DEEN

Hacker policies

blindmate started as a hobby project and is now a community effort with the honest intention to make the dating world more social (no marketing bullshit). As we are a small team, we welcome any support that helps us to keep our systems safe and our users’ privacy uncompromised.

Rewards

We're not profitable yet which means that at the moment we cannot pay monetary rewards. In order to value the contribution of external security researchers, we're happy to give you a free lifetime premium membership. If you're in Berlin we'd also love to meet you in our office and invite you for lunch :)

Rules

We welcome anything that helps to make our servers safe and maintain our users’ privacy. Of course, this means that you may not compromise our users’ privacy or disclose security vulnerabilities without mutual agreement. Please report any security vulnerabilities to team@blindmate.de. We will respond within a few days and will do our best to fix the issues.

Scope

All services listed below are considered as belonging to the core services of blindmate:

IP addresses

All IP addresses that DNS entries for domains in scope point to.

Domains

  • blindmate.de
  • blindmate.app
  • api.blindmate.de
  • sync.blindmate.de
  • invited.blindmate.app
  • static.blindmate.de
  • location.blindmate.de

Apps

  • eu.appiphany.blindmate on iOS AppStore
  • eu.appiphany.blindmate on Google Play Store

Exclusions

The following issues are outside the scope:

  • Attacks requiring physical access to a user's device

  • Social engineering of blindmate employees or contractors

  • Any access to data where the targeted user needs to be operating a rooted mobile device

  • Vulnerabilities affecting users of outdated browsers or platforms

  • Searching for Denial of Service (DoS) attacks is acceptable as long as the security researcher uses modest resources (e.g. shows that it is possible to cause major server load with a single consumer machine and typical bandwidth). Distributed Denial of Service (DDoS) attacks are not acceptable

  • Account takeover by gaining access to another person’s phone number or login credentials

© blindmate 2018 - 2025. All Rights Reserved.

We value your privacy!

So we simply don't store any cookies.