Security & Data Protection

Your resume contains your most sensitive professional information. We take security seriously and have implemented multiple layers of protection to ensure your data remains private and secure.

Zero Risk Architecture

Even in the unlikely event of a data breach, your information would be completely unreadable. All sensitive data is encrypted with AES-256-GCM, and we never store original files or plain text personal information.

Encryption at Rest

Every piece of personal data is encrypted before storage using military-grade encryption.

AES-256-GCM Encryption

All personal and professional data is encrypted at rest using AES-256-GCM, the same standard used by banks and government agencies. Each encryption operation uses a unique initialization vector (IV) for maximum security.

Zero Plain Text Storage

Your name, email, phone, address, work history, education, skills - everything is encrypted before it touches our database. Even if our database were compromised, your data would be unreadable.

EU Data Hosting

All data is stored on Hetzner servers in Nuremberg, Germany. This ensures full GDPR compliance and keeps your data within EU jurisdiction with strong data protection laws.

What We Encrypt

Personal Data

Full name
Email address
Phone number
Location/address
LinkedIn, GitHub, portfolio URLs

Professional Data

Work experience & history
Education & degrees
Skills & certifications
Projects & publications
Generated CVs & cover letters

Secure File Handling

We never store your original files. Everything is processed in memory and immediately discarded.

Immediate File Deletion

When you upload a CV for parsing, the file is processed in memory and immediately deleted from our servers. We never store your original PDF or DOCX files - only the encrypted parsed data.

On-Demand PDF Generation

Generated CVs and cover letters are created on-demand when you request them. No PDF files are stored on our servers. Each download generates a fresh document from your encrypted data.

Account Security

Secure Password Storage

Passwords are hashed using bcrypt with automatic salting. We never store or see your actual password - only an irreversible hash.

Two-Factor Authentication

Enable 2FA with TOTP-based authenticator apps for an extra layer of security. Even if your password is compromised, your account remains protected.

HTTPS Everywhere

All connections use TLS 1.3 encryption. Data in transit is always encrypted between your browser and our servers.

GDPR Compliance

We fully comply with the EU General Data Protection Regulation. Here are your rights:

Right to Access

Export all your data in JSON format anytime from your account settings.

Right to Rectification

Edit your profile data anytime to correct inaccuracies.

Right to Erasure

Delete your account and all associated data permanently with one click.

Right to Portability

Download your data in a machine-readable format (JSON).

Technical Details

Encryption Algorithm: AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)

Key Management: Encryption keys are stored separately from data using environment variables, never in the database

IV Generation: Each encryption operation uses a cryptographically secure random 12-byte initialization vector

Authentication Tag: 16-byte authentication tag ensures data integrity and detects tampering

Storage Format: Base64-encoded concatenation of IV + Auth Tag + Ciphertext

Third-Party Services

Hetzner (Germany) - Server hosting in EU datacenter with GDPR compliance
Cloudflare - CDN, DDoS protection, and WAF (Web Application Firewall)
Stripe - Payment processing. We never see or store your card details
Cloudflare R2 - Temporary file storage for CV parsing (files deleted immediately after processing)

Security Questions?

If you have security concerns or want to report a vulnerability, please contact us at [email protected]

← Back to jobs