What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR (Regulation 2016/679), UK GDPR, and the California Consumer Privacy Act as amended by CPRA, with enforcement authority distributed across EU member state data protection authorities, the UK Information Commissioner's Office, and the California Privacy Protection Agency. The policy's disclosure of biometric data collection for ID verification implicates Illinois BIPA (Biometric Information Privacy Act), Texas CUBI, and Washington My Health MY Data A…

How does Bumble's Bumble Privacy Policy affect users?

The policy establishes that Bumble collects and processes biometric identifiers, precise location data, message content, and device information, with terms authorizing disclosure to third-party service providers and affiliated entities. Users subject to CCPA/CPRA (California residents) and GDPR (EU and UK users) operate under supplemental data protection obligations, including rights to request access, correction, deletion, and export of personal data, and rights to object to automated decision…

How often is Bumble's Bumble Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Bumble updates this document?

Yes. Watcher subscribers ($9.99/month) can add Bumble to their watchlist and receive same-day email alerts whenever this document or any other Bumble document changes.

CA-D-000226

Bumble Privacy Policy

Bumble

Last change detected April 19, 2026 Privacy policy

SHA-256: 6f0f969fe2657ab71d0… 3 versions captured 3 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Bumble ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

2 High severity

6 Medium severity

1 Low severity

Summary

This document establishes Bumble's practices for collecting, using, and sharing personal information from users of its dating application and websites. Bumble collects sensitive data categories including precise geolocation, biometric identifiers for verification purposes, photographs submitted for identity verification, device information, and message content, with authorization to share this information with third-party service providers, affiliated entities, and government bodies in response to legal process. Users located in California, the EU, and the UK are granted specific rights to access, correct, delete, and export their personal data, exercisable through the application settings or Bumble's support contact mechanism.

Technical / Legal Breakdown

This document is Bumble Group's global privacy policy, governing the collection, use, storage, and disclosure of personal information by Badoo Trading Limited and Bumble Trading LLC across the Bumble mobile application, desktop version, and associated websites, with GDPR cited as a primary legal framework and Bumble positioned as data controller. The policy states it collects a broad range of data categories including registration details, geolocation, device identifiers, biometric data (for profile and ID verification), purchase information, message content, photo metadata, and linked social media data, and the terms authorize use of this information for matching algorithms, moderation, service delivery, marketing, fraud prevention, and legal compliance. Notably, the policy discloses collection and processing of biometric data through profile and ID verification features, a category subject to heightened legal requirements in several US states (including Illinois BIPA and Texas CUBI) and under GDPR Article 9 as a special category; the policy also acknowledges use of automated decision-making including profiling, and discloses that user data may be transferred internationally outside the EEA under standard contractual clauses or other approved transfer mechanisms. The policy engages GDPR, UK GDPR, CCPA/CPRA for California residents, and potentially Illinois BIPA and other US state biometric privacy statutes, with enforcement exposure distributed across the ICO (UK), EU supervisory authorities, California Privacy Protection Agency, and US state attorneys general. Material compliance considerations include the lawfulness of biometric data processing under both GDPR and US state law, the adequacy of consent mechanisms for special category data, and the sufficiency of disclosed cross-border data transfer safeguards.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

3 important changes detected

3 versions captured · Last updated: April 2026

April 19, 2026

medium

What changed Bumble removed a reference to UK servers from its privacy policy on April 19, 2026. The policy previously stated the company's network includes servers in the US, UK, and EU; it now says servers are in the US and EU only. This change may affect how UK users' data is stored and processed.

Why this matters Bumble's privacy policy previously disclosed that the company operates servers in the US, UK, and EU. The updated policy removes the UK from this list, stating only US and EU servers. For UK-based users, this change may alter where personal data is actually stored and processed, which can affect data protection rights and latency. UK users may want to review the updated privacy policy to understand the new data storage arrangements and determine whether they align with their privacy expectations.

View full change record →

March 21, 2026

medium

What changed Bumble removed the UK from its list of server locations in its privacy policy. The updated language now states the network includes servers in the US and the EU, whereas previously it specified the US, UK, and EU. This change may affect how UK users' data is processed and where it is stored, potentially shifting UK data handling from a UK-based server to EU infrastructure.

Why this matters UK users may experience a change in data storage and processing infrastructure. The updated policy discloses that servers in the UK are no longer part of Bumble's stated network, meaning UK user data may now be processed and stored in EU data centers instead of potentially UK-based infrastructure. This could have implications for data residency expectations and regulatory compliance frameworks that apply to UK-based data processing. Review Bumble's updated data transfer documentation if you have specific data locality requirements.

View full change record →

March 19, 2026 low

Bumble updated its privacy policy on March 19, 2026 to specify that its network infrastructure includes servers located in the US, UK, and the EU, rather than the previous statement …

View change record →

High — 2 provisions

Biometric and ID Verification Data Collection Compare →

Bumble collects biometric information as part of its profile and ID verification features, which may include facial recognition or similar biometric identifiers used to confirm your identity.

Added May 8, 2026 Standard Seen across 251 platforms
Special Category and Sensitive Data Processing Compare →

Bumble acts as the data controller for all personal information collected through its app and sites, which means it is legally responsible under GDPR for how that data, including sensitive profile data about sexual orientation, religion, and ethnicity, is used.

Added May 10, 2026 Standard Seen across 189 platforms

Medium — 6 provisions

Geolocation Data Collection Compare →

Bumble collects your geolocation information, which may include precise location data depending on your device settings and how you use the app.

Added April 3, 2026 Standard Seen across 251 platforms
Automated Decision-Making and Profiling Compare →

Bumble uses algorithms and automated systems to make decisions about which profiles you see and who sees you, which constitutes profiling under GDPR.

Added May 10, 2026 Common Seen across 104 platforms
Third-Party Data Sharing with Service Providers Compare →

Bumble shares your personal information with third-party companies that help run the service, such as technology providers, analytics platforms, and others, though the policy states this is limited to the circumstances it describes.

Added May 10, 2026 Standard Seen across 246 platforms
Cross-Border Data Transfers Compare →

Bumble may transfer your personal information to countries outside the one where you live, including outside the EU or EEA, using legal mechanisms intended to protect the data during transfer.

Added May 8, 2026 Common Seen across 122 platforms
User Rights Under GDPR and CCPA Compare →

Bumble acknowledges a broad set of data subject rights including the right to access, correct, delete, port, restrict, and object to processing of your personal information, as well as rights specific to California residents under CCPA/CPRA.

Added May 10, 2026 Standard Seen across 262 platforms
Message and Communication Content Collection Compare →

Bumble collects and stores the content of messages you send and receive through the platform, including communications between users.

Added May 10, 2026 Standard Seen across 178 platforms

Low — 1 provision

Policy Update and Notification Mechanism Compare →

Bumble reserves the right to update its privacy policy at any time, with the latest posted version governing data use; the company states it will notify users by email or in-app notice for material changes.

Added May 10, 2026 Standard Seen across 178 platforms

Monitoring

Bumble has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Automated Profiling and Matching Algorithms and similar clauses.

Compare across platforms →