Grindr promised to protect your health data with "extra care." They shared your HIV status, your last test date, and your GPS coordinates with advertising companies. A researcher at SINTEF confirmed: the HIV data was linked to your phone ID, meaning advertisers knew exactly who was HIV-positive and where they lived. After BuzzFeed exposed it, Grindr stopped — but defended the practice as "industry standard." Sharing someone's HIV status with advertisers is not industry standard. It's a betrayal that could destroy lives in countries where homosexuality is criminalized. Grindr says it protects your identity. A Catholic newsletter bought commercially available Grindr location data and used it to track Monsignor Jeffrey Burrill — the top administrator of the US Conference of Catholic Bishops — to gay bars. He resigned before the story was published. His career was over. The data was bought on the open market. Anyone with a credit card could do the same thing to any Grindr user — identify them by name, track them to their home, their workplace, their most private moments.
What they claim: Grindr claims to comply with GDPR and obtain valid consent for data sharing.
What we found: Norwegian Data Protection Authority (Datatilsynet) fined Grindr NOK 65 million (EUR 6.5M / ~$7.1M) in December 2023 for sharing personal data with advertising partners without valid GDPR consent. The authority found Grindr shared GPS location, IP address, advertising ID, age, gender, and the fact that someone uses Grindr — effectively outing users to third parties — without legally valid consent. The Norwegian Consumer Council's "Out of Control" report (January 2020) documented the sharing.
What they claim: Grindr claims to anonymize data shared with third parties and protect user identity.
What we found: Security researchers demonstrated that Grindr's distance-based feature could be used to precisely triangulate user locations using trilateration — measuring distances from three known points. Researchers could pinpoint users to within meters. In countries where homosexuality carries the death penalty (Iran, Saudi Arabia, Yemen), this enables identifying and locating gay men. Egyptian police have used Grindr to arrest and imprison gay men. In Chechnya, the government used similar apps in a coordinated anti-gay purge.
What they claim: Grindr privacy policy: user health data is treated with "extra care" and protected.
What we found: BuzzFeed News investigation (April 2018): Grindr shared users' HIV status, last test date, and GPS location with two analytics companies — Apptimize and Localytics. The data was transmitted with users' phone IDs, meaning HIV status could be linked to specific individuals. After public outrage, Grindr stopped sharing HIV status but defended the practice as normal. Antoine Pultier at SINTEF: "The HIV status is linked to all the other information. That is the main issue."
What they claim: Grindr states it protects user privacy and does not disclose user identities.
What we found: The Pillar, a Catholic newsletter, obtained commercially available Grindr location data and used it to track Monsignor Jeffrey Burrill — secretary general of the US Conference of Catholic Bishops — to gay bars and a private residence. Burrill resigned in July 2021 before publication. The data was purchased from a data broker, demonstrating Grindr's location data was being sold on the open market and could identify specific individuals at specific locations.
What they claim: Grindr asserts user data is handled securely and responsibly under all ownership structures.
What we found: Chinese gaming company Kunlun Tech acquired Grindr in 2016-2018. CFIUS (Committee on Foreign Investment in the United States) ordered Kunlun to divest in 2019, determining that Chinese ownership of a database containing the sexual orientation, HIV status, location data, and private messages of millions of Americans posed a national security risk. Intelligence officials feared the data could be used for blackmail of military and government personnel. Kunlun sold Grindr in 2020 for $608 million.
What they claim: Grindr markets itself as a community-focused app serving the LGBTQ+ community's interests.
What we found: The Norwegian Consumer Council's "Out of Control" report (January 2020) found dating apps including Grindr were sharing intimate personal data with up to 135 different third parties for advertising purposes. Data shared included sexual orientation, relationship status, precise GPS location, device identifiers, and usage patterns. The report concluded the advertising industry's data sharing practices were "out of control" and "systematically breaking the law."
What they claim: Grindr states it uses industry-standard security measures to protect user data and private communications.
What we found: Security researcher Trever Faden created a website (C*ckblocked) that allowed any Grindr user to see who had blocked them. In the process, he discovered he could access unread messages, email addresses, deleted photos, and location data for any user. Separately, a 2018 vulnerability allowed anyone to take over a Grindr account using only the email address associated with it — the password reset token was exposed in the API response. Grindr took months to fix it after being notified.
What they claim: Grindr positions itself as an inclusive, safe space for the LGBTQ+ community.
What we found: Grindr offered an ethnicity filter that allowed users to exclude entire racial groups from search results — effectively building racial discrimination into the product. After the George Floyd protests in June 2020, Grindr announced it would remove the filter "in the next release." The company had known about the discriminatory impact for years but only acted when public pressure made inaction reputationally costly. The filter required collecting and storing users' racial data.