A security researcher has discovered that user data was until recently leaking from two health apps: Hzone, a dating app for HIV-positive singles, and iFit, a fitness app.

These two leaks together affect far fewer people than some other breaches, however the health app leaks are significant because they contained, in some cases, unusually sensitive and personal information. They also underscore how many health apps do not have to comply with federal patient privacy laws — even if they collect personal information — if they do not share that information with doctors and others bound by those same privacy laws.

In the case of Hzone, such information included names, email addresses, birthdays, relationship statuses, number of children, sexual orientation, sexual experiences, and messages like this, according to DataBreaches.net: “Hi. I was diagnosed 3 years ago now. CD4 and Viral Load is relatively good. I’m therefore not on Meds yet. My 6-monthly blood tests are due in June. Planning to go in meds. I’m worried about the side effects. What kinds of side effect have you experienced? Xx.” As many as 5,000 users appeared in the breach.  Read more via Buzzfeed