So a friend texts you a screenshot of some viral TikTok about the Tea dating app and asks: should I actually sign up for this thing? That’s the real question, and most tutorials skip it. They walk you through the signup screens and call it a day. This guide does the opposite – it treats Tea as a decision first, and a set of buttons second.
Because here’s what makes Tea unusual: it’s not a dating app. It’s a companion app for people who already use dating apps. And its story includes one of 2025’s messier data breaches, which changes how a sensible person should approach the signup flow.
What Tea actually is (and isn’t)
Not a place to match with anyone. Tea is a women-only lookup tool – verified users search men before meeting them. The AI checks your selfie to confirm you’re a woman; once through, you can post photos of men from social media or dating profiles, run them through reverse image search, check sex offender registries, pull basic criminal background data, and award a “green flag” or “red flag” rating. There’s also a Tea Party group chat. That’s the product.
Free to download. Some background-check features reportedly sit behind in-app purchases (as of mid-2025 – check the current App Store listing, this changes). Screenshots are disabled inside the app – which sounds like a privacy win until you read what happened in July 2025.
The pre-signup checklist nobody publishes
Before you hand over a selfie and a driver’s license, run through this. Five minutes now versus a headache later.
- Strip location data from your selfie. On iPhone: Settings → Privacy → Location Services → Camera → Never. On Android: Camera app → settings → toggle off location tags. During the 2025 breach, trolls pulled EXIF metadata from leaked photos and built an approximate location map of Tea subscribers. The selfie itself wasn’t the risk – the coordinates baked into the file were.
- Use a burner email, not the one tied to your bank or LinkedIn.
- Assume your ID is not deleted immediately. Tea’s own privacy policy promised selfies would be “deleted immediately following the completion of the verification process.” The July 2025 breach exposed 13,000 verification IDs that were still sitting in storage, months or years later. The retention promise has been broken before.
- Regional availability: whether the app is currently on your local store is worth checking independently – availability has reportedly shifted since the breach, though no confirmed regional list exists as of this writing.
Signing up: what actually happens
The flow is short but slower than most apps. First, log in with Google, Apple, or Facebook. Then pick a completely anonymous screen name and enter your date of birth. Last step: submit a selfie and a photo of a government ID. After that, a human or automated review verifies the gender check – and then you wait.
New accounts can sit in a queue for a day or two. Turns out, inviting friends reportedly bumps you forward – TikTok users figured this out, though Tea hasn’t documented it officially. Think of it less like downloading an app and more like getting on a list.
One practical tip: Take the selfie inside the app itself, not from your camera roll. Photos from your camera roll carry old EXIF data – location, device ID, timestamp. A live capture through the app strips most of that, and it’s what the AI verifier expects anyway.
The waitlist isn’t explained in the onboarding. It’s the kind of thing you only find out after submitting your ID and then staring at a spinner for 48 hours. Which raises a question worth sitting with: how comfortable are you with a company holding your government ID while you’re not yet even a user?
Using the tools without becoming a defendant
Once you’re in, the useful features are the search tools. Phone number lookups, background checks, criminal records, sex offender registry, reverse image search – that’s what actually helps you vet a stranger before a first date. The gossip feed is a different thing entirely.
Anonymous posting is not legally anonymous. Sean Cook’s legal team reportedly fields about three legal threats per day from men named on the platform (as of 2025). Courts can subpoena Tea, and Tea has your ID. The account and the identity connect. One earlier example – a public anonymous Google Doc listing men in media accused of misconduct – ended with the list’s originator settling a defamation suit for a six-figure sum after one of the named men sued her.
The catch: use Tea to search, not to post. Reading is low-risk. Writing is not.
The breach – what leaked, and who it hit
| What leaked | How many | Who was affected |
|---|---|---|
| Selfies + government IDs | ~13,000 | Users who signed up before Feb 2024 |
| Post / comment / DM images | ~59,000 | Same legacy user group |
| Private DMs (separate flaw) | 1.1+ million | Messages from early 2023 through July 2025 |
July 25, 2025: an anonymous 4chan post claimed Tea was storing identity-verification images in an unsecured Firebase bucket – and included a download link. Tea confirmed the breach the same day and brought in external cybersecurity help. The exposed data came from a legacy storage system covering users who registered before February 2024, when Tea had migrated to newer infrastructure. The old system had never been properly secured or wiped.
Here’s the part most write-ups miss: that was one vulnerability. Security researcher Kasra Rahjerdi found a second, completely separate database – no authentication required – containing 1.1 million+ private messages spanning from early 2023 through the week of the discovery. Tea disabled DMs on July 29. NPR’s timeline covers the sequence in full.
So: “post-migration” was not safe. The image leak affected older accounts. The DM leak affected nearly everyone. By August 6, 2025, federal class action suits had consolidated in the Northern District of California, alleging inadequate safeguards and problems with breach notification. That litigation is ongoing as of late 2025.
Honest limitations
Tea’s core value is crowdsourced warnings about specific men. That’s only as good as the people posting – and three legal threats per day suggests a non-trivial fraction of posts are contested.
- The AI gender check makes mistakes. Trans users, non-binary users, and women whose selfies the model misreads all report friction getting through verification. Tea doesn’t publish accuracy rates.
- Reverse image search catches lazy catfish. A scammer using AI-generated or lightly edited photos may pass through without flagging.
- The community skews toward outrage. That’s not unusual for any anonymous review platform – but it matters more here because the posts carry real identifying information about real people.
Tea describes itself as a newer version of the whisper networks women have always maintained – informal warnings passed between friends. The difference is scale and permanence. A whispered warning stays in a room. A Tea post, once indexed, doesn’t.
FAQ
Is the Tea app safe to use in 2025?
Safer than it was in July 2025. Not risk-free. Treat any ID or message you submit as potentially exposable – because once is already on record.
Can I check if a specific man is on Tea without joining?
No – you need a verified account to search. If you’re a man who wants to know whether you appear on the platform, your realistic options are: ask a woman you trust to look you up, or go the legal route. Third-party “Tea checker” sites in search results are almost universally scraper scams or legally dubious data-resale tools. Some men have filed defamation suits instead – courts can subpoena Tea’s records, which is one reason the platform holds ID in the first place.
What happens to my ID after verification?
Officially, Tea’s policy says it’s deleted right after the check. In practice, 13,000 earlier users discovered their IDs were still in storage months or years later when the July 2025 breach hit. Whether current storage practices actually match current policy is something no independent auditor has confirmed – as of late 2025, that’s a genuine unknown. Sign up assuming worst-case retention. If that’s not acceptable, that’s a completely reasonable reason not to sign up.
Before you download: run the pre-signup checklist above – especially the location metadata step. Then pull Tea’s current privacy policy from their official site and compare what it says now against what was promised before July 2025. Security.org’s breach breakdown has the specific policy language that was contradicted. If the current policy uses identical wording without any update note, that tells you something about how seriously it’s being maintained.