Allas AngelsШлюбна агенція · Засн. Бургас

Trust

Security & Data Protection

This page is maintained by Sima Tech Ltd, operator of Alla's Angels, to summarise the technical and organisational measures we have in place to protect member data, in line with Article 32 of the EU General Data Protection Regulation.

It describes controls currently enabled in our application and infrastructure. It is not a certification and does not imply formal SOC 2, ISO 27001 or similar audit outcomes.

Encryption in transit and at rest

All traffic to allasangels.com is served over HTTPS (TLS 1.2+). Member data, verification documents and message content are stored in a managed Postgres database and object storage with encryption at rest applied by our infrastructure provider.

Row-level access control

Every database table that holds member data enforces row-level security. A signed-in member can only read or modify their own profile, preferences, matches, conversations and messages — enforced by the database itself, not by client code.

Private document storage

ID photos, selfies, marital-status proofs and criminal record certificates are uploaded to a private storage bucket. Files are not publicly addressable and are accessible only to the uploader and to the screening team via short-lived signed URLs.

Strong authentication

Authentication is handled by a managed identity provider with hashed credentials, session tokens scoped to short lifetimes, and protection against credential stuffing. Leaked-password screening can be enabled to block known-compromised passwords at sign-up.

Manual human vetting

Every applicant clears a document check and a live video screening interview before their account is activated. This is the most important fraud control on the platform — it stops scams at the door rather than after they happen.

Least-privilege admin access

The screening team can only see what they need to vet an applicant. Roles are stored in a separate, server-evaluated table — never on the user profile — so a member cannot grant themselves elevated privileges from the client.

EU-region hosting

Our database, authentication, file storage and serverless functions run on EU-region infrastructure provided by Lovable Cloud. Personal data does not leave the EEA except under the safeguards described in our Privacy Policy.

Automated abuse filters

In-app messaging blocks financial requests, payment-related vocabulary and external contact-info exchanges. Each ladies' inbox is capped at two active conversations to prevent overload and patterned manipulation.

Shared responsibility

Security on a matchmaking platform is shared between three parties:

  • Our infrastructure provider is responsible for physical data-centre security, network protection, encryption-at-rest primitives, database backups and platform-level patching.
  • Sima Tech Ltd is responsible for application-level access control, row-level security policies, vetting procedures, admin access management, incident response and notifying members and regulators if required.
  • Members are responsible for keeping their password and device secure, signing out on shared devices, and reporting any suspicious behaviour or unauthorised account activity to us immediately.

Reporting a security concern

If you believe you have found a security vulnerability, or you suspect that an account has been compromised, please email security@simatech.bg with a description of the issue and the steps to reproduce it. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.

For privacy-related requests (access, correction, deletion) please see our Privacy Policy.