Security at dontpoke.me
Last updated: February 21, 2026
For information about what data we collect and how we use it, see our Privacy Policy.
This page focuses on how we protect the platform and your account.
Overview
dontpoke.me is designed with a security-focused approach. We apply practical safeguards to protect user accounts, system integrity, and platform reliability.
We prioritize:
- Encrypted connections
- Minimal data retention
- Server-side processing
- Controlled third-party integrations
- Responsible security practices
Transport Security
All platform traffic is encrypted using HTTPS.
We enforce secure connections to protect data transmitted between users and our servers.
Account Security
Passwords are hashed and never stored in plaintext.
Authentication mechanisms follow modern best practices.
Secure session handling is implemented to reduce risk of unauthorized access.
Session Security
User sessions are protected through:
- Session tokens
- Time-based expiration
- Protection against common session attacks
Sessions expire automatically after inactivity.
Data Minimization
We collect and retain only the information necessary to operate platform features.
We do not store:
- Full third-party threat datasets
- Unnecessary raw external data
- Sensitive information beyond what is required for functionality
Users may request account deletion, which removes associated user data.
Monitoring & Alerts
Monitoring features are informational tools.
They provide change detection based on publicly available data sources. They are not a substitute for active security monitoring, intrusion detection, or enterprise-grade security services.
Threat Intelligence Data
Threat enrichment is based on publicly available security feeds.
Results reflect external data sources and may not be complete or real-time.
dontpoke.me does not guarantee detection of all threats or malicious activity.
Platform Protection
We apply safeguards to protect against abuse, including:
- Usage controls
- Rate limiting
- Controlled background processing
- Input validation
These controls help maintain stability and reliability for all users.
Responsible Disclosure
If you believe you have identified a security vulnerability, please contact:
Include:
- Clear description of the issue
- Steps to reproduce (if applicable)
- Impact assessment (if known)
Our commitment:
- We will acknowledge all reports within 72 hours
- We will investigate thoroughly and respond with findings
- We will evaluate verified issues and take appropriate action
- We will credit researchers who report responsibly (if desired)
What we ask:
- Allow reasonable time for investigation and remediation before public disclosure
- Do not exploit vulnerabilities beyond proof of concept
- Do not access or modify other users' data
dontpoke.me provides informational and enrichment tools only.
It does not:
- Provide active defense
- Guarantee security outcomes
- Prevent cyber incidents
- Replace enterprise security systems
Use of the platform is at your own discretion.