Privacy violations for LGBTQ+ individuals can carry life-altering consequences. Information such as sexual orientation, gender identity, or HIV status, if exposed, can lead to harassment, discrimination, arrest, or violence from employers, governments, family members, scammers, or malicious actors. ### A History of Data Mishandling **Grindr** has a concerning track record of mishandling sensitive user data. Past incidents include sharing users' **HIV status** and precise location with advertisers without valid consent, leading to reprimands and significant fines in several countries. In one high-profile case from 2021, data from **Grindr** and other gay dating apps, sold by data brokers, was allegedly used to 'out' a gay priest. The app's former Chief Privacy Officer even sued **Grindr**, claiming he was fired for raising concerns about the company prioritizing profit over privacy. While **Grindr** has ceased some of its more egregious data-sharing practices after public exposure, privacy advocates assert that more fundamental changes are necessary to rebuild trust and demonstrate a true commitment to user privacy and safety. ### Opt Users Out of Behavioral Advertising by Default Currently, **Grindr** allows users to opt out of behavioral advertising, but this protection is not automatically enabled in most regions. Behavioral advertising relies on the collection and sharing of personal data across a vast network of advertisers, intermediaries, and data brokers. Once data enters this ecosystem, users lose control over its distribution and usage, with intimate information potentially aggregated, sold, and combined to create detailed personal profiles. An analysis using **TrackerControl**, an app developed by privacy researcher **Konrad Kollnig**, revealed **Grindr** contacting 20 third-party tracking domains within 15 minutes of app activity. These included major tech companies and ad-tech intermediaries, many of whom have faced legal scrutiny for privacy violations. Several of these companies utilize real-time bidding for ad space, a process that can expose user data to hundreds of additional entities and be exploited by data brokers. Between approximately 2017 and 2020, a location data broker collected and sold the precise movements of millions of **Grindr** users from digital advertising networks. This commercially available data was so detailed it could, in some instances, infer romantic encounters between specific users. Although **Grindr** states it no longer shares precise location data or profile information with advertisers, it acknowledges sharing other personal data, including **mobile advertising identifiers (MAIDs)**. These unique, persistent device IDs enable advertising companies and data brokers to link data about the same individual across various sources. MAIDs are not anonymous, and an entire industry exists to connect them to more directly identifying information like emails and phone numbers. **Grindr**'s privacy policy notes that companies receiving users' MAIDs "are aware that such data is being transmitted from **Grindr**," potentially exposing a user's sexuality to the broader advertising and data broker ecosystem. ### Opt Users Out of AI Training on Personal Data by Default **Grindr** has been heavily investing in AI features, with its CEO aiming to transform it into an "AI-first business." New AI functionalities include a wingman chatbot, profile recommendations based on inferred user 'types,' summaries of past interactions, and AI-generated insights about other profiles (e.g., responsiveness, typical online hours, and engagement patterns). By default, **Grindr** uses its users' personal data to train the AI models powering these features. While **Grindr** claims it never uses sensitive health information for AI training and requires opt-in consent for "special-category" data (like chat content and precise location), it automatically enrolls users in AI training on other private information. This includes profile photos, age, 'taps,' and display names, all without explicit user consent.