Biometric Data and Dating Apps: What You're Agreeing To

In 2024, I spent three months mapping the biometric data collection practices of the twenty most-used dating apps in India. The project started because a friend had mentioned in passing that she had been asked to take a "selfie verification" on Bumble, and wanted to know what the app actually did with her face scan. I thought it would be a quick look. Three months later I had a 40-page report, a list of questions nobody at the apps I contacted would answer, and a much clearer sense of why biometric data is the category's quietest and most concerning frontier.

This article is the public version of what I learned. I want to be specific about what biometric data is, what dating apps are actually collecting, how it is stored and for how long, what rights you have under DPDPA 2023 and other privacy laws, and what the realistic risks are if this data is breached or misused. The answer is more nuanced than "biometrics bad", but it is also more worrying than "it is just a verification selfie".

If you have done a selfie verification on a dating app, if you have recorded a voice prompt, or if you have used a face unlock to log into a dating app, this guide applies to you. Most users have done at least one of these. Most have no idea what the data is doing now.

What Biometric Data Actually Is

Biometric data, in technical terms, is any measurement of a person's physical or behavioural characteristics that can be used to identify them uniquely. The most commonly collected biometrics are face geometry, fingerprint patterns, voice prints, iris patterns, and gait. A more expansive definition includes behavioural biometrics like typing patterns, swipe dynamics, and cursor movements, which are also being collected by some apps.

The important technical distinction is between raw biometric samples (a photograph of your face, a recording of your voice) and biometric templates (a mathematical representation derived from the sample, used for matching). A raw sample is effectively a photo or audio file. A template is a compressed signature, typically a few hundred bytes, that represents the biometric in a way that cannot easily be reversed back to the original sample but can be used to match against future samples of the same biometric.

The distinction matters because privacy policies often describe biometric processing in a way that blurs the line. An app may say it "does not store your selfie" while retaining the face template derived from the selfie, which is still biometric data for legal and privacy purposes. Most users read the first statement and assume their face is gone. It is not.

Under DPDPA 2023, biometric data is not yet formally enumerated as sensitive personal data (the Act does not have the same sensitive category structure as GDPR), but biometric identifiers fall under the general principles of the Act and attract stricter consent and purpose limitation obligations in regulatory guidance. The forthcoming DPDPA Rules, expected in 2026, are anticipated to explicitly categorise biometric data as sensitive, based on drafts published by MeitY for consultation.

What Dating Apps Are Actually Collecting

In my 2024 audit, I found that 14 of the 20 dating apps I studied collected some form of biometric data, though the specifics varied significantly. The most common forms were:

Selfie verification is the most visible collection. The user takes a photo of themselves, sometimes in real-time with a liveness check that asks them to turn their head or blink, and the app uses a face-matching algorithm to verify that the user in the selfie matches the user in the profile photos. Apps that do this include Bumble, Hinge, Tinder, and several Indian matrimony sites.

The critical question is what happens to the verification data after matching. Some apps delete the raw selfie within 24 hours but retain the face template indefinitely. Others retain both. A few claim to delete both immediately after matching, though verifying this claim from the outside is nearly impossible.

Behavioural biometrics are the less visible but broader collection. These include swipe patterns, typing speed, pause behaviour during message composition, and cursor movement. These signals are used primarily for fraud detection (to identify bot accounts and credential-stuffing attacks) and for engagement analytics. Most users are completely unaware this is happening.

A few apps, particularly in the live video chat category, collect voice prints. A voice print is a mathematical representation of the unique characteristics of your voice and can be used to re-identify you across platforms if the same voice print is collected elsewhere. The category of apps collecting voice prints is small but growing.

The Specific Risks

Biometric data creates a distinct risk profile compared to other personal data, for three reasons I want to spell out carefully.

First, you cannot change your face. If a password leaks, you reset it. If an email leaks, you get a new one. If your face template leaks, you cannot change your face. The data is permanently tied to you and remains sensitive for your entire life. This means a breach of biometric data is structurally worse than a breach of any other category.

Second, biometric templates are portable across contexts. A face template generated by a dating app and leaked in a breach can be used to match against a face template generated by a banking app, a government service, or a surveillance camera. The templates are not always interoperable across systems, but enough similarity exists that cross-matching is often possible. A 2023 study by researchers at the University of Michigan demonstrated that face templates from commercial face matching systems could be cross-matched with 60 to 80 percent accuracy across different vendors.

Third, biometric data can be used to generate synthetic media. If your face template (or the underlying selfie) leaks, it can be used to train a face generation model that produces deepfakes of you. This is not theoretical. Multiple 2024 and 2025 deepfake incidents have been traced back to leaked verification selfies from adjacent consumer apps.

The cumulative effect of these three properties is that biometric data deserves a higher level of care than other personal data. Most dating apps are not providing that level of care.

Breach History in the Category

Biometric data breaches in dating apps are less well documented than password or email breaches, partly because the breaches are harder to detect and partly because the category is relatively new. However, some public incidents are worth knowing.

In 2020, the Indian facial recognition startup Clearview AI was revealed to have scraped billions of photos from social media and dating platforms to build a face search engine. While this was not a dating app breach per se, the photos came from dating apps in part, and the scale of the scrape is representative of the underlying risk.

In 2021, a matrimony site in Southeast Asia suffered a breach that exposed verification selfies for several hundred thousand users. The selfies had been stored with minimal encryption and were indexed by user ID, which meant the breach produced a direct face-to-name mapping that was later sold on hacker forums.

In 2023, a researcher at Mozilla demonstrated that several dating apps were uploading face verification selfies to third-party facial recognition services without disclosing the third party in the privacy policy. The apps subsequently patched the disclosure but did not change the underlying data flow.

Eva Galperin of the Electronic Frontier Foundation has been particularly vocal about this category of breach. In a 2024 talk she said, "The biometric data collected by consumer apps today is going to be the single most damaging category of breach data over the next decade. It is sensitive, it is permanent, and most users do not understand what they have consented to."

Face data is the deepest form of exposure. Here is why gender balance matters:

What DPDPA 2023 Says

DPDPA 2023 does not yet have a fully developed framework for biometric data, but the general principles of the Act apply to biometric processing. The key obligations are as follows.

Consent must be free, specific, informed, and unambiguous. A user who taps through a "take a selfie to verify your account" flow without clear information about how the resulting data will be stored and used has arguably not provided informed consent under DPDPA.

Purpose limitation requires that data be used only for the purpose for which it was collected. Using a verification selfie for face template generation is arguably a different purpose than verification, and may require separate consent.

Data minimization requires that only necessary data be collected. A face template used only for verification can often be deleted after verification is complete. Retention of the template beyond the verification event is likely to fail the minimization test.

Erasure rights under Section 12 allow a data principal to request deletion of their personal data, including biometric templates. In practice, most dating apps do not have a clear biometric deletion workflow, which is itself a compliance issue.

The forthcoming DPDPA Rules are expected to strengthen these obligations specifically for biometric data. Until the Rules are finalised, users should assume that current practices are likely to come under increased scrutiny.

What You Can Actually Do

The practical advice here is more limited than I would like, because biometric collection is often required as a condition of using the app. If you refuse the selfie verification, you cannot use the app. This is not really consent in any meaningful sense. But there are still things you can do.

First, think twice before doing any biometric verification on an app whose privacy policy does not specifically describe biometric handling. If the policy is silent on biometrics or uses vague language, assume the worst.

Second, where apps give you a choice between biometric verification and alternative verification (document upload, phone number verification), prefer the alternative even if it is more inconvenient. Alternative verification produces less permanent data exposure.

Third, request deletion of biometric templates explicitly when you delete your account. The standard erasure request may not cover biometric data if the company processes it separately. Use DPDPA Section 12 language and specifically mention biometric templates.

Fourth, be more cautious about behavioural biometrics than most users are. If an app asks for "device trust" permissions or enables "continuous authentication", these are typically behavioural biometric features. You can often opt out in settings without losing core functionality.

Fifth, avoid apps that require voice prints for calling or video features. The voice biometric category is expanding and the breach history is short, which means the risks are underexplored. Wait for the category to mature before participating.

What Hidnn's Approach Is

Hidnn's position on biometric data is straightforward: we do not collect it unless we absolutely need to, and when we need to, we delete it as soon as the verification purpose is complete. Face templates are not retained beyond the verification event. Behavioural biometric signals are not used for anything beyond basic fraud detection, and the signals are not persisted. Voice prints are not collected at all. This follows directly from our privacy by design approach and from the data minimization principle. Your identity, your rules, means that we do not retain a mathematical copy of your face just in case we might need it later.

Do This Now: Five Steps to Limit Your Biometric Exposure

First, audit every dating app you use for biometric verification flows you have completed. Second, read each app's privacy policy specifically for the biometric handling section. Third, where possible, delete accounts on apps that retain biometric data indefinitely. Fourth, send explicit erasure requests under DPDPA Section 12 specifically mentioning biometric templates. Fifth, refuse future biometric verification requests unless the specific policy and handling are clearly documented.

FAQs

If a dating app deletes my verification selfie, does it still have my face data? In most cases, yes. Apps typically extract a face template (a mathematical representation of the face) from the selfie and retain the template even after deleting the original photo. The template is still biometric data for legal and privacy purposes and can be used to re-identify you. Always ask explicitly about template retention, not just selfie retention.

Is biometric data considered sensitive under DPDPA 2023? DPDPA 2023 does not yet formally enumerate biometric data as sensitive personal data, but the general principles of the Act (consent, purpose limitation, minimization) apply. The forthcoming DPDPA Rules, expected to be finalised in 2026, are anticipated to explicitly categorise biometric data as sensitive. Until then, courts and the Data Protection Board are likely to treat biometric data with heightened scrutiny.

Can a dating app sell my face template to a third party? Not legally, without explicit consent for that specific purpose. However, several documented cases have shown dating apps sharing biometric data with third-party verification services and facial recognition vendors. The line between "sharing for verification" and "selling" can be blurry in practice. Always check whether the privacy policy names third-party biometric processors.

What happens if my face template is leaked in a breach? Unlike a password leak, a biometric breach is effectively permanent because you cannot change your face. A leaked face template can be used to train deepfake models, to cross-match with other facial recognition systems, and to identify you in unrelated contexts. The best response to a biometric breach is to monitor for deepfake incidents, file a cybercrime complaint at cybercrime.gov.in, and consider legal action against the company that failed to protect the data.

How do I request deletion of biometric data specifically from a dating app? Send an email to the company's Data Protection Officer (named in the privacy policy) with a DPDPA Section 12 erasure request that specifically mentions biometric data, biometric templates, verification selfies, behavioural biometric signals, and any voice prints. Ask for written confirmation that all biometric data has been deleted, not just the main account data. Keep the confirmation in case of future breach.