Which dating app has the best privacy policy?

Are you completely, irrevocably, publicly in love this February?

Oh, what’s that? A ready meal for one, next to a novelty ‘meow and you’ Valentine’s day card from your cat? 

We’re guessing that’s a no. 

It’s rough out there for us single data practitioners, searching high and low for that special someone. You’re tempted to turn to dating apps for assistance but reluctant to make a deal with the devil without a comprehensive analysis of their privacy policies first. I mean, as if our soulmates would be on an app which doesn’t comply with the GDPR and Data Protection Act, right? #relatablecontent 

This is where we come in! For one hallmark holiday only, consider us your Data Protection fairy godmothers (or fairy GDPRmothers? We’re still working on our title). We’ve compared the privacy policies of three popular dating apps–Tinder, Hinge and Bumble–to give you the best chance of legitimate, lawful love this Valentine’s day.

We’re rating each app on the following criteria; 

  • Overall legibility 
  • Transparency 
  • Data Collection

Without further ado, get ready to fall in love…with our attention to detail and commitment to data protection compliance!



First up we’re tackling Tinder, the app proving that you can find love at first sight…again and again and again. 

Overall Legibility 

At first glance, we’re tempted to swipe right. Tinder has made a conscious effort to use concise, clear language with minimum legal and specialist jargon (“…we’re doing our best to write our Privacy Policy and related documents in plain language. We actually want you to read our policies and understand our privacy practices!”). 


Tinder–very helpfully–divide their privacy policy into the following sections: 

  1. Who we are
  2. Where this Privacy Policy applies
  3. Information we collect
  4. How we use information
  5. How we share information
  6. Cross-border data transfers
  7. Your rights
  8. How long we retain your information for
  9. Children’s privacy
  10. Job candidates, contractors and vendor representatives
  11. Privacy Policy changes
  12. How to contact us

So far, so good. They also provide the details for their Data Controller (MTCH Technology Services Ltd, if you’re wondering), within the first few lines of their policy, a company after our own hearts. 

And now for the question on the tip of every data practitioner’s tongue, how do they collect and share information? 

Data Collection 

Tinder have outlined clearly all of the reasons why they collect and share personal data, including: 

  • Helping to operate, distribute and market services 
  • Improving services (e.g. data hosting and maintenance) 
  • Analytics 
  • Customer care 
  • Marketing 
  • Advertising 
  • Payment processing 

They also share information with third party vendors who distribute and assist with advertising our services; “…we may share limited information on you in hashed, non-human readable form to advertising vendors.” 

They purport to follow a strict vetting process prior to engaging any vendors, requiring them to agree to strict confidentiality obligations. It would seem that when it comes to data collection, Tinder has no skeletons hiding in their closet. 

We’re definitely impressed with section 7 of Tinder’s privacy policy (‘Your rights and choices’), for outlining exactly how data subjects can regain control over their personal data; “We want you to be in control of your information, so we want to remind you of the following options and tools available to you…”. 



With the tagline ‘designed to be deleted’, Hinge promises its users relationships over hookups. If Tinder is a younger sibling whose short attention span constantly seeks the shiniest toy to play with, Hinge is an older sibling returning from University to dazzle anyone who will listen with their philosophical musings and thoughts on politics. Older, slightly wiser.

Overall Legibility 

Hinge’s privacy policy adopts a slightly more formal tone than Tinder, with a little more specialist jargon thrown into the mix, but it’s still generally easy to read and understand; “We design all of our products and services with your privacy in mind.” 


In the interest of transparency, now seems as good a time as any to mention that Tinder and Hinge are not only metaphorical, but literal siblings. Not only do they share the same Data Controller (MTCH Technology Services Ltd), but they are also both owned by the Match Group, who with a global portfolio of over 45 dating companies, are basically the Kardashians of online dating. It will come as no shock then, that the two dating apps share a similar content structure. Hinge’s privacy policy is separated into the following; 

  1. Who We Are
  2. Where This Privacy Policy Applies
  3. Information We Collect
  4. How We Use Information 
  5. How We Share Information
  6. Cross-Border Data Transfers
  7. Your Rights And Choices
  8. How Long We Retain Your Information
  9. No Children Allowed
  10. Job Candidates, Contractors and Vendor Representatives
  11. Privacy Policy Changes
  12. How To Contact Us

Data Collection 

When it comes to Data Collection, Hinge goes into even more detail than Tinder. Not only do they outline all the information automatically collected by their services (Usage Info, Device Info, Information collected by cookies and similar technologies, Precise Geolocation data and Selfie verification data), they explicitly state the legal bases by which they justify processing data; “To process your information as described in this Privacy Policy, we rely on the following legal bases”. These bases range from Legitimate Interest and complying with applicable laws and regulations, to old reliable consent. We’ll give Hinge extra points for their commitment to Data Protection compliance. 



