Resumedit
Sign InGet Started

Security Policy

Last updated: January 15, 2026

1. Overview

At Resumedit, we take the security of your data seriously. This Security Policy outlines the measures we implement to protect your personal information, resume data, and account credentials.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your browser and our servers is encrypted using industry-standard TLS (Transport Layer Security) 1.2 or higher. This ensures that your information cannot be intercepted or read by unauthorized parties during transmission.

2.2 Encryption at Rest

Your data is stored securely using encryption at rest. Database credentials, API keys, and sensitive configuration data are encrypted and stored securely in our infrastructure.

3. Authentication and Access Control

  • Password Security: Passwords are hashed using bcrypt before storage. We never store plain-text passwords.
  • Session Management: Secure session tokens are used for authentication, with automatic expiration and invalidation on logout.
  • Multi-Factor Authentication: We support OAuth providers (Google) for enhanced security.
  • Access Controls: Role-based access control ensures users can only access their own data.

4. Infrastructure Security

4.1 Hosting and Infrastructure

Our application is hosted on Vercel, which provides enterprise-grade security including:

  • DDoS protection and mitigation
  • Automatic SSL/TLS certificates
  • Regular security updates and patches
  • Network isolation and firewall protection

4.2 Database Security

We use Supabase for database and storage services, which implements:

  • Encrypted database connections
  • Row-level security policies
  • Regular automated backups
  • Database access logging and monitoring

5. Content Security Policy (CSP)

We implement strict Content Security Policy headers to protect against cross-site scripting (XSS) attacks:

  • Nonce-based script execution (no unsafe-inline scripts)
  • Restricted script sources (only trusted domains)
  • Object-src and frame-ancestors restrictions
  • Strict connect-src policies for API calls

6. Payment Security

All payment processing is handled securely through Stripe, a PCI DSS Level 1 compliant payment processor. We never store or have access to your full credit card information. All payment data is encrypted and processed according to industry standards.

7. API Security

  • API Authentication: All API endpoints require valid authentication tokens
  • Rate Limiting: Select API endpoints implement rate limiting to prevