直 Japanese PDF Font
  • Our Professionals
  • Our Work
  • Our Insights
  • Offices
  • Firm
  • Careers
Finnegan
  • Articles & Books
    • Ad Law Buzz Blog
    • At the PTAB Blog
    • European IP Blog
    • Federal Circuit IP Blog
    • INCONTESTABLE® Blog
    • Prosecution First Blog
  • Events & Webinars
  • IP Updates
  • Podcasts
    • AI + Finnegan
    • AI + Copyright
    • AI + Patent
    • AI + Privacy
    • AI + Trade Secrets
    • AI + Trademark
  • Unified Patent Court (UPC) Hub

Article

The Tea App: The Importance of App Privacy and Security

August 20, 2025

By Lynn Parker Dupree; Ngozi D. Akingbesote, Ph.D.

In an age where digital platforms increasingly shape our relationships, the Tea Dating Advice app bills itself as a “must-have app helping women avoid red flags before the first date with dating advice, and showing them who’s really behind the profile of the person they’re dating.” While the “anonymous” reviews of men on the app raised a separate set of privacy concerns, the recent data breaches of the Tea app highlight the importance of app security and its impact on user privacy.

In order to join the app, users were required to provide an identity document like a driver’s license and a selfie to validate their identity and gender. While the privacy policy stated that the selfies would be deleted after authentication, public reports state that the data was not deleted but instead held in publicly available data buckets without authentication requirements, resulting in the compromise of approximately 72,000 images, 13,000 of which were selfies and identification documents, while the other images were posted within the app. Some of the data was shared on message boards, and message board users reportedly used location metadata associated with the photos to map Tea members’ locations.

After discovering the initial compromise, researchers later discovered that over 1.1 million private messages exchanged on the app had also been compromised. The Tea app disabled private messaging in the aftermath of the discovery. Multiple class action lawsuits have been filed in the wake of the breach.

This breach is a cautionary tale for developers building platforms that handle sensitive personal data as well as for consumers providing the data. Developers should keep these key privacy and cybersecurity considerations in mind:

  • Adhere to privacy policy statements: Despite promising to delete IDs post-verification, the Tea app retained them, which resulted in their compromise. Consumers rely on the statements in privacy policies. These statements help them make more informed decisions about whether and how they engage with your products. Misstatements can open companies up to deceptive trade practice claims.
  • Prioritize data security: Do not store data, particularly sensitive data, in public data buckets. User data should be encrypted in transit and at rest, and access controls and audit logs are foundational to ensuring that only authorized individuals have access to the data
  • Operationalize data minimization: Data, and the insights derived from data, can be very valuable, but collecting excess data poses additional cyber risk. Only collect what is necessary to accomplish your stated goals. Additionally, set up automated processes to delete unnecessary or outdated user data to minimize the harm that could occur in the event of a breach.

Tags

privacy policy, cybersecurity, cyber

Related Practices

Diligence, Licensing, and Opinions

Privacy

Related Industries

Consumer Goods and Services

Related Offices

Reston, VA

Washington, DC

Related Professionals

Lynn Parker Dupree
Partner
Washington, DC
+1 202 408 4462
Email
Ngozi D. Akingbesote, Ph.D.
Patent Agent
Reston, VA
+1 571 203 2421
Email

Copyright © Finnegan, Henderson, Farabow, Garrett & Dunner, LLP. This article is for informational purposes, is not intended to constitute legal advice, and may be considered advertising under applicable state laws. This article is only the opinion of the authors and is not attributable to Finnegan, Henderson, Farabow, Garrett & Dunner, LLP, or the firm’s clients.

Related Insights

Articles

The SECURE Data Act: A Federal Privacy Framework Moves Forward

June 16, 2026

Articles

The TAKE IT DOWN Act Is Now in Full Effect: What Platforms Need to Know

June 16, 2026

Articles

California Reaches Record $12.75 Million CCPA Settlement with General Motors Over Driver Data

June 4, 2026

Articles

Colorado Replaces Landmark AI Act: An Overview of the New SB 26-189 Framework

May 26, 2026

Articles

COPPA’s Amended Rule Is Now in Full Effect: What Operators Need to Know

May 15, 2026

Conference

Privacy Symposium

April 20-24, 2026

Venice

Articles

Recent Developments in Video Privacy Protection Act Litigation

April 3, 2026

Conference

International Privacy & Data Laws

March 25-27, 2026

Loch Lomond

Podcasts

AI Training, Data, and Governance: Copyright Battles and Legal Requirements

February 6, 2026

Due to international data regulations, we’ve updated our privacy policy. Click here to read our privacy policy in full.

  • Privacy
  • Disclaimer
  • Legal Notices
  • Fraud Alert
  • EEO Statement
  • Cookies
  • Contact Us

© 2026 Finnegan, Henderson, Farabow, Garrett & Dunner, LLP