Grindr, a gay dating app, will stop sharing users’ HIV statuses with third parties after a report disclosed that the company passed the information on to two vendors.
The West Hollywood company’s policy change came after a BuzzFeed report Monday that said personal data was being passed to two outside vendors hired by Grindr to test the performance of its app.
The report comes at a time of heightened anxiety about digital privacy because of the data misappropriation scandal involving Cambridge Analytica, a political consulting firm that received unauthorized data from millions of Facebook users through an outside app developer.
Grindr’s vendors, Apptimize and Localytics, are fed user data that includes HIV statuses, GPS data, phone numbers and e-mail addresses that, when combined, could expose someone’s private health information, researchers told BuzzFeed.
In response to an outcry Monday, Grindr will stop sharing users’ HIV status to outside vendors, according to someone close to the company who spoke on the condition of anonymity. The policy change was first reported by Axios.
In a separate statement Monday, Grindr said it would never sell personally identifiable information to third parties, including advertisers. Apptimize and Localytics — services that help Grindr test features on its platform — are under contract to safeguard user privacy and security, the company said.
“As a company that serves the LGBTQ community, we understand the sensitivities around HIV status disclosure,” said Scott Chen, Grindr’s chief technology officer. “Our goal is and always has been to support the health and safety of our users worldwide.”
Chen said Grindr, which has more than 3 million users, only shares personal information when necessary or appropriate.
“Sometimes this data may include location data or data from HIV status fields as these are features within Grindr,” Chen said. “However, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.”
Grindr allows its users to choose from a number of options under “HIV Status,” including listing positive, negative or receiving treatment. It also allows users to list their latest HIV test date. That information is aimed at informing potential sexual partners, the company says.
Grindr helped pioneer a fast and location-specific approach to dating that lets users quickly vet prospective partners who are nearby. Since its launch in 2009, Grindr has expanded from a hookup app to a broader digital platform advocating for LGBTQ issues.
Grindr sold a majority stake of its company last year to Kunlun Group Limited, a Chinese gaming company. Grindr’s founder, Joel Simkhai, stepped down as chief executive after Kunlun purchased the remaining stake in the company in January.
Gay men’s HIV status remains highly sensitive because of a history of discrimination, said John Duran, a longtime HIV/AIDS activist who is West Hollywood’s mayor pro tempore.
“We’ve fought so hard the last 30 years to ensure HIV status was kept confidential and private,” said Duran, one of only a few elected officials who has disclosed his status as HIV-positive. “That’s because people have historically suffered from discrimination in employment, insurance, housing and dating.”
Duran said large cities such as Los Angeles have better access to treatment and education about HIV. But outside major urban centers, the stigma for HIV-positive people can be much more difficult.
“Go 20 miles inland and you have to start HIV 101 all over again,” he said. “Sharing someone’s status is very egregious to me. It’s a breach of privacy.”
Data collection has become a much more controversial subject in recent weeks after revelations that 50 million unwitting Facebook users had some of their personal information leaked to Cambridge Analytica, a British company hired by the Trump presidential campaign to sway voter opinion.
Cambridge Analytica obtained the unauthorized data from a psychology professor who built a quiz app for Facebook. The professor gleaned information from the nearly 300,000 people who downloaded his app and millions of their friends. He passed that information to Cambridge Analytica despite rules from Facebook that prohibit sharing data with third parties.
Localytics said it does not share Grindr user information with third parties.
“We do not share, or disclose, our customers’ data,” Bryan Dunn, vice president of product for Localytics, said in a statement Monday.
Apptimize did not respond to a request for comment.
Grindr was confronted with questions about security flaws as recently as last week after NBC reported private information about users, including unread messages, deleted photos and location data, were being collected by a property management startup through a website that Grindr built. Grindr says it has since fixed the flaw and shut down the website, which allowed users to see who blocked them on the app.
In 2012, a hacker in Australia posed as other users on Grindr after identifying a security flaw. The hacker posted information on how to exploit the flaw before Grindr fixed it.