GirlsApp
Почати
Back to home

Security

Last updated: April 11, 2026

The security of your data is our absolute priority. GirlsApp is built on modern security practices used by the largest SaaS platforms. Here is how we protect you.

TLS 1.3 Encryption

All connections between your browser and our servers are secured with TLS 1.3, using Let's Encrypt certificates renewed automatically.

Argon2id for Passwords

Your passwords are never stored in plain text. We use Argon2id — winner of the Password Hashing Competition — with a unique salt per password.

Encryption at Rest

Sensitive data (WhatsApp credentials, tokens) is encrypted with AES-256-GCM at the application level before being written to the database.

JWT in httpOnly Cookies

Sessions use JWT tokens stored in httpOnly cookies with Secure and SameSite=Lax flags. Not accessible to JavaScript — XSS protection.

CSRF Double-Submit

Every mutating action is protected by a CSRF token (double-submit cookie pattern). Automatic token refresh upon expiration.

Rate Limiting

Strict limits on login attempts, registration, and API calls. After several failed attempts, hCaptcha is triggered, followed by account lockout.

Infrastructure

Our servers are hosted in secure European Union data centers, certified to ISO 27001 standards. Physical access is strictly controlled, with 24/7 video surveillance and biometric authentication.

  • Docker containerization with isolated networks
  • Firewall with port whitelisting
  • SSH with public keys (no passwords)
  • Fail2ban to prevent brute-force attacks
  • Automatic OS security updates
  • Isolated databases (no direct external access)

Bot and fraud protection

  • hCaptcha on registration — protection against automated mass signups
  • Adaptive hCaptcha on login — triggered after failed attempts
  • Rate limiting per IP and per account
  • Account lockout after 5 failed login attempts
  • Security event logging for later analysis

Backup and recovery

We perform daily automatic database backups, encrypted and stored in a separate geographic location. We regularly test the restore procedure to guarantee its reliability.

Responsible disclosure

Found a vulnerability? Let us know!

We welcome vulnerability reports. If you discovered a security issue in GirlsApp, please report it responsibly to:

security@girlsapp.pink

We commit to acknowledge receipt within 48 hours and keep you updated on the remediation progress.

What you can do for your own security

  • Use a strong, unique password (at least 10 characters)
  • Never share your credentials
  • Always check the URL: https://girlsapp.pink
  • Log out when you're done, especially on shared computers
  • Beware of phishing emails: we will never ask for your password
  • Report any suspicious activity immediately