SAN FRANCISCO (KGO) -- When setting up a dating profile, Grindr users can choose to share their HIV status.
"You can post negative, negative on PrEp, positive, positive- undetectable, so really personal medical information," said Grindr user Alec Nygard.
That information, along with other data like GPS location, phone ID, and email was being shared with two companies that Grindr hired to test the app's performance.
"That does bring up questions on whether it's worthwhile to use that feature," Nygard added.
Grindr says the information was encrypted and never shared with advertisers.
"I actually find this very disturbing and possibly sinister," said San Francisco Supervisor Jeff Sheehy.
He worries the more Grindr shares people's information, the more likely their HIV status will end up in the wrong hands, through a data breach or otherwise.
"As someone who is HIV positive, I do value their contributions toward destigmatizing HIV, but this collection of information is a step too far," Sheehy added.
"I think privacy comes first," said Cecilia Chung, a San Francisco Health Commissioner and transgender, HIV awareness advocate.
She is concerned about the potentially adverse consequences of posting personal information. "I think that everyone should keep their health status to themselves unless it's necessary for them to disclose, such as when it is an intimate relationship or you are seeking medical doctors' advice," Chung added.
Several statements were released by Grindr, and parties involved with them. Read them below.
Statement from Bryce Case, Head of Security at Grindr: We confirm the statements shared with Axios are correct.
The information that was shared with Apptimize and Localytics is standard industry practice for rolling out and debugging software. As Grindr is an application that works to serve the LGBTQ community, it's important that we test out new features like HIV Testing Reminders to ensure these features are being utilized appropriately and not creating bugs.
In this case, Grindr was using Localytics as an independent check to ensure that our own internal systems were properly recording when users made changes to their profiles. If the numbers in Localytics didn't match the numbers in Grindr's own systems, then our engineers would know that something wasn't working correctly.
Any information we provide to our software vendors including HIV status information is encrypted and at no point did we sharing sensitive information like HIV status with advertisers. As the testing of our feature has completed, any information related to HIV status has been removed from Apptimized and we are in the process of discussing removal of this data from Localytics.
The key takeaway from today's news is that Grindr strongly encourages our users to take a rigorous approach when examining how and where their data is shared, but there is a major difference between a company like Grindr sharing encrypted data with a software vendor to debug its app, and having it harvested from an outside third party like Cambridge Analytica which is not what is happening here.
Statement from Scott Chen, CTO of Grindr: As a company that serves the LGBTQ community, we understand the sensitivities around HIV status disclosure. Our goal is and always has been to support the health and safety of our users worldwide.
Recently, Grindr's industry standard third-party partners including Apptimize and Localytics, two highly-regarded software vendors, to test and validate the way we roll out our platform has drawn concern over the way we share user data.
In an effort to clear any misinformation we feel it necessary to state:
1. Grindr has never, nor will we ever sell personally identifiable user information - especially information regarding HIV status or last test date - to third parties or advertisers.
2. As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimize how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.
3. When working with these platforms, we restrict information shared except as necessary or appropriate. Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users' privacy from disclosure.
As an industry leader and champion for the LGBTQ community, Grindr, recognizes that a person's HIV status can be highly stigmatized but after consulting several international health organizations and our Grindr For Equality team, Grindr determined with community feedback it would be beneficial for the health and well-being of our community to give users the option to publish, at their discretion, the user's HIV Status and their Last Tested Date. It is up to each user to determine what, if anything, to share about themselves in their profile.
The inclusion of HIV status information within our platform is always regarded carefully with our users' privacy in mind, but like any other mobile app company, we too must operate with industry standard practices to help make sure Grindr continues to improve for our community. We assure everyone that we are always examining our processes around privacy, security and data sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users' right to privacy.
Statement from Bryan Dunn, VP of Product at Localytics: Localytics is an app marketing platform that provides messaging and analytics tools to large enterprise companies. The information customers choose to send is stored and processed in our production systems, which meet industry security standards, including ISO27001, SSAE16-SOC1/2/3, FISMA and others. Localytics strictly controls all access to production systems, and leverages appropriate security controls to protect all customer data.
Under no circumstances does Localytics automatically collect a user's personal information, nor do we require personal information in order for our customers to get the benefits from using our platform. It is up to each customer to determine what information they send to Localytics, and Localytics processes that data solely for the customer's use. We do not share, or disclose, our customer's data.