What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR (Regulation 2016/679), UK GDPR, and the California Consumer Privacy Act as amended by CPRA, with enforcement authority distributed across EU member state data protection authorities, the UK Information Commissioner's Office, and the California Privacy Protection Agency. The policy's disclosure of biometric data collection for ID verification implicates Illinois BIPA (Biometric Information Privacy Act), Texas CUBI, and Washington My Health MY Data A…

How does Bumble's Bumble Privacy Policy affect users?

The policy establishes that Bumble collects and processes biometric identifiers, precise location data, message content, and device information, with terms authorizing disclosure to third-party service providers and affiliated entities. Users subject to CCPA/CPRA (California residents) and GDPR (EU and UK users) operate under supplemental data protection obligations, including rights to request access, correction, deletion, and export of personal data, and rights to object to automated decision…

How often is Bumble's Bumble Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Bumble updates this document?

Yes. Monitor subscribers ($19/month) can add Bumble to their watchlist and receive same-day email alerts whenever this document or any other Bumble document changes.

CA-D-000226

Bumble Privacy Policy

Bumble

Last change detected June 14, 2026 Privacy policy

SHA-256: 141cb48a0bf984df3d5… 5 versions captured 4 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Bumble ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

2 High severity

6 Medium severity

1 Low severity

Summary

This document establishes Bumble's practices for collecting, using, and sharing personal information from users of its dating application and websites. Bumble collects sensitive data categories including precise geolocation, biometric identifiers for verification purposes, photographs submitted for identity verification, device information, and message content, with authorization to share this information with third-party service providers, affiliated entities, and government bodies in response to legal process. Users located in California, the EU, and the UK are granted specific rights to access, correct, delete, and export their personal data, exercisable through the application settings or Bumble's support contact mechanism.

Technical / Legal Breakdown

This document is Bumble Group's global privacy policy, governing the collection, use, storage, and disclosure of personal information by Badoo Trading Limited and Bumble Trading LLC across the Bumble mobile application, desktop version, and associated websites, with GDPR cited as a primary legal framework and Bumble positioned as data controller. The policy states it collects a broad range of data categories including registration details, geolocation, device identifiers, biometric data (for profile and ID verification), purchase information, message content, photo metadata, and linked social media data, and the terms authorize use of this information for matching algorithms, moderation, service delivery, marketing, fraud prevention, and legal compliance. Notably, the policy discloses collection and processing of biometric data through profile and ID verification features, a category subject to heightened legal requirements in several US states (including Illinois BIPA and Texas CUBI) and under GDPR Article 9 as a special category; the policy also acknowledges use of automated decision-making including profiling, and discloses that user data may be transferred internationally outside the EEA under standard contractual clauses or other approved transfer mechanisms. The policy engages GDPR, UK GDPR, CCPA/CPRA for California residents, and potentially Illinois BIPA and other US state biometric privacy statutes, with enforcement exposure distributed across the ICO (UK), EU supervisory authorities, California Privacy Protection Agency, and US state attorneys general. Material compliance considerations include the lawfulness of biometric data processing under both GDPR and US state law, the adequacy of consent mechanisms for special category data, and the sufficiency of disclosed cross-border data transfer safeguards.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

4 important changes detected

5 versions captured · Last updated: May 2026

May 30, 2026

medium

What changed Bumble added disclosure language describing BeePitched, a new feature that allows users and non-users to create and share personalized 'Pitches' about others. The updated privacy policy now states that BeePitched processes names, phone numbers, photos, pitch content, reports, and related technical information from pitch creators, contributors, subjects, and devices. This information is used to operate the feature, moderate content, investigate reports, and prevent misuse, with access restricted to pitch subjects, invited contributors, authorized Bumble personnel, and service providers.

Why this matters Bumble's updated privacy policy discloses that the new BeePitched feature processes personal data including names, phone numbers, photos, and pitch content from users and non-users. According to the policy, this information is used to operate the feature, moderate content, investigate reports, and prevent misuse. Access to pitches is limited to pitch subjects, invited contributors, authorized Bumble personnel, and service providers. The disclosure establishes what data the feature collects and how it is used, but does not describe user controls or settings for opting out of being featured in a pitch.

View full change record →

April 19, 2026

medium

What changed Bumble removed a reference to UK servers from its privacy policy on April 19, 2026. The policy previously stated the company's network includes servers in the US, UK, and EU; it now says servers are in the US and EU only. This change may affect how UK users' data is stored and processed.

