Your job search data is personal and sensitive. We take its protection seriously with multiple layers of security.
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Your passwords are hashed with bcrypt and never stored in plaintext.
Hosted on Supabase (AWS Mumbai region) with SOC 2 Type II compliance. Database access is controlled via row-level security policies.
Row-level security ensures you can only access your own data. Admin access requires multi-factor authentication and is logged.
Your API keys (OpenAI, Claude) are encrypted at rest and never exposed to other users. They are only decrypted server-side when processing your requests.
We conduct quarterly security reviews, dependency audits, and vulnerability assessments. Critical patches are deployed within 24 hours.
We maintain a documented incident response plan. In the event of a breach, affected users are notified within 72 hours per DPDP requirements.
Supabase Auth with JWT tokens, bcrypt password hashing, optional OAuth via Google/LinkedIn
PostgreSQL Row-Level Security (RLS) on every table; users cannot access others' data at the database level
TLS 1.3 for all connections. HSTS headers enforced. Certificate pinning on mobile.
Razorpay PCI DSS Level 1 compliance. We never see or store full card numbers.
Automated daily backups with 30-day retention. Point-in-time recovery available.
24/7 uptime monitoring, anomaly detection on login patterns, automated alerting for suspicious activity
If you discover a security vulnerability, we appreciate responsible disclosure. Please report it to us privately so we can fix it before it's publicly known.
Report vulnerabilities to: security@aijobcopilot.in
We acknowledge reports within 24 hours and provide status updates within 72 hours. We do not pursue legal action against good-faith security researchers.