Grindr Is Training AI on Your Photos, Age, and Taps by Default

EFF found Grindr auto-enrolls users in AI training on profile photos, age, taps, and display names. The only button on the opt-out notice says 'Proceed.'

Silhouette of person in dark room looking at phone screen

The notice pops up inside the app. “AI for Personalization & Connection,” it says. There is one prominent button: “Proceed.” Closing the notice, swiping it away, or ignoring it all amount to the same thing: your profile photos, age, taps, and display names are now being used to train Grindr’s AI. According to the Electronic Frontier Foundation, there is no real opt-out on the screen. The “Proceed” button is the consent mechanism.

EFF staff Lena Cohen and Paige Collings documented the practice in a June 26 deep dive. The auto-enrollment covers data that, in a queer-dating context, can be uniquely sensitive: the photos you use to find partners, the taps that signal interest, the display name you chose to be known by. The categories that the EFF says Grindr “claims to never use” for AI training - chat content, precise location, and health information - are technically excluded. Everything else is fair game by default.

This is not an abstract policy debate. It is a real button on a real app, in front of millions of users, with a default that the app maker has every financial incentive to keep where it is.

What Grindr Is Actually Collecting

The EFF investigation lays out the mechanics clearly. Grindr automatically enrolls every user in AI training on four categories of personal data:

  • Profile photos - the images users choose to represent themselves
  • Age - a demographic data point that, in many jurisdictions, intersects with anti-discrimination protections
  • Taps - signals of romantic or sexual interest, a category of behavior users typically expect to be private to the people they tap on
  • Display names - the chosen identifier users present to the community

The opt-out mechanism is the screen EFF documented. The notice does not specify which of these data categories will be used. It does not describe how the resulting models will be deployed. It does not warn that, given Grindr’s history, the data could later end up in places it was never intended to go. It simply says “Proceed.”

That is the consent architecture of a company that has decided the answer is yes before the question is asked.

Grindr’s own trust center privacy page acknowledges that companies receiving Mobile Advertising IDs (MAIDs) “are aware that such data is being transmitted from Grindr.” The help center article on AI describes the practice in more neutral language. The CEO has publicly described Grindr as an “AI-first business”, per Wired - a strategic orientation that requires exactly the kind of data pipeline the default enrollment sets up.

EFF also recorded Grindr contacting 20 third-party tracking domains during 15 minutes of app activity, using the open-source tool TrackerControl built by researcher Konrad Kollnig. The CSV from that test is published alongside the EFF post. Twenty trackers in 15 minutes is a reminder that even before any AI training question comes up, the app is already broadcasting to a long list of ad-tech intermediaries.

Grindr’s Privacy Track Record

The default opt-in would be controversial for any app. For Grindr, it lands on top of a documented history that makes the practice especially hard to defend.

In April 2018, NPR reported that Grindr had been sharing users’ HIV status, alongside location data, with third-party analytics and ad vendors. The disclosure was not a leak. It was a contractual data flow. The fallout was swift, but the practice had been live long enough to be deeply embedded in the company’s analytics stack.

Between roughly 2017 and 2020, a location data broker collected “precise movements” of millions of Grindr users - movements detailed enough, in some cases, to infer romantic encounters between specific users. In 2021, the Washington Post reported that the data trail had been used to out a Catholic priest. The Norwegian Data Protection Authority (Datatilsynet) fined Grindr 65 million NOK in 2021 for unlawful disclosure of user data, and the UK’s Information Commissioner’s Office issued a reprimand. The European Commission imposed a separate fine following a noyb GDPR complaint. Grindr’s former Chief Privacy Officer sued the company, alleging he was fired for raising concerns about prioritizing “profit over privacy.”

This is the company now asking its users to trust that AI training on profile photos, taps, and display names will stay within bounds. EFF’s two demands to Grindr are minimal: opt users out of behavioral advertising by default, and opt users out of AI training on personal data by default, requiring opt-in consent.

What This Means

The Grindr case is not just about one app. It is the clearest current example of a pattern that has been spreading through consumer software for two years: AI features are launched with training opt-in by default, buried in a single-screen notice, and the only button on screen means “yes.”

For queer users in particular, the stakes are different from those of a generic social app. Profile photos and display names can be revealing in ways users carefully manage. Taps signal interest in specific people. Data brokers have already shown they can purchase, repackage, and resell this kind of information in ways that lead to real-world harm. Adding an AI training pipeline to that existing data flow is a structural change to the threat model, not a minor product update.

The broader lesson is regulatory. Most jurisdictions have consent frameworks on paper, but the implementation - a single screen, a single “Proceed” button, no specific list of data categories - is what users actually face. That implementation is what determines whether consent is real or performative. EFF’s reporting is useful precisely because it captures the implementation rather than the policy page.

If Grindr is doing this, other dating apps are likely doing it too. The same defaults appear in social apps, fitness apps, and shopping apps. Grindr is just the first one EFF has documented in this much detail.

What You Can Do

EFF’s investigation is paired with practical advice for Grindr users:

  • Treat any tap on “Proceed” as consent. If you see the AI personalization notice and want to keep your data out of training, do not tap Proceed. Check whether the app exposes an opt-out in settings under “Privacy” or “AI.”
  • Reset your advertising ID. Both iOS and Android let you reset or limit your Mobile Advertising ID. EFF has a guide for iOS and Android.
  • Use a privacy-focused app wrapper or firewall. TrackerControl on Android can show you which third-party domains an app is contacting in real time and let you block them.
  • Assume that any data on the platform is already in motion. The 20 trackers in 15 minutes figure is not unusual for dating apps. Plan accordingly: choose photos, names, and behaviors you would be comfortable seeing re-identified later.

The Bottom Line

Grindr has decided that your profile photos, age, taps, and display names are training data by default. The only button on the opt-out notice says “Proceed.” A company with a documented history of HIV-status leaks and location-based deanonymization is now asking users to trust an AI training pipeline with the data that makes those harms possible. EFF’s two demands - opt out of behavioral ads by default, opt out of AI training by default - are the floor. Anything less is consent theater.