Why this matters Bumble's privacy policy previously disclosed that the company operates servers in the US, UK, and EU. The updated policy removes the UK from this list, stating only US and EU servers. For UK-based users, this change may alter where personal data is actually stored and processed, which can affect data protection rights and latency. UK users may want to review the updated privacy policy to understand the new data storage arrangements and determine whether they align with their privacy expectations.

View full change record →

March 21, 2026 medium

Bumble removed the UK from its list of server locations in its privacy policy. The updated language now states the network includes servers in the US and the EU, whereas …

View change record →

March 19, 2026 low

Bumble updated its privacy policy on March 19, 2026 to specify that its network infrastructure includes servers located in the US, UK, and the EU, rather than the previous statement …

View change record →

Recent Provision Changes May 30, 2026

Added (2)

Message and Communication Content Collection Medium

New explicit provision disclosing that message and communication content is collected and processed, a significant privacy consideration for dating app users.

Policy Update and Notification Mechanism Low

New provision explicitly stating policy change procedures and notification methods, establishing transparency around future policy modifications.

Removed (3)

Law Enforcement and Legal Process Disclosure

Removal of explicit provision on law enforcement disclosure practices could indicate either integration into broader data sharing sections or reduced transparency on government data requests.

Data Retention Policy

Removal of dedicated data retention provision eliminates explicit user visibility into how long personal information is maintained, a key privacy protection.

Corporate Transaction Data Transfer

Removal of corporate transaction disclosure eliminates transparency on data handling during mergers, acquisitions, or asset sales, reducing user control notification.

Modified (7)

Biometric and ID Verification Data Collection

Previous version had no excerpt; current version now provides specific detail that biometric data is collected for ID verification purposes.

Geolocation Data Collection

Severity downgraded from 'high' to 'medium' and provision renamed from 'Precise Geolocation Data Collection' to 'Geolocation Data Collection,' suggesting reduced emphasis on precision tracking.

Automated Decision-Making and Profiling

Provision renamed from 'Algorithmic Profiling and Automated Matching' with added section reference 'Our Use of Algorithms' providing more specific policy documentation.

Third-Party Data Sharing with Service Providers

Severity downgraded from 'high' to 'medium' and reframed from 'Third-Party Advertising Data Sharing' to 'Third-Party Data Sharing with Service Providers,' narrowing scope from advertising to service assistance.

Cross-Border Data Transfers

Previous version had no excerpt; current version provides section reference with explicit focus on handling and storage procedures.

View full change record →

High — 2 provisions

Biometric and ID Verification Data Collection Compare →

Bumble collects biometric information as part of its profile and ID verification features, which may include facial recognition or similar biometric identifiers used to confirm your identity.

Added May 8, 2026 Standard Seen across 284 platforms
Special Category and Sensitive Data Processing Compare →

Bumble acts as the data controller for all personal information collected through its app and sites, which means it is legally responsible under GDPR for how that data, including sensitive profile data about sexual orientation, religion, and ethnicity, is used.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Geolocation Data Collection Compare →

Bumble collects your geolocation information, which may include precise location data depending on your device settings and how you use the app.

Added April 3, 2026 Standard Seen across 284 platforms
Automated Decision-Making and Profiling Compare →

Bumble uses algorithms and automated systems to make decisions about which profiles you see and who sees you, which constitutes profiling under GDPR.

Added May 10, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing with Service Providers Compare →

Bumble shares your personal information with third-party companies that help run the service, such as technology providers, analytics platforms, and others, though the policy states this is limited to the circumstances it describes.

Added May 10, 2026 Standard Seen across 252 platforms
Cross-Border Data Transfers Compare →

Bumble may transfer your personal information to countries outside the one where you live, including outside the EU or EEA, using legal mechanisms intended to protect the data during transfer.

Added May 8, 2026 Standard Seen across 284 platforms
User Rights Under GDPR and CCPA Compare →

Bumble acknowledges a broad set of data subject rights including the right to access, correct, delete, port, restrict, and object to processing of your personal information, as well as rights specific to California residents under CCPA/CPRA.

Added May 10, 2026 Standard Seen across 284 platforms
Message and Communication Content Collection Compare →

Bumble collects and stores the content of messages you send and receive through the platform, including communications between users.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Policy Update and Notification Mechanism Compare →

Bumble reserves the right to update its privacy policy at any time, with the latest posted version governing data use; the company states it will notify users by email or in-app notice for material changes.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Bumble has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Automated Profiling and Matching Algorithms and similar clauses.

Compare across platforms →