Security at JotCV
Your resume data is sensitive. We take security seriously at every layer of our infrastructure.
How we protect your data
Encryption at rest & in transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your resume data is never stored in plaintext.
Secure cloud infrastructure
JotCV runs on AWS infrastructure with VPC isolation, private subnets, and strict security group rules.
No data selling
We never sell, rent, or share your personal data or resume content with advertisers or third-party data brokers.
Access controls
Your resume data is accessible only to you. Our team accesses data only when required to provide support, with full audit logging.
Security practices
Passwords are hashed using bcrypt with salt rounds
Authentication tokens expire and are rotated regularly
Rate limiting on all API endpoints to prevent abuse
Regular security audits and dependency vulnerability scanning
Automated backups with point-in-time recovery
CORS policies to prevent unauthorized cross-origin requests
Content Security Policy (CSP) headers on all pages
SQL injection and XSS protection via parameterized queries and input sanitization
Responsible disclosure
If you discover a security vulnerability in JotCV, please report it responsibly by emailing us at support@jotcv.com with the subject line “Security Vulnerability.”
Please do not publicly disclose the vulnerability until we have had a reasonable time to address it. We commit to acknowledging your report within 48 hours and providing a timeline for resolution.
For general questions or concerns about your data, visit our contact page or review our Privacy Policy.