EFF to Grindr: This Pride Month, Put Safety and Privacy Over Profits

The Electronic Frontier Foundation (EFF) is calling on Grindr to prioritize LGBTQ+ user safety by making privacy the default, ending data sharing with advertisers and AI training without opt-in consent. Grindr has a history of mishandling sensitive data, including sharing HIV status and location, leading to fines and lawsuits. The EFF demands Grindr enable privacy protections by default to prevent life-altering consequences for queer users.

This Pride month, we’re calling on the dating app Grindr to prioritize LGBTQ+ user safety by making privacy the default across its platform. That means no more sharing personal data with advertisers or training AI on private information without users’ opt-in consent. Grindr is a dating app for the LGBTQ+ community; and for queer people, privacy violations can have life-altering consequences. Information that reveals someone’s sexual orientation, gender identity, or HIV status can be used https://www.nytimes.com/2023/06/22/us/politics/anti-lgbtq-report-adl-glaad.html by employers, governments, family members, scammers, or bad actors to inflict harassment, discrimination, arrest, or violence. For example, data from Grindr https://www.washingtonpost.com/dc-md-va/2023/03/09/catholics-gay-priests-grindr-data-bishops/ and other gay dating apps was sold by data brokers and used to 'out' the act of disclosing someone's sexual orientation without permission a gay priest in 2021. Despite being the world's most popular gay dating app, Grindr has repeatedly mishandled users' sensitive data . Grindr has been caught sharing users' HIV status https://www.npr.org/sections/thetwo-way/2018/04/03/599069424/grindr-admits-it-shared-hiv-status-of-users and precise location https://www.datatilsynet.no/contentassets/8ad827efefcb489ab1c7ba129609edb5/administrative-fine---grindr-llc.pdf with advertisers without obtaining valid consent, resulting in reprimands https://ico.org.uk/media2/migrated/4023128/grindr-reprimand.pdf and fines https://noyb.eu/en/ncc-noyb-gdpr-complaint-grindr-fined-eu-63-mio-over-illegal-data-sharing in several countries. Its former Chief Privacy Officer even sued https://www.businessinsider.com/ex-grindr-privacy-chief-company-shared-user-data-billions-nudes-2023-6 , alleging the company fired him for raising concerns about Grindr prioritizing “profit over privacy." Grindr ended several of its most https://www.wsj.com/tech/grindr-user-data-has-been-for-sale-for-years-11651492800?st=3ptp6J&reflink=desktopwebshare permalink egregious https://www.npr.org/sections/thetwo-way/2018/04/03/599069424/grindr-admits-it-shared-hiv-status-of-users data sharing practices after they were exposed. But more changes are needed if Grindr wants to earn back trust and prove its commitment to users’ privacy and safety. This Pride month, we’re calling on Grindr to make privacy the default and ensure the immediate implementation of two changes to better protect its users: Grindr currently allows users to opt out of behavioral advertising, but that protection is not enabled automatically except in some unspecified regions https://help.grindr.com/hc/en-us/articles/12326669826323-Opt-Out-of-Behavioral-Advertising . As we’ve long https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising warned https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how , behavioral advertising relies on the collection and sharing of personal data across a vast network of advertisers, intermediaries, and data brokers. Once information enters this ecosystem, users have little control over where it goes or how it is used: people’s most private and intimate information can be aggregated, sold, and combined with information from other sources to create detailed personal profiles. By default, Grindr appears to share data with numerous advertising and tracking companies. Using TrackerControl https://trackercontrol.org/ , an app developed by privacy researcher Konrad Kollnig, we recorded Grindr contacting 20 third-party tracking domains during 15 minutes of app activity see Grindr TrackerControl 06-23-2026.csv https://drive.google.com/file/d/16HqvvhreGanDGRJD-ghbtuD9CTGLfkBc/view?usp=share link for exported results . TrackerControl observed Grindr contacting Big Tech companies and ad-tech intermediaries, many https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions-facebook of https://www.ftc.gov/news-events/news/press-releases/2022/05/ftc-charges-twitter-deceptively-using-account-security-data-sell-targeted-ads which https://www.bloomberg.com/news/articles/2025-10-06/applovin-has-been-probed-by-sec-over-data-collection-practices have faced significant legal scrutiny for privacy violations. Several https://pubmatic.com/legal/program-descriptions/ of https://support.google.com/admob/answer/9234488?hl=en these https://support.applovin.com/en/max/demand-partners/auction-dynamics companies https://developers.facebook.com/docs/audience-network/bidding/overview/ auction off ad space through a process called “real-time bidding,” which can expose user data to hundreds of additional companies https://www.iccl.ie/wp-content/uploads/2023/11/Americas-hidden-security-crisis.pdf and be exploited by data brokers https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how . The dangers of Grindr’s default settings exposing users’ personal data to this ecosystem are not hypothetical. Between approximately 2017 to 2020, a location data broker collected the precise movements https://www.wsj.com/tech/grindr-user-data-has-been-for-sale-for-years-11651492800?st=3ptp6J&reflink=desktopwebshare