Security & Trust
Last updated 28 May 2026 ยท v2026-05-28
JobFoundry is designed and operated against the controls of ISO/IEC 27001(information security management) and ISO/IEC 27701 (privacy information management), and aligns with SOC 2 Trust Services Criteria for security and confidentiality. We are compliant with the UK GDPR, the EU GDPR, and the UK Data Protection Act 2018.
Encryption
- TLS 1.2 or higher for all traffic, HSTS enforced.
- AES-256 encryption at rest for the database and object storage.
- Secrets managed via a dedicated vault; never committed to source.
Access control
- Row-level security policies on every table containing user data.
- Service role credentials confined to server-only code; never shipped to the browser.
- OAuth via Google with optional MFA on the upstream account.
Application security
- Server functions enforce authentication at the boundary.
- Input validation on every server route.
- Continuous dependency vulnerability scanning.
Reliability & backups
- Daily encrypted backups with a 30-day rolling retention window.
- Multi-AZ managed Postgres with point-in-time recovery.
Incident response
- 24-hour personal-data breach notification commitment to controllers.
- 72-hour notification to supervisory authorities where required by Art. 33 GDPR.
Responsible disclosure
Report security issues to security@career-os.app. We acknowledge within 2 business days and aim to triage within 5.