Security in Oninder

A safe and secure space to keep the magic of human connection alive! The Oninder Security team's mission is to build the best security organization in the world, ensuring our users a private and secure place to connect with others.

Your trust in Oninder motivates us to maintain a robust, transparent, and accountable security program, with the highest priority being the protection of your information and privacy.

Oninder's internal security practices

Our security program safeguards the platform and your data at all times, combining top-tier infrastructure, responsible data practices, and privacy standards to anticipate and mitigate threats.

Information security program

We strive to strengthen internal security through secure access protocols and network architectures, applying the principle of least privilege. Internally, we require two-factor authentication (2FA) for all staff.

Application and infrastructure security

We integrate security into every phase of development: all new features, code, and configurations undergo design reviews and internal security testing, as well as independent audits by external experts.

Governance, risk and compliance

From day one, all employees receive annual security and privacy training. We have implemented physical, operational, and technical controls, as well as periodic risk assessments, both our own and those of third-party providers.

Red Team / Offensive Security

Our Red Team simulates real-life attacks to identify vulnerabilities and strengthen high-risk areas through continuous testing and prioritization of improvements.

Threat monitoring and management

We continuously log and monitor access to systems and infrastructure. Our security operations center investigates, detects, and responds to incidents in real time.

Certifications and compliance

Oninder has achieved ISO 27001:2022, ISO 27017:2015, and ISO 27701:2019 certifications for its Information Privacy and Security Management System and undergoes annual audits to comply with SOX and PCI-DSS.

Vulnerability Reports

We thank the security community for their contributions. We encourage researchers to responsibly report vulnerabilities through our Bug Bounty program.