Precise Geolocation Data Collection and Sharing

What it is

Grindr collects your precise GPS location and may share it with advertising and analytics partners, not just to show you nearby users.

Why it matters (compliance & governance perspective)

The authorization to collect and share precise geolocation data represents a core operational practice that enables the service's location-based functionality while also establishing data flows to third-party advertising and analytics entities. This practice has direct implications for the types of information parties receive about user location and behavior patterns.

Consumer impact (what this means for users)

Your real-time GPS coordinates may be shared with third-party advertising and analytics companies, which could allow those parties to build detailed profiles linking your physical movements to your LGBTQ+ identity and health information.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Precise geolocation constitutes personal data under GDPR and may qualify as sensitive in context when combined with information about sexual orientation or health status. CPRA treats precise geolocation as sensitive personal information, requiring businesses to provide a right to limit its use and disclosure. Several US states including Virginia, Colorado, Connecticut, and Washington have enacted privacy laws with specific provisions for geolocation data. The FTC has taken enforcement action against companies misusing location data. GOVERNANCE EXPOSURE: High. The combination of precise location data with sensitive identity and health data in an LGBTQ+ context is a recognized high-risk processing activity. Sharing this data with advertising partners amplifies regulatory exposure under both GDPR and US state privacy laws. JURISDICTION FLAGS: California CPRA creates a specific right to limit use of precise geolocation as sensitive personal information. Washington state's My Health MY Data Act may apply if location data is used in connection with health-related features. EEA users benefit from GDPR requirements for data minimization and purpose limitation on location processing. CONTRACT AND VENDOR IMPLICATIONS: Advertising and analytics vendors receiving precise location data should be reviewed under GDPR Article 28 or CCPA contractor agreements. Any vendor onward-sharing location data to additional parties without Grindr's authorization could create joint controller or liability issues. COMPLIANCE CONSIDERATIONS: A data protection impact assessment (DPIA) is likely required under GDPR for systematic processing of precise location data in combination with special category data. Consent mechanisms for location data sharing with advertising partners should be reviewed to ensure they are specific, informed, and withdrawable. CPRA-specific opt-out infrastructure for precise geolocation sharing should be audited.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Collection of HIV Status and Health Information high
• Sexual Orientation and Identity Data Processing high
• Third-Party Advertising and Analytics Data Sharing high
• User Rights for EU, UK, and California Residents medium
• Data Retention medium
• Cross-Border Data Transfers medium

Related Analysis

• Netflix Updated Terms Authorize Voice Data Collection: April 2026

  Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.

• What Google Actually Knows About You

  Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.