Your data security is our priority
We take a defense-in-depth approach to protecting your personal and career data. Here is how we keep your information safe.
Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups are encrypted with separate keys stored in hardware security modules.
Infrastructure
Hosted on SOC 2 Type II certified cloud infrastructure in the United States. All production systems run in isolated virtual private clouds with network-level segmentation.
Access Control
Role-based access control with least-privilege principles. All administrative access requires MFA and is logged. Employee access to user data is audited quarterly.
Monitoring
24/7 infrastructure monitoring with automated alerting. Intrusion detection systems analyze network traffic patterns. All access logs are retained for 12 months.
Compliance
SOC 2 Type II certified. GDPR compliant with Data Processing Agreements available. We conduct annual third-party penetration testing and publish summary reports.
Incident Response
Documented incident response plan with defined escalation paths. We commit to notifying affected users within 72 hours of confirmed data breaches, as required by GDPR.
AI data handling
Your resume content and career data are processed by our AI systems solely to provide you with optimized resume bullets, job matches, and interview preparation. This data is never used to train general-purpose AI models.
AI processing occurs on our own infrastructure. We do not send your full resume to third-party AI providers. Where we use external LLM APIs, we send only isolated, anonymized text fragments with no personally identifiable information.
You can request a complete export of all data we hold about you, or request permanent deletion, at any time through your account settings or by emailing [email protected].
Report a vulnerability
We appreciate responsible disclosure. If you discover a security issue, please report it to [email protected].
Contact security team