Bumble uses algorithms and automated systems to make decisions about which profiles you see and who sees you, which constitutes profiling under GDPR.
This analysis describes what Bumble's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automated profiling in a dating app context can significantly affect who you are able to connect with, and under GDPR users have specific rights related to automated decision-making that produces significant effects on them.
Interpretive note: The policy acknowledges algorithm use but the extent to which the disclosed transparency satisfies GDPR Article 22 requirements regarding logic, significance, and envisaged consequences is uncertain without reviewing the full Article 13/14 notices presented to users.
Bumble's updated privacy policy discloses that the new BeePitched feature processes personal data including names, phone numbers, photos, and pitch content from users and non-users. According to the policy, this information is used to operate the feature, moderate content, investigate reports, and prevent misuse. Access to pitches is limited to pitch subjects, invited contributors, authorized Bumble personnel, and service providers. The disclosure establishes what data the feature collects and how it is used, but does not describe user controls or settings for opting out of being featured in a pitch.
View change record →Bumble's privacy policy previously disclosed that the company operates servers in the US, UK, and EU. The updated policy removes the UK from this list, stating only US and EU servers. For UK-based users, this change may alter where personal data is actually stored and processed, which can affect data protection rights and latency. UK users may want to review the updated privacy policy to understand the new data storage arrangements and determine whether they align with their privacy expectations.
View change record →UK users may experience a change in data storage and processing infrastructure. The updated policy discloses that servers in the UK are no longer part of Bumble's stated network, meaning UK user data may now be processed and stored in EU data centers instead of potentially UK-based infrastructure. This could have implications for data residency expectations and regulatory compliance frameworks that apply to UK-based data processing. Review Bumble's updated data transfer documentation if you have specific data locality requirements.
View change record →Provision renamed from 'Algorithmic Profiling and Automated Matching' with added section reference 'Our Use of Algorithms' providing more specific policy documentation.
View full change record →Bumble's matching algorithms process your profile data, behavior, and preferences to determine what content you see; EU and UK users have rights to obtain information about the logic involved and to object to solely automated decisions that significantly affect them under GDPR provisions on automated processing.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Bumble has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our Use of Algorithms— Excerpt from Bumble's Bumble Privacy Policy
REGULATORY LANDSCAPE: The use of automated decision-making and profiling implicates GDPR Article 22, which provides data subjects the right not to be subject to solely automated decisions that produce legal or similarly significant effects, and requires specific transparency disclosures about the logic involved. The UK ICO has published detailed guidance on AI and automated decision-making that applies to Bumble's UK user base. The EU AI Act, once fully applicable, may also engage provisions on certain AI system categories used in consumer-facing services. GOVERNANCE EXPOSURE: Medium. Matching algorithms are operationally central to Bumble's service and inherently involve profiling based on personal data including sensitive characteristics (such as sexual orientation, religion, and ethnicity, which may be inferred from user-provided profile data). The policy discloses algorithm use but the level of transparency about the logic, data inputs, and significant effects provided to users may not fully satisfy GDPR Article 22 and associated transparency requirements. JURISDICTION FLAGS: EU and UK users have the strongest rights under GDPR and UK GDPR Article 22. California users have rights under CPRA related to automated decision-making in certain contexts. The Illinois AEDT (Artificial Intelligence Video Interview Act) does not directly apply, but emerging state AI transparency laws may create additional obligations. CONTRACT AND VENDOR IMPLICATIONS: If third-party AI or analytics vendors power Bumble's matching algorithms, those vendors must be assessed as data processors under GDPR Article 28, and their involvement in automated decision-making should be documented in the Records of Processing Activities. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether Bumble's algorithm disclosures satisfy GDPR Article 13/14 transparency requirements regarding the existence of automated decision-making, the logic involved, and the significance of the processing for the data subject. A Data Protection Impact Assessment under GDPR Article 35 may be required given the scale of profiling and its effects on users' ability to form personal connections.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automated profiling in a dating app context can significantly affect who you are able to connect with, and under GDPR users have specific rights related to automated decision-making that produces significant effects on them.
Bumble's matching algorithms process your profile data, behavior, and preferences to determine what content you see; EU and UK users have rights to obtain information about the logic involved and to object to solely automated decisions that significantly affect them under GDPR provisions on automated processing.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bumble.