The response form clearly spelled out where it got my data and laid out my rights to correct or erase my personal information. The seven attached spreadsheets were clearly labelled -- "criteria," "messages," "profile" -- and contained a comprehensive amount of data, even if all the values weren't fully explained.
The only problem: This was not my data.
How big tech manages your personal information
Instead, it belonged to Jon, a man from one of New York's outer boroughs who declined to be identified by his full name. I inadvertently learned a lot about him.
I know Jon's birthday, personal email address, alma mater, ethnicity, height and occupation. I know that he's Catholic and likes vodka.
I can infer his home address from the GPS coordinates of where the app was opened.
I also know exactly who Jon wants to date: men aged 23-50, either Latino or Caucasian, in a 10-mile radius.
It was a data breach, caused by an attempt at data transparency.
I could see how many people he'd matched with and whether they'd chatted, as well as his attractiveness rating on a scale of one to six (one being the most attractive, Brandon told me, with the "vast majority of users being between two to three"). This guy was apparently a two.
In short, this was a lens into some of a stranger's most personal and identifiable information. It was a data breach, caused, ironically, by an attempt at data transparency.
It took less than five minutes for me to pinpoint his online social media profiles and reach out.
"I think it's a major invasion of privacy, but I can see how these mistakes happen," said Jon. "Coffee Meets Bagel should be held accountable, but ultimately it's up to me to be more selective with where I share my data voluntarily." Jon said he had not requested any of his own data and hadn't used the app in several years.
Arum Kang, Coffee Meets Bagel's co-founder and CEO, said that the mix-up came from basic human error. An employee mistyped my internal user ID number into the automated tool for pulling data and failed to double-check that the system spat out the right person's information.
"It's definitely a really good learning opportunity for us," Kang said. "Honestly if you hadn't brought it up we wouldn't have caught it."
Kang said the company has since reviewed every subject access request it's received to ensure this hasn't happened in other instances. She also said that the company will from now on ensure that a second person manually checks every personal file before it's sent out.
Beyond voyeurism, the kind of information Coffee Meets Bagel sent to me could easily be used for identity theft.
Perusing our own personal data at times feels uneventful -- of course I know my own address -- but peeking at someone else's file can underline just how much dating apps know about us. Think of the reams of personal info listed not only in everyone's profiles but also in messages to potential crushes: hopes, dreams, pets, favorite bands, attempts at humor. Now multiply that by the millions of active users Kang says the app has.