Security

Security

For questions, concerns or issues with your profile, or to report another user or profile, please visit Dating safety tips

Plenty of Fish considers the security of our applications and the privacy of our users’ data extremely important. While it is impossible to predict the full range of future cyber threats against our systems, we regularly assess and work to improve our security in an effort to enhance the safety of our user community.

Security practices

Other technologies such as web beacons (also called pixels, tags or clear gifs), tracking URLs or software development kits (SDKs) are used for similar purposes as cookies. Web beacons are tiny graphics files that contain a unique identifier, enabling us to recognise when someone has visited our service or opened an email we’ve sent them. Tracking URLs are custom-generated links that help us understand where the traffic to our webpages comes from. SDKs are small pieces of code included in apps, which function like cookies and web beacons.

For simplicity, we also refer to these technologies as “cookies” in this Cookie Policy.

Reporting security vulnerabilities

Plenty of Fish welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]. Reports received through this channel will receive a prompt reply, and if you do not receive such a response, we ask that you please attempt to contact us again. To protect our users, we also request that you please refrain from sharing information about any potential vulnerabilities with anyone outside of Plenty of Fish, until we have confirmed with you that any such vulnerability has been properly mitigated. Reports can be encrypted using the PGP key below.

Download Plenty of Fish's PGP Key

Plenty of Fish's bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion. We explicitly prohibit testing Denial of Service (DoS) or use of automated scanning tools against any of our applications or infrastructure.