Last updated: 2025-10-15

Security Overview

Last updated: 2025-10-15

We take a pragmatic, layered approach to security.

Hosting & data

  • Hosting: Vercel
  • Database/Auth/Storage: Supabase (Postgres, RLS)
  • Payments: Stripe (we do not store card data)
  • Model Inference: Anthropic/OpenAI (no training on your data; prompts/results used only to service your request)

    • Controls

  • Transport: HTTPS/TLS everywhere
  • Encryption at rest: provider defaults (DB/storage)
  • Access control: least privilege, role-based access, audit logs
  • Secrets: managed via environment variables/secret manager
  • Backups: automated database backups with tested restore
  • Data deletion: one-click account deletion; raw uploads purged post-processing
  • Vulnerability management: dependency scanning, regular patching

    • Incident response

    We investigate and notify you without undue delay if your data is impacted, in line with applicable law.

    Contact security

    Report concerns to hello@resumesync.app with subject "Security".