permalink of millions of Grindr users from digital advertising networks and made them available for sale. The commercially available data was allegedly so detailed that, in some cases, it could be used to infer romantic encounters between specific Grindr users. Although Grindr has stated https://help.grindr.com/hc/en-us/articles/29447522402323-How-your-data-informs-ads-on-Grindr that it no longer shares precise location data or profile information with advertisers, it acknowledges https://help.grindr.com/hc/en-us/articles/29447522402323-How-your-data-informs-ads-on-Grindr sharing other personal data, including mobile advertising identifiers https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now MAIDs —unique, persistent device IDs that allow advertising companies and data brokers to connect data about the same individual across different sources. MAIDs are not anonymous, and an entire industry https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now exists to link them to more directly identifying information, like emails and phone numbers. According to Grindr’s privacy policy, companies receiving users’ MAIDs “ are aware that such data is being transmitted from Grindr https://trust.grindr.com/en-US/privacy ,” which could expose a users’ sexuality to the advertising and data broker ecosystem. Grindr should stop training its AI models on users’ personal data without opt-in consent. Grindr has been investing heavily in AI features as its CEO strives to make Grindr an “ AI-first business https://www.wired.com/story/grindr-ai-first-era-everything-app-for-the-gay-guy/ .” New AI features https://help.grindr.com/hc/en-us/articles/7169085929491-Your-Privacy-Artificial-Intelligence-at-Grindr include a wingman chatbot https://www.wired.com/story/hands-on-with-grindr-ai-wingman/ , profile recommendations based on users’ inferred “type” https://www.grindr.com/2026-product-roadmap , summaries of previous interactions with other users, and AI-generated insights about other profiles like responsiveness, typical online hours, and engagement patterns https://trust.grindr.com/en-US/privacy/grindr-privacy-and-cookie-policy/behavioral-advertising . By default, Grindr uses its users’ personal data to train the AI models https://help.grindr.com/hc/en-us/articles/7169085929491-Your-Privacy-Artificial-Intelligence-at-Grindr behind these features. Grindr claims https://help.grindr.com/hc/en-us/articles/7169085929491-Your-Privacy-Artificial-Intelligence-at-Grindr to never use sensitive health information for AI training and requires users to opt-in to AI training on “special-category” data, which includes chat content and precise location. But Grindr automatically enrolls users in AI training on other private information, including profile photos, age, taps, and display names. Users must navigate several levels of Grindr settings to prevent these personal details from being used to train Grindr’s AI. AI systems trained on personal data create new privacy risks https://www.eff.org/deeplinks/2025/07/dating-apps-need-learn-how-consent-works , including the possibility that personal information may be retained, reproduced, or exposed in unexpected ways. For example, researchers have https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html been able to extract training data from AI systems like ChatGPT. Beyond AI training, Grindr enables AI-powered features by default https://help.grindr.com/hc/en-us/articles/7169085929491-Your-Privacy-Artificial-Intelligence-at-Grindr and allows both “special-category” data and other personal information to be processed by those features. Even users without access to premium-subscription AI features could have their data automatically used to power those features for other users. “ Behavior-based profile insights https://trust.grindr.com/en-US/privacy ” pictured below could expose information https://www.grindr.com/blog/testing-edge-our-first-full-powered-gai-tm-subscription that users would never choose to share publicly, like the types of people they interact with on Grindr, their typical online hours, and how often they initiate conversation with other users. Regardless of whether new AI features leak private information, users deserve meaningful control over how their personal data is used and by whom. Grindr notifies users that their personal information may be used to train AI and that they can opt out on a separate settings page, but this notice does not specify the type of data used i.e. profile photos, taps and it is unlikely that people carefully read or understand it. Closing the notice or clicking its only button which is “Proceed” maintains Grindr’s default of using personal information for AI training. To respect users’ autonomy, Grindr should require opt-in consent before training AI models on personal data. Grindr must immediately stop prioritizing profits over users’ safety. The ability to opt-out is not an acceptable substitute for opt-in consent, especially given the added risks of data sharing for LGBTQ+ users. Defaults matter— studies https://www.isi.edu/results/publications/25915/navigating-social-media-privacy-awareness-preferences-and-discoverability/ show that most people cannot or do not change the default settings of technologies they use. If Grindr wants to back up its claim that it “ takes user privacy very seriously https://help.grindr.com/hc/en-us/articles/1500005257961-Accessing-your-personal-data ,” it should make privacy the default across its platform, rather than something users need to go through complicated processes to opt in to.