Last, but not least, is Bumble. The dating app which gives women the burden..we mean agency, to be the ones initiating awkward small talk, and focusing heavily on photo verification – which has some advantages but also means there’s some very…intense sensitive (and potentially sensual – if you know what we mean) personal data processing going on behind the curtains. When it comes to keeping women safe in the evidently dangerous dating world, Bumble is great. Let’s see if they’re as committed to keeping their user’s personal information safe. 

Overall Legibility 

Bumble’s privacy policy is, for the most part, easy to read and understand (“sorry kids, we know Bumble is cool, but you’ll have to come back when you’re old enough!). There isn’t too much specialist/legal jargon, but there are sections which the common Joe might struggle to understand, for example; “Measures are taken to ensure that the data shared is non-attributable to the greatest extent possible and our suppliers are also subject to extensive obligations under our contractual arrangements, including strict data retention limits.


Bumble gets points from us immediately for putting their ‘Collection of Information’ section loud and proud, at the beginning of their policy. Getting to the good stuff right away.

It’s also worth noting that unlike Tinder and Hinge, both Bumble’s App and Sites are operated by the ‘Bumble Group’ (including Bumble Holding Limited, Badoo Training Limited and Bumble LLC), all of the above acting as Data Controllers of personal information collected and processed through the site and apps.

Out of the three dating apps included in this blog, Bumble provides the clearest instructions for anyone who wishes to control the app’s access to information, for example; “you can withdraw from marketing at any time via Settings in the App or by using the opt-out mechanisms and links provided in each message” and “Once you register, you will be able to review and change this information at any time just by logging in to Bumble”. 

What truly sets Bumble apart from other dating apps, in our opinion, is their transparency when it comes to their matching algorithm; 

“Our matching algorithms use the following data about you to predict your compatibility with others and generate profile recommendations: the things you tell us about yourself in your profile; information about your activity in our apps; whether you are a photo verified user; and your device coordinates, which are necessary to understand your proximity to other members.” 

Data Collection 

Bumble makes no bones about their data collection; “We collect some information about you. In addition, you may choose to use the App or Sites to share information with other users, including your friends and contacts (“Users”). We may also need to share your information sometimes”. So far, a little ambiguous for our liking. Let’s dig a little deeper. 

As standard, you can expect Bumble to collect the following information; 

  • Name
  • Username
  • Email address
  • Mobile number
  • Gender identity
  • Date of birth
  • Sexual preference – 
  • Photographs – Not only do bumble have access to images of your actual face, they use facial recognition technology to continually scan–and confirm–any photos you upload are actually you. That’s biometric data that is subject to stricter controls, and they say they’ll keep the scans for up to three years, which is quite some time, so we’ll dock them some points for that. 
  • Geolocation – If Bumble has access to your location, whenever you’re on your mobile they will be collecting information about WiFi access points as well as other location information (like your device’s coordinates) ‘to offer certain features to you’. In layman’s terms, they’re tracking you, all so they can figure out what you’d like to buy. 
  • Login information for any social media accounts that you connect to Bumble – this is admittedly, a little dicier. Just think, Bumble could be reading your private messages and judging your old selfies right now. 

Let’s talk about sharing information with third parties, shall we? Bumble admit to sharing data to the following external suppliers; 

  • Billing services 
  • Authentication services 
  • Social media providers
  • Product improvement and market research 
  • IT services 

They’ve also ensured that any shared data is non-attributable to ‘the greatest extent possible’, subjecting suppliers to extensive obligations under contractual arrangements which include strict data retention limits. 

Our Conclusion? 

Ultimately, it’s impossible for us to determine which one of these services would be best for you to entrust your personal data to. It’ll have to be your decision whether to swipe left or right on each one. What’s clear, however, is that the vast majority of us generously provide our personal information–often special category data–often without pausing to consider the value of what we willingly hand over, or realising that our data will likely be in the custody of these services for years even after we’ve stopped using them. It’s kind of like going on a first date, feeling no spark but moving in with them anyway.

Want to make sure your company’s data is as secure as possible? Take out a data protection audit with us, or enroll in one of our upcoming training courses to develop your staff’s knowledge.

We published an article on Bisexuality Awareness Day last year, which is a great guide to what this day is and how data protection factors into different sexualities. 

Get in touch with us today to discuss how we could help you further.

related posts

Get a Free Consultation