In the wake of the Facebook data-mining scandal, another tech company is coming under fire for what it’s doing with users’ private information. Queer hookup app Grindr, has allegedly given its users’ HIV statuses to two third-party companies, Apptimize and Localytics. Considering the app has about 3.6 million daily users, that’s quite the sizable privacy breach.

Researcher Antoine Pultier discovered what Grindr was up to, and BuzzFeed reported that in addition to HIV status, the app also divulged GPS data and personal contact information. Pultier explained to BuzzFeed that the “HIV status is linked to all the other information. That’s the main issue.” Ultimately, Pultier chalks the breach up to “incompetence of some developers that just send everything, including HIV status.”

Still, Grindr doesn’t believe they’re in the wrong since they were not paid by data-optimization firms for their users' HIV data. As Grindr’s chief technology officer Scott Chen explained, “Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem.” Chen also maintains that “no user information is sold to third parties.”

Meanwhile, the breach stands to threaten the “relatively unique place” Grindr has created to openly talk about HIV status. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety," said James Krellenstein, a member of AIDS advocacy group ACT UP New York, "that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community."