HabrJuly 18, 2026🇷🇺Translated from Russian

Mimolet Dating Service Data Handling and Content Moderation Review: Two Concerns and Seven Strong Practices

An experienced cybersecurity journalist conducted a detailed external review of the Mimolet dating bot, focusing on its actual mechanisms for handling user data and unwanted content rather than marketing promises. The analysis examined ordinary user flows, visible API behavior, network responses, public infrastructure details, and protective logic without access to administrative panels or internal secrets.

Photograph Processing Prevents Direct Storage of Original Files

One frequently underestimated risk in social applications involves file uploads. Users select a photo via a standard button, yet servers receive untrusted objects that cannot be accepted solely based on a .JPG extension. File names are easily altered, and original images may contain EXIF metadata including device model, camera parameters, capture date, and sometimes geolocation coordinates.

Mimolet processes uploads more rigorously. The format is determined by actual file content rather than the filename alone. Before saving, the image is decoded and re-encoded, metadata is stripped, and dimensions plus resolution are validated against limits. Corrupted or unrecognized files are rejected. This server-side re-encoding reduces image size, generates mobile-optimized versions, and removes unnecessary data while making system behavior more predictable.

Core Infrastructure Located in Russia with S3 Media Storage

The review separately verified infrastructure geography. Core application components, API, and database reside in a Russian server environment. User photographs and other media are directed to an S3 object storage service operated by a Russian cloud provider, keeping heavy media files separate from the primary database for easier scaling and delivery.

While the main contour relies on Russian infrastructure, auxiliary computing and transport components exist outside this primary environment. Exact physical location of specific S3 buckets requires contractual or regional configuration details rather than provider name assumptions.

AI Functions Primarily Run on Dedicated In-House GPU Infrastructure

Unlike applications that route every request to external public AI providers, Mimolet primarily operates language functions, speech recognition, vector embeddings, and image checks on dedicated GPU infrastructure managed by the product team. Communication occurs over protected technical channels. An external provider serves only as a backup path during main model unavailability.

Pre-Publication Image Verification Using Multiple Models

Automatic moderation occurs before content reaches public spaces. Profile photographs and images sent to public group chats undergo synchronous checks during the upload path. Two distinct systems participate: one specialized in visual detection of prohibited content and another multimodal model analyzing image semantics. Additional fragment analysis reuses one of the core models.

High-confidence prohibited content blocks publication. In serious cases the account and linked devices are also blocked. Lower-confidence signals may prevent publication without permanent sanctions. User reports and manual review supplement algorithmic filters where context matters.

Complaints Available Without Subscription and Immediately Effective

Basic self-protection tools remain accessible to all authorized users regardless of subscription status. Complaint reasons are structured into specific categories such as scams, cryptocurrency or investment offers, intimate services, and prohibited substances rather than a generic “other” option. Reported profiles disappear immediately from the reporter’s feed, and accumulated independent signals reach manual moderators whose actions are recorded in a separate audit log.

In-App Voice Calls Avoid Phone Number Exchange

Direct voice calls are permitted only between users who already share an active private chat without mutual blocks. Connections rely on internal service identifiers, WebRTC, and temporary technical data. Phone numbers never participate in the call API and are not disclosed to the other party.

First Concern: Overly Broad Data Retention Descriptions

Privacy policy language uses familiar but vague phrases such as “no longer than necessary” and “within a reasonable time.” More useful would be explicit lifecycle details for AI interaction histories, moderation materials, and backups, including automatic deletion or anonymization timelines and post-account-deletion behavior.

Second Concern: Appeals Process Lacks Dedicated Tracking

Blocked users can contact support, yet no separate appeals form, reference number, status indicator, or expected response timeframe is visible. A clearer process assigning reference numbers, showing status, and providing anonymized reason categories would improve both user experience and measurement of false-positive blocks.

Overall the service demonstrates a mature, integrated approach to security rather than isolated decorative features. Server-side photo cleaning, Russian core infrastructure, separated media storage, managed AI resources, multi-layer pre-publication checks, free complaints, logged manual moderation, and number-free voice calls form a coherent chain of protections. The two main recommendations concern greater transparency around retention periods and conversion of block appeals into a fully trackable process.