Face Geometry and Biometric Data Collection

What it is

Hinge collects face geometry data when you use features like Selfie Verification or Face Check, and acknowledges this may qualify as biometric data depending on where you live.

Why it matters (compliance & governance perspective)

Biometric data is among the most sensitive personal information because it cannot be changed if compromised, and several US states impose strict legal requirements on how companies collect, store, and delete it.

Consumer impact (what this means for users)

If you use Selfie Verification or are in a region where Face Check is required, Hinge collects your face geometry data. Depending on your state, you may have specific rights regarding how long this data is retained and whether you were properly notified before collection.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Face geometry data collection implicates Illinois BIPA, Texas CUBI, Washington's My Health MY Data Act, and potentially other state biometric privacy statutes. Illinois BIPA in particular requires a written policy, informed written consent prior to collection, and a defined retention and destruction schedule; violations carry statutory damages of $1,000 to $5,000 per violation. The FTC may also have jurisdiction over deceptive or unfair data practices related to biometric collection under Section 5 of the FTC Act. GOVERNANCE EXPOSURE: High. The policy's hedge that face geometry 'may be considered biometric data in some jurisdictions' rather than affirmatively identifying it as biometric suggests a global rather than jurisdiction-specific disclosure posture, which may be insufficient under BIPA and analogous statutes that require affirmative pre-collection notice and consent. Whether Face Check is 'required' in certain regions raises additional questions about whether consent is freely given when participation is mandatory. JURISDICTION FLAGS: Illinois BIPA creates the most acute exposure given its private right of action. Texas CUBI and Washington state laws create additional state-level obligations. For EEA and UK users, face geometry processed for identity verification may qualify as biometric data under GDPR Article 9 requiring explicit consent and a documented Article 9(2) exemption. In-scope jurisdictions should be mapped and jurisdiction-specific consent flows evaluated. CONTRACT AND VENDOR IMPLICATIONS: Any third-party vendors processing face geometry data on Hinge's behalf would require data processing agreements addressing biometric-specific obligations, retention schedules, and security standards. Procurement teams should assess whether current vendor contracts address BIPA-specific requirements including destruction timelines. COMPLIANCE CONSIDERATIONS: Legal teams should confirm whether a BIPA-compliant written policy and consent mechanism exists for Illinois users specifically, whether Face Check consent flows satisfy 'freely given' standards where the feature is described as required in certain regions, and whether retention and destruction schedules for face geometry data are documented and operationalized.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Match Group Cross-Platform Ban and Safety Data Sharing medium
• Sensitive Profile Data Collection and Consent high
• Data Retention After Account Deletion medium
• Advertising, Profiling, and Legitimate Interest Processing medium
• Government ID Collection medium
• Cross-Border Data Transfers medium

Related Analysis

• Netflix Updated Terms Authorize Voice Data Collection: April 2026

  Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.

• What Google Actually Knows About You

  Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.