The Cambridge Analytics saga has revealed to the world how seemingly innocuous information can reveal more about us that we ever intended; how the simple act of cross-referencing one innocuous detail with another, allows third-party companies to build a profile of the most intimate aspects of our lives, including voting behavior.

But in the background a different data story has been unraveling, one where incredibly sensitive information has been knowingly shared with third parties. This week it was revealed that until Monday, the gay hookup app Grindr has been sharing information on users’ HIV status with two different third-party apps—Localytics and Apptimize—who manage the apps optimization.

The story came to light after Buzzfeed News brought a Norwegian NGO’s story to wider attention; that the app was offering any qualifying HIV testing sites free advertising to its 3.6 million US users to encourage regularly STI test.

In light of the news, the world’s largest queer dating app published a blog post admitting they have severed ties with the aforementioned companies and begged people not to conflate it with the Cambridge Analytica story: “We never sold, nor will we ever sell, personal user information—especially information regarding HIV status or last test date—to third parties or advertisers,” they said.

They seemed to think users’ main issues were with third parties making a profit. “No advertisers have ever had access to HIV status or last test date, unless they viewed it in your public profile.”

But the real problem at the heart of all these data stories is that personal information is being fed into retrofitted features. One person may have consented to use their information for other users to see, but they weren’t warned about the potential of it being shared with companies or advertisers.

It seems as soon as an app has become an integral part of our lives, they start chipping away at our data, using it to bolster their advertising offerings. Although Grindr says sensitive data, like HIV status, was scrubbed of any identifying features, the point remains that the information was still shared without users knowing.

People make their HIV status public in their Grindr profile for dating reasons. It’s not for advertisers, or anyone else for that matter, to go scraping this information and using it to their advantage. Was this ever a part of the apps initial terms and conditions? As people start to question the link between how they intend public information to be used and how it’s actually used, the next revelation of another company that flouts their data responsibilities seems to be only around the corner.