Security at Tinder

A secure and trusted place to keep the magic of human connection alive!

The Tinder Security team’s mission is to build the most secure organisation in the world, ensuring our members have a private and secure place to keep the magic of human connections alive.

Because you entrust Tinder with your information, the security of our application and the privacy of your data is our top priority. Ensuring that we maintain a robust, transparent and accountable security programme is core to our commitment to you.

Internal Tinder security practices

The security programme at Tinder protects our organisation and your data at every turn, by utilising a combination of industry-leading security infrastructure and responsible data practices, as well as security and privacy best practices, to stay ahead of the evolving number of threats facing Internet services and infrastructure.

Our security programme is focused on the following domains:

Internal Information Security Programme: we strive to increase security and reduce risk within Tinder’s digital environment. We proactively build secure access protocols and network architecture to enable systematic control of internal access to Tinder’s facilities, systems and resources, using the least privilege paradigm. Tinder enforces the use of two-factor authentication (2FA), internally.

Application/Infrastructure Security: security is engineered and integrated at all levels of our development lifecycle to help enable the creation of better, safer products, as well as to ensure adherence to secure design and engineering principles. Our applications and systems, including new features, code and configuration changes, pass through extensive security design reviews and assessments by our internal teams. Additionally, many of these applications and systems undergo routine independent and rigorous pen tests through reputable third-party security experts.

Governance, Risk and Compliance: at Tinder, security awareness begins on day one and is a continuous process thereafter. All employees undergo security and privacy training the moment they start, as well as annually. Security is everyone’s responsibility at Tinder. We have implemented and enforced physical, operational and technical controls, and enforced security policies and procedures, to secure our systems and member data. In addition to performing extensive internal security risk assessments, we also perform in-depth reviews of the security posture of our third-party vendors.

Red Team/Offensive Security: our internal Red Team identifies previously unknown security vulnerabilities in existing systems and workflows through offensive security testing. This group simulates real-world attacks on all areas of the company and prioritises upleveling security posture to address areas of greatest risk. Our goal is to gain insight into potential exposures, and to continuously test to reduce the likelihood of a breach.

Monitoring and Threat Management: Access to our infrastructure and systems is continuously logged and monitored. The Tinder security monitoring, investigation, threat hunting and response programme ensures that we are alerted about, and appropriately investigate, triage and remediate security events.

Compliance certifications, standards and regulations

Tinder is the first dating app to be recognised for its comprehensive information security and privacy practices in accordance with internationally accepted standards, achieving the ISO 27001:2022, ISO 27017:2015 and ISO 27701:2019 certifications for our Information Security and Privacy Management System.

Independent firms also perform yearly audits to ensure our compliance with SOX and PCI-DSS security requirements.

Reporting security vulnerabilities

Tinder welcomes input from the security research community in identifying potential issues and ways to improve the security of our applications, infrastructure and member data. We encourage security researchers to responsibly disclose any potential vulnerabilities they uncover to our Bug Bounty programme. We are committed to addressing security issues responsibly and in a timely manner. To protect our members, we request that you please refrain from sharing information about any potential vulnerabilities with anyone outside of Tinder until we have had the opportunity to review and address them with you. We appreciate your help in keeping Tinder secure for our members.

For questions, concerns or issues with your profile, or to report another member or profile, please visit https://www.help.tinder.com/ to contact our Support team.