Nearly three million people uploaded photos to OkCupid expecting those images would stay on a dating app. Instead, the photos ended up training facial recognition software, handed over by the company’s own founders to an AI firm they’d personally invested in.
Match Group settled a Federal Trade Commission lawsuit last week over the transfer, which the agency says violated OkCupid’s privacy policy and was actively covered up for years. The consent decree permanently bars Match Group and OkCupid from misrepresenting their data practices and puts them under compliance reporting for a decade.
The settlement carries no financial penalty.
Three million users’ photos, demographic profiles, and location data were funneled to a facial recognition company with zero restrictions on use, and the regulatory consequence is a promise not to lie about it again.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
The data transfer happened in September 2014. Clarifai, an AI company building image recognition systems, asked OkCupid for a large dataset of user photos.
The request wasn’t routed through a business development team or vetted by legal. OkCupid’s founders were financially invested in Clarifai, and the ask came on that basis, one investor helping out another. OkCupid’s president and chief technology officer were directly involved in the data transfer, and one of the founders allegedly sent the photos from his personal email account, bypassing any corporate oversight or audit trail.
No contract governed the handoff. No restrictions were placed on what Clarifai could do with the data. Clarifai never provided any business services to OkCupid.
OkCupid’s privacy policy at the time told users the company wouldn’t share personal information with third parties except as described in the policy, or when users were given a chance to opt out. Neither applied here. The photos, the location data, and the demographic details went to a facial recognition startup because insiders wanted them to, and nobody asked the people in those photos whether that was acceptable.
Clarifai’s CEO and founder later said his company used the OkCupid images to build a service that could identify the age, sex, and race of detected faces. Dating profile pictures, uploaded by people looking for romantic connections, became raw material for technology that could be sold to police departments, government agencies, and military operations.
When The New York Times reported on the arrangement in 2019, OkCupid’s response was carefully evasive. The company told the paper that Clarifai had contacted OkCupid about a possible collaboration and that no commercial agreement had been entered into. That framing was technically true and functionally misleading. There was no commercial agreement because the data was given away for free, a favor between a company and its founders’ investment. The FTC alleged that OkCupid did not address whether Clarifai had gained access to photos without consent, and described the response as part of a broader pattern of concealment. The agency said it ultimately had to enforce its Civil Investigative Demand in federal court after OkCupid obstructed the investigation.
Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, said, “The FTC enforces the privacy promises that companies make.” He added, “We will investigate, and where appropriate, take action against companies that promise to safeguard your data but fail to follow through.”
“The alleged conduct at issue does not reflect how OkCupid operates today,” OkCupid spokesperson Michael Kaye. “Over the years, we have further strengthened our privacy practices and data governance to ensure we meet the expectations of our users.” Match and Clarifai did not immediately respond to requests for comment.
The settlement, filed March 30, 2026 in the US District Court for the Northern District of Texas, permanently prohibits misrepresenting data collection, use, and disclosure practices. Match Group did not admit wrongdoing. The Commission vote was 2-0.
What the settlement doesn’t do is more revealing than what it does. There’s no fine. There’s no requirement to delete the data Clarifai received. There’s no penalty for the twelve years of alleged concealment. There’s no action against Clarifai itself. The settlement creates a compliance framework that only produces consequences if Match Group violates the order going forward, meaning the first violation is effectively free.
