Security at Tinder

A secure and trusted place to spark new connections

The Tinder Security Team’s mission is to build the best security organisation in the world, ensuring our members have a secure place to spark new connections. Because you entrust Tinder with your information, the security of our application and the privacy of your data is a top priority. Ensuring we maintain a robust, transparent and accountable security programme is core to our commitment to you.

Internal Tinder security practices

The security programme at Tinder protects our organisation and your data at every turn, utilising a combination of industry-leading security infrastructure, responsible data practices and security best practices to stay ahead of the evolving number of threats facing all internet services and infrastructure. Our security programme focuses on the following areas:

Internal Information Security Programme: we strive to increase security and reduce risk within our digital environment. We proactively build secure access protocols and network architecture to enable systematic control of internal access to Tinder’s facilities, systems and resources, using the least privilege paradigm. Tinder enforces the use of two-factor authentication (2FA) internally.

Application/infrastructure security: security is engineered and integrated at all levels of our development lifecycle to help enable the creation of better, safer products, and to ensure secure design and engineering principles. Our applications and systems, including new features, code and configuration changes pass through security design reviews and assessments by our internal teams. Additionally, many of these applications and systems undergo routine independent and rigorous pen tests by reputable third-party security experts.

Governance, risk and compliance: at Tinder, security awareness begins on day one and it is a continuous process thereafter. All employees undergo security and privacy training annually. Security is everyone’s responsibility at Tinder. We have implemented and enforced physical, operational and technical processes and controls, as well as security policies and procedures to secure our systems and member data. We perform extensive security risk assessments of our system and our third-party vendors regularly to ensure a secure posture.

Red Team/offensive security: our internal Red Team identifies previously unknown security vulnerabilities in existing systems and workflows through offensive security testing. This group simulates real-world attacks on all areas of the company and prioritises upleveling security posture to address areas of greatest risk. Our goal is to gain insight into any potential exposures, and to continuously test to reduce the likelihood of a breach.

Monitoring and threat management: access to our infrastructure and systems is continuously logged and monitored. A security monitoring, investigation, threat hunting and response programme is in place at Tinder to alert, investigate, triage and remediate security events.

Compliance certifications, standards and regulations

Tinder is the first dating app to be recognised for comprehensive information security practices in accordance with internationally accepted standards, achieving the ISO/IEC 27001:2013 certification for our Information Security Management System. View certificate

In addition, we undergo yearly audits by independent firms to ensure our compliance with SOX and PCI-DSS Security requirements.

Reporting security vulnerabilities

Tinder welcomes input from the security research community in identifying potential issues and ways to improve the security of our applications, infrastructure and member data. We encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to vulnerability@gotinder.com. We are committed to addressing security issues responsibly and in a timely manner. To protect our members, we request you please refrain from sharing information about any potential vulnerabilities with anyone outside of Tinder until we have had the opportunity to review and address them with you. We appreciate your help in keeping Tinder secure for our community.

The policy and scope of the bug bounty programme can be found here. We explicitly prohibit Denial of Service (DoS) testing, social engineering or use of destructive automated scanning tools.

For questions, concerns or issues with your profile, or to report another member or profile, please visit https://www.help.tinder.com/ to contact our Support Team.