy.”
Grindr ended several of its most egregious data sharing practices after they were exposed. But more changes are needed if Grindr wants to earn back trust and prove its commitment to users’ privacy and safety. This Pride month, we’re calling on Grindr to make privacy the default and ensure the immediate implementation of two changes to better protect its users:
Opt Users Out of Behavioral Advertising by Default
Grindr currently allows users to opt out of behavioral advertising, but that protection is not enabled automatically (except in some unspecified regions). As we’ve long warned, behavioral advertising relies on the collection and sharing of personal data across a vast network of advertisers, intermediaries, and data brokers. Once information enters this ecosystem, users have little control over where it goes or how it is used: people’s most private and intimate information can be aggregated, sold, and combined with information from other sources to create detailed personal profiles.
By default, Grindr appears to share data with numerous advertising and tracking companies. Using TrackerControl, an app developed by privacy researcher Konrad Kollnig, we recorded Grindr contacting 20 third-party tracking domains during 15 minutes of app activity (see Grindr_TrackerControl_06-23-2026.csv for exported results). TrackerControl observed Grindr contacting Big Tech companies and ad-tech intermediaries, many of which have faced significant legal scrutiny for privacy violations. Several of these companies auction off ad space through a process called “real-time bidding,” which can expose user data to hundreds of additional companies and be exploited by data brokers.
The dangers of Grindr’s default settings exposing users’ personal data to this ecosystem are not hypothetical. Between approximately 2017 to 2020, a location data broker collected the precise movements of millions of Grindr users from digital advertising networks and made them available for sale. The commercially available data was allegedly so detailed that, in some cases, it could be used to infer romantic encounters between specific Grindr users.
Although Grindr has stated that it no longer shares precise location data or profile information with advertisers, it acknowledges sharing other personal data, including mobile advertising identifiers (MAIDs)—unique, persistent device IDs that allow advertising companies and data brokers to connect data about the same individual across different sources. MAIDs are not anonymous, and an entire industry exists to link them to more directly identifying information, like emails and phone numbers. According to Grindr’s privacy policy, companies receiving users’ MAIDs “are aware that such data is being transmitted from Grindr,” which could expose a users’ sexuality to the advertising and data broker ecosystem.
Opt Users Out of AI Training on Personal Data by Default
Grindr should stop training its AI models on users’ personal data without opt-in consent.
Grindr has been investing heavily in AI features as its CEO strives to make Grindr an “AI-first business.” New AI features include a wingman chatbot, profile recommendations based on users’ inferred “type”, summaries of previous interactions with other users, and AI-generated insights about other profiles (like responsiveness, typical online hours, and engagement patterns). By default, Grindr uses its users’ personal data to train the AI models behind these features.
Grindr claims to never use sensitive health information for AI training and requires users to opt-in to AI training on “special-category” data, which includes chat content and precise location. But Grindr automatically enrolls users in AI training on other private information, including profile photos, age, taps, and display names. Users must navigate several levels of Grindr settings to prevent these personal details from being used to train Grindr’s AI.
AI systems trained on personal data create new privacy risks, including the possibility that personal information may be retained, reproduced, or exposed in unexpected ways. For example, researchers have been able to extract training data from AI systems like ChatGPT.
Beyond AI training, Grindr enables AI-powered features by default and allows both “special-category” data and other personal information to be processed by those features. Even users without access to premium-subscription AI features could have their data automatically used to power those features for other users. “Behavior-based profile insights” (pictured below) could expose information that users would never choose to share publicly, like the types of people they interact with on Grindr, their typical online hours, and how often they initiate conversation with other users.
Image of the “Profile Insights” feature from a Grindr blogpost promoting its premium, AI-first subscription
Regardless of whether new AI features leak private information, users deserve meaningful control over how their personal data is used and by whom. Grindr notifies users that their personal information may be used to train AI and that they can opt out on a separate settings page, but this notice does not specify the type of data used (i.e. profile photos, taps) and it is unlikely that people carefully read or understand it. Closing the notice or clicking its only button (which is “Proceed”) maintains Grindr’s default of using personal information for AI training. To respect users’ autonomy, Grindr should require opt-in consent before training AI models on personal data.
Notice displayed in the Grindr app about the use of personal data for new AI features
Celebrate Pride by Demanding Better Privacy
Grindr must immediately stop prioritizing profits over users’ safety. The ability to opt-out is not an acceptable substitute for opt-in consent, especially given the added risks of data sharing for LGBTQ+ users. Defaults matter—studies show that most people cannot or do not change the default settings of technologies they use.
If Grindr wants to back up its claim that it “takes user privacy very seriously,” it should make privacy the default across its platform, rather than something users need to go through complicated processes to opt in to.
