Pour ToiPour Toi logo

Security Practices

Last updated: February 12, 2026

Pour Toi uses layered technical and operational controls to protect accounts, sessions, and user data.

1. Account and Session Security

  • Device-bound sessions with token refresh controls and revocation support.
  • Server-side fraud and risk checks on sensitive auth and account actions.
  • Rate limits on login, password reset, nearby scanning, and messaging write operations.

2. Identity and Abuse Prevention

  • Camera-based avatar verification and anti-duplicate checks before core feature unlocks.
  • Automated and manual moderation support for harmful behavior reports.
  • Safety actions in-app: block, report, and conversation-level controls.

3. Transport and Platform Security

  • HTTPS in production with strict transport headers.
  • Content Security Policy and permissions policy applied on web responses.
  • Security headers to reduce common browser attack surface.

4. Data Handling and Access

  • Least-privilege access approach for production operations.
  • Audit-friendly consent and policy records for NEARBY and privacy features.
  • User controls for account deletion and data-related requests.

5. Security Contact

Report security concerns: security@pourtoi.love