boost my career
Enterprise-Grade Security

Your Data Security is Our Priority

We use bank-level encryption and industry best practices to keep your career data safe and secure.

Last updated: November 3, 2025

Security at a Glance

256-bit Encryption

All data encrypted at rest and in transit using AES-256 and TLS 1.3

GDPR & CCPA Compliant

Full compliance with European and California privacy laws

Regular Security Audits

Continuous monitoring and quarterly security assessments

Secure Infrastructure

Hosted on OVH Cloud with enterprise-grade security

Data Encryption

We use industry-standard encryption to protect your data at every stage:

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security)
  • At Rest: All sensitive data stored in our databases is encrypted using AES-256 encryption
  • Passwords: All passwords are hashed using bcrypt with salt, making them impossible to reverse-engineer
  • API Keys: Third-party API keys are encrypted and stored in secure environment variables

Infrastructure Security

Our infrastructure is built on enterprise-grade cloud services:

  • OVH Cloud Hosting: European data centers with ISO 27001 certification
  • Kubernetes: Container orchestration with automatic scaling and failover
  • PostgreSQL: Enterprise database with automated backups and point-in-time recovery
  • Firewall Protection: Network-level firewalls and DDoS protection
  • Regular Backups: Daily automated backups with 30-day retention

Access Controls

We implement strict access controls to protect your data:

  • Authentication: Secure authentication using BetterAuth with LinkedIn SSO
  • Session Management: Secure session tokens with automatic expiration
  • Role-Based Access: Granular permissions system (user, admin roles)
  • API Rate Limiting: Protection against brute force and abuse
  • Admin Access: Multi-factor authentication required for admin accounts

Privacy & Data Handling

We respect your privacy and handle your data responsibly:

  • Data Minimization: We only collect data necessary to provide our services
  • No Data Selling: We never sell your personal data to third parties
  • Anonymized Analytics: Google Analytics 4 with IP anonymization
  • Third-Party Services: We only use trusted partners (OpenAI, Stripe, LinkedIn)
  • Data Deletion: You can delete your account and all data at any time

Compliance & Certifications

We comply with major privacy regulations worldwide:

  • GDPR (EU): Full compliance with European data protection regulations
  • CCPA (California): Compliance with California Consumer Privacy Act
  • LinkedIn API Terms: Strict adherence to LinkedIn's API terms of service
  • OpenAI Terms: Compliance with OpenAI's usage policies
  • PCI DSS: Payment processing through Stripe (PCI Level 1 certified)

Incident Response

We have a comprehensive incident response plan in case of security issues:

  • 24/7 Monitoring: Continuous monitoring for security threats and anomalies
  • Rapid Response: Dedicated security team ready to respond to incidents
  • User Notification: We'll notify affected users within 72 hours of any breach
  • Transparency: Public disclosure of security incidents and remediation steps
  • Post-Incident Review: Thorough analysis and improvements after any incident

Security Best Practices for Users

You can help keep your account secure by:

  • Using a strong, unique password for your account
  • Never sharing your account credentials with others
  • Logging out when using shared or public computers
  • Keeping your email account secure (used for password resets)
  • Reporting any suspicious activity to [email protected]
  • Reviewing your account activity regularly

Third-Party Services

We use the following trusted third-party services, each with their own security measures:

  • OpenAI: AI-powered analysis (SOC 2 Type II certified)
  • Stripe: Payment processing (PCI Level 1 certified)
  • LinkedIn: Profile data access (with your explicit permission)
  • OVH Cloud: Infrastructure hosting (ISO 27001 certified)
  • Google Analytics: Anonymized usage analytics

Responsible Disclosure

If you discover a security vulnerability, we encourage responsible disclosure:

  • Email: [email protected]
  • Response Time: We'll acknowledge your report within 48 hours
  • Reward: We may offer rewards for valid security reports
  • Credit: We'll credit you in our security hall of fame (if you wish)

Please do not publicly disclose vulnerabilities until we've had a chance to address them.

Questions About Security?

If you have questions about our security practices or want to report a concern:

Your Data is Safe With Us

We're committed to maintaining the highest security standards to protect your career data.

Contact Security TeamRead Privacy Policy
Security - How We Protect Your Data | Boost My Career