Privacy advocates are calling on the dating platform Grindr to implement “privacy by default” settings this Pride Month, citing concerns over the company’s data-sharing practices and the integration of artificial intelligence into its services. The campaign urges the app to stop sharing personal user data with third-party advertisers and to require explicit, opt-in consent before utilizing personal information for AI model training.
For LGBTQ+ users, the stakes of data privacy are particularly high. Information regarding sexual orientation, gender identity, or HIV status—if exposed—can lead to severe real-world consequences, including discrimination, harassment, or state-sanctioned violence in jurisdictions where such identities are criminalized. As a senior technology editor, I recognize that for many in the queer community, the digital footprint left by dating apps is not merely a matter of marketing preferences, but a potential vector for life-altering harm.
The Risks of Behavioral Advertising
The primary critique leveled at Grindr involves its reliance on behavioral advertising, a model that relies on tracking user activity across the internet. While Grindr allows users to opt out of certain forms of behavioral advertising, privacy advocates argue that this protection is not enabled by default for all users, leaving many exposed to data collection by third-party intermediaries.
According to research by privacy advocate Konrad Kollnig, testing conducted on the Grindr app using the tool TrackerControl revealed that the application contacted 20 third-party tracking domains during a 15-minute window of activity. These domains often belong to ad-tech firms and data brokers involved in “real-time bidding” (RTB), a process that broadcasts user data to a wide array of companies in milliseconds to auction off ad space. This ecosystem can expose sensitive identifiers, including Mobile Advertising Identifiers (MAIDs), which allow companies to link app activity to other personal information like email addresses or phone numbers.
The history of such data handling is fraught with controversy. Between 2017 and 2020, a location data broker reportedly harvested the precise movements of millions of Grindr users through digital advertising networks. This data was commercially available and sufficiently detailed to potentially reveal intimate, real-world encounters between specific individuals. While Grindr has publicly stated it no longer shares precise location data or profile information with advertisers, the continued use of MAIDs remains a point of contention for security researchers who argue these identifiers are not truly anonymous.
AI Training and User Data
Grindr has recently pivoted toward becoming an “AI-first business,” introducing features such as a “wingman” chatbot and profile recommendations based on inferred user types. However, this shift has introduced new privacy concerns regarding how user data is utilized to train these machine-learning models.
While the company claims it does not use sensitive health information for AI training and requires opt-in consent for “special-category” data—such as chat content and precise location—other personal data is treated differently. By default, the company enrolls users in AI training programs that utilize profile photos, age, and “taps.” To restrict this data usage, users must navigate through several layers of settings, a process that critics argue is designed to discourage opt-outs.
The potential for “data leakage” from AI systems is a documented phenomenon in computer science. Researchers have previously demonstrated that it is possible to extract training data from large language models, raising the risk that a user’s private photos or interaction patterns could be inadvertently reproduced or exposed by an AI system. Furthermore, “behavior-based profile insights”—a feature that analyzes engagement patterns and online habits—may disclose information that a user never intended to make public, such as their typical active hours or the specific demographics they interact with most frequently.
The Demand for Privacy by Default
The core demand from privacy organizations this Pride Month is a shift toward “privacy by default.” This approach would move the burden of protecting sensitive information away from the user and onto the platform provider. Instead of requiring users to hunt through complex settings menus to protect their data, the default configuration of the app would prioritize data minimization and user autonomy.
The company’s past handling of sensitive data has led to significant regulatory scrutiny. In 2018, it was revealed that the app had shared users’ HIV status and testing dates with third-party software vendors, an incident that drew widespread condemnation and subsequent regulatory fines. Additionally, a former Chief Privacy Officer of the company filed a lawsuit in 2022, alleging he was terminated after raising internal concerns about the company’s prioritization of profit over user privacy.
As the digital landscape evolves, the intersection of AI development and personal data privacy becomes increasingly complex. For a platform serving a community that often faces unique safety risks, the standard for data protection must be exceptionally high. Whether the company will move toward an opt-in model for AI training and behavioral tracking remains to be seen. Users seeking to manage their current privacy settings should regularly review the “Privacy” or “Data” sections within their app settings, though the effectiveness of these controls remains a subject of ongoing debate among security experts.
As of this writing, there have been no new regulatory filings or official policy changes announced by the company in response to these specific calls for change. We will continue to monitor the platform’s privacy disclosures and any updates to its terms of service. Readers who have concerns regarding their data footprint are encouraged to share their experiences in the comments section below.