Security & Privacy

Authentication & accounts

Employer accounts are protected with email + password. Passwords are checked against the Have I Been Pwned breach corpus and rejected if known to be compromised. Sessions are stored in your browser and you can sign out at any time.

Access controls

Every database table uses row-level security. Employers can only read and edit their own company profile and jobs. Administrative actions (approvals, rejections, account management) are gated by a server-verified admin role — never by client-side flags.

Data we store

• Account: email, name, and the company you represent.
• Company profile: name, website, description, HQ, logo and cover image.
• Jobs you submit, their status, and basic engagement counts (views, apply clicks).

We do not store CVs or candidate applications — candidates apply directly with the employer via the link you provide.

Encryption & hosting

All traffic is served over HTTPS. The database, authentication and file storage are hosted on managed, SOC 2-compliant infrastructure with encryption in transit and at rest. Backups are managed by the underlying platform.

Public information

Approved jobs and the public-facing parts of company profiles (name, logo, website, description, HQ) are visible to anyone. Owner identifiers, contact emails and admin notes are never exposed to the public.

Your rights

You can request a copy of your data, ask us to correct it, or request deletion of your account and listings at any time. Contact us via the contact page and we'll respond within 30 days.

Reporting a vulnerability

If you believe you've found a security issue, please email us through the contact page with details and steps to reproduce. We appreciate responsible disclosure and will acknowledge reports promptly.