Data Security
Your resume contains sensitive personal and professional information. Here's how we protect it.
Security-First Architecture
We've built Match That Role with security as a foundational principle, not an afterthought. Every layer of our infrastructure is designed to protect your data.
End-to-End Encryption
Your data is encrypted at every stage—during upload, while being processed, and when stored.
In Transit
All communication between your browser and our servers uses TLS 1.3 encryption, the same security standard used by banks and financial institutions.
https:// ensures no one can intercept your resume during uploadAt Rest
Your resume files are encrypted using AES-256 encryption before being stored. Even if someone gained physical access to our servers, they couldn't read your data.
During Processing
When our AI analyzes your resume, it happens in isolated, encrypted processing environments that are destroyed immediately after analysis.
Secure Infrastructure
We use enterprise-grade cloud infrastructure with multiple layers of security.
Cloud Security
- Hosted on Supabase (built on AWS)
- ISO 27001 certified data centers
- SOC 2 Type II compliant
- Regular security audits and penetration testing
Network Security
- Firewall protection and DDoS mitigation
- Intrusion detection systems
- Automated threat monitoring
- Rate limiting and abuse prevention
Database Security
- Row-level security policies
- Automated daily backups
- Encrypted database connections
- Access logging and monitoring
Monitoring
- 24/7 security event monitoring
- Anomaly detection and alerts
- Real-time threat response
- Regular security log reviews
Strict Access Controls
We limit who can access your data and track every access attempt.
User Data Isolation
Your data is completely isolated from other users. No user can access another user's resumes or analyses—this is enforced at the database level through row-level security policies.
Employee Access
Only a small number of authorized personnel have access to production systems, and all access is:
- Logged and auditable
- Time-limited and requires justification
- Protected by multi-factor authentication
- Subject to confidentiality agreements
Authentication Security
Your account is protected by:
- Secure password hashing (bcrypt)
- Optional two-factor authentication
- Session management and automatic timeout
- Protection against brute force attacks
Compliance & Standards
We adhere to industry standards and regulations to ensure your data is protected.
GDPR Compliant
We comply with the General Data Protection Regulation, giving you control over your personal data.
CCPA Compliant
California Consumer Privacy Act rights are respected, including data access and deletion.
Data Minimization
We only collect data necessary for our services and delete it when no longer needed.
Regular Audits
Independent security audits and vulnerability assessments conducted regularly.
Incident Response
We have a comprehensive plan in place to respond to any security incidents.
In the unlikely event of a security breach, we will:
- 1Immediately contain and investigate the incident
- 2Notify affected users within 72 hours
- 3Provide clear information about what data was affected
- 4Offer guidance on protective measures you can take
- 5Implement fixes and additional security measures
Your Role in Security
Security is a shared responsibility. Here's how you can help protect your account:
✓ Do
- • Use a strong, unique password
- • Enable two-factor authentication
- • Keep your email account secure
- • Log out when using shared devices
- • Report suspicious activity immediately
✗ Don't
- • Share your password with anyone
- • Use the same password on multiple sites
- • Click suspicious links in emails
- • Access your account on public WiFi
- • Leave your account logged in unattended
Security Questions or Concerns?
Se hai domande sulle nostre pratiche di sicurezza o devi segnalare un problema di sicurezza, contattaci immediatamente.