Analysts claim AI is creating a “Dating 3.0” moment as people use agents to tweak profiles, weed out scam artists and even write flirty DM’s. Latest research shows people accept use of AI when it helps them meet their dating goals, but how can apps and privacy professionals ensure this ‘sexy’ tech is enjoyed responsibly?

I spent much of 2025 working with a client in the online dating app space, which was a fascinating shift from my previous year’s professional focus on commercial banking. Moving from a mature, regulated industry to one which has grown rapidly and will double again within the next 10 years, I needed to deep dive into the technical aspects of mobile app privacy compliance and update my knowledge of romantic predilections!

COVID lockdowns changing how we socialise, digital natives reaching adulthood and everyone spending so much time on devices are behind the majority of people now meeting online rather than through friends or work, especially in the LGBTQ+ Community. Dating apps of all persuasions have millions of individual users and are the consumer frontline for cyber threats and scams, while holding the most intimate, sensitive details on users’ lives, vulnerabilities and hopes.

In a crowded market, dating app developers are now banking on AI to give them an inside edge over their rivals. Match Group, owner of apps including Tinder and Hinge has launched new algorithms to “improve user experience”, while Bumble claims to be in the early stages of developing a “standalone AI product”. What does this all boil down to in terms of what the end user sees, and what might be the risks? On my analysis, most of the AI being employed focused either on reducing friction between the user signup and the real-life interactions which are their goal, or mitigating the effects of bad actors and antisocial behaviour.  

One new entrant, Breeze, relies on an algorithm to serve up a small number of highly targeted matches to new users who then pick one to go on a date with – no steps in between for the human to indulge their whims. Tinder and Hinge now give AI-generated feedback on people’s profiles, such as asking members to provide more detail about their interests if their initial response is too generic.

On the safety side, most apps are rolling out facial verification to ensure users are who they claim to be and check they meet legal age requirements such as the UK Online Safety Act for “User to User” services. AI is also used by all the leading apps to hand out bans for abusive messaging and violations of their conditions for use, with more complex cases triaged out to human moderations.   An interesting use of AI to improve safety and tackle inappropriate use of sexual language are Tinder and Hinge’s “Are you Sure?” prompt to users suspected of such activity. Taking technology used for stopping bad actors then flipping the script to help people do the right thing is in my opinion a useful tool to help new users in an online dating landscape which can be confusing and apparently lacking in social rules.

Recent research commissioned by Match Group from IPSOS paints a nuanced picture of people accepting AI for safety or to improve user experience but drawing the line at rapport-building. While a majority supported AI-powered detection of fake profiles and harassment, 64% of users said they were unlikely to use AI features to guide conversation, signalling a preference for keeping interaction human.

How do we navigate this complex and evolving landscape as privacy professionals, ensuring the security and rights of members’ data are preserved, without blocking progress? Lacking a pan-global, gold standard for AI regulation equivalent to GDPR, most companies turn to existing security and privacy frameworks such as NIST CSF 2.0 and ISO 27001/ 27701 as an approach to operationalising principles they endorse at board level such as transparency, fairness and keeping a human in the loop.

Dedicated regulations for AI are still fluid, with the EU first out of the gate but all regions are likely to focus on a structured, measurable process for managing risk. Meanwhile, I find the most fundamental tools of practical cyber- and privacy compliance, the Cybersecurity Risk Assessment (CRA) and Data Privacy Impact Assessment (DPIA) still to be an essential first step. Dedicated regulations for AI are still fluid, with the EU first out of the gate but all regions are likely to focus on a structured, measurable process for managing risk. Meanwhile, I find the most fundamental tools of practical cyber- and privacy compliance, the Cybersecurity Risk Assessment (CRA) and Data Privacy Impact Assessment (DPIA) still to be an essential first step.

While these activities engage internal stakeholders, introducing a due diligence questionnaire for AI procurement with external partners helps answer vital questions about how and why personal data is used, and where it ends up. Examining commercial contracts and Data Processing Agreements is vital here.

All these activities can feed into systems to monitor overall risk, and in my recent experience helping clients work towards SOC2 and ISO 27001 certification some of the platforms such as Vanta and Sprinto are well suited to handle the new challenges of AI, while agile enough for startups to adopt and maintain.

In any case, regardless of how dating app developers handle risk behind the scenes it is vital to be transparent and keep users informed about how AI is used, and why this is in their interest. If we do so, then in my experience we’ll be pleasantly surprised at user reactions and bring them along for the journey into AI-powered dating…