How Connections handles your data — engineered to industry-standard security controls (SOC 2 / ISO 27001 / NIST 800-53 / GDPR / DPDPA aligned) with end-to-end encrypted messaging and tamper-evident audit logs.
Direct messages are encrypted using the Signal Protocol (X3DH key agreement + Double Ratchet) via libsodium. Only sender and recipient can read message content — Connections servers never see plaintext.
All client-server traffic uses TLS 1.2+. Local message storage is encrypted with SQLCipher (AES-256). Server-side data uses MongoDB encryption at rest and AWS S3 server-side encryption.
Every privileged admin action is recorded in a SHA-256 hash-chained audit log. Modifying past entries breaks the chain — detectable on every verification cycle.
Audit records sealed daily to AWS S3 Object Lock in COMPLIANCE mode for 7 years. Even root AWS access cannot delete sealed records before retention expiry.
Real-time alerting on suspicious admin patterns (burst deletions, failed-login bursts, PII fishing, new-IP logins, chain integrity breaks). Critical events page on-call within minutes.
GDPR Art. 25 honored: passwords, tokens, and payment fields are redacted at write-time before reaching any log. Region-aware consent management (GDPR / CCPA / DPDPA / LGPD / PIPEDA / APPI).
Admin panel uses Google / Facebook OAuth with MongoDB allowlist. Four-tier RBAC (superadmin / auditor / admin / viewer). Every admin action is logged and reviewable.
Image uploads pass through NudeNet (NSFW), age estimation ML, and AI text moderation (Google Gemini / OpenAI) before reaching public surfaces. NSFW detection in chat runs on-device so server never sees decrypted media.
We engineer to industry-standard control frameworks. Each row below describes the framework, what it requires of audit-and-access controls, and our current alignment.
| Framework | Scope | Status | Evidence |
|---|---|---|---|
| SOC 2 Type II | Common Criteria CC4 (audit), CC6 (access), CC7 (monitoring), CC8 (change) | Controls aligned | Hash-chained audit log, RBAC split, alerting cron, before/after diffs on mutations |
| NIST 800-53 r5 | AU family (Audit & Accountability) — AU-2 through AU-12 | Met | Centralised emitter, cryptographic non-repudiation, content + retention + protection |
| ISO 27001:2022 | A.8.15 Logging, A.8.16 Monitoring, A.5.34 PII, A.5.10 Acceptable use | Controls aligned | Logging policy enforced; PII-read allowlist; access reviews via admin RBAC |
| GDPR (EU) | Art. 5 (integrity), 25 (privacy by design), 30 (records of processing), 32 (security) | Met | Region-aware consent; DSR endpoints; PII redaction; 7-year processing records |
| CCPA / CPRA (California) | §1798.100 right to know; §1798.105 right to delete | Met | Data export endpoint; account-deletion flow; consent toggle |
| DPDPA 2023 (India) | §7 consent; §8 obligations; §11 right to correction/erasure | Met | Granular consent; localized DSR; retention policy 1-3y aligned |
| PCI DSS 4.0 | §10 (Logging) — applies to payment-webhook surface | Controls aligned | 10.2 content / 10.5 protection / 10.7 retention all met |
| App Store / Google Play | Audit trail for moderation + financial dispute history | Met | All moderation decisions logged with diff + reason; 7y subscription history |
| SOC 2 Type II Certification | External audit firm sign-off | Roadmap | Controls in place; engagement with auditor planned 2026 H2 |
Status legend: Met — all listed controls implemented and verifiable. Controls aligned — controls implemented; pending external audit attestation. Roadmap — planned within next 12 months.
Every admin action gets a sequence number, prevHash, and SHA-256 entryHash. Daily integrity verification cron alerts on any break.
S3 Object Lock COMPLIANCE mode with 2557-day retention. Immutable even to root AWS account.
Audit events teed to dedicated Kafka topic for downstream Splunk / Datadog / ELK consumption.
Every state-changing admin action records before-and-after values for affected fields.
5 detection rules running every 60s: burst-delete, burst-block, failed-login bursts, new-IP logins, PII fishing.
Auditor role can read full audit trail but cannot modify user data. Plain admins see only their own actions.
Mongoose security plugin blocks $where, $expr, dangerous operators globally. HTTP parameter pollution + XSS guard at request layer.
Every client request signed with HMAC-SHA256. Replay protection via 2-min timestamp window + Redis nonce store.
Redis-backed cluster-aware rate limiter on auth endpoints. Per-user fraud signals (signup velocity, like-rate, message-rate).
13 strict-opt-in regulatory regions detected automatically (GDPR, DPDPA, LGPD, PIPEDA, APPI, PIPA, APA, POPIA, VCDPA, CPA, CTDPA, UCPA, CCPA).
Audit log MongoDB collection auto-prunes via TTL; sealed copy preserved 7y in WORM archive.
OpenTelemetry traceId on every audit row — joins audit event to any downstream service trace.
We use the following providers to deliver Connections. Each subprocessor has been evaluated for security, signed appropriate data-processing agreements, and (where applicable) maintains its own SOC 2 / ISO 27001 attestations.
| Subprocessor | Purpose | Region | Their attestations |
|---|---|---|---|
| Amazon Web Services (AWS) | Compute, storage (S3), CDN, Object Lock archive | ap-south-1 (primary), us-east-1 (CDN) | SOC 2 Type II, ISO 27001, PCI DSS |
| Google Firebase | Push notifications (FCM) | us-central1 | SOC 2 Type II, ISO 27001 |
| Google Gemini API | AI bio generation, content moderation | us-central1 | SOC 2 Type II, ISO 27001, ISO 27018 |
| OpenAI API (fallback) | AI content (when Gemini unavailable) | US | SOC 2 Type II |
| Stripe / Apple / Google Play | Payment processing | US / EU / IN | PCI DSS Level 1, SOC 2 Type II |
| Nexmo (Vonage) | SMS OTP delivery | Global | ISO 27001 |
We maintain an incident response plan with defined severity levels, escalation paths, and notification timelines. In the event of a confirmed personal data breach:
Suspected security issues should be reported to connections@dating-universe.com with subject line "Security Vulnerability Report". See our Security Policy for full responsible-disclosure guidelines.
For enterprise customers, procurement teams, or compliance reviews — request a security questionnaire, sample audit-log report, or our written policies via the contact below. We respond within 5 business days.
For compliance questions: connections@dating-universe.com
For security disclosures: connections@dating-universe.com (subject "Security Vulnerability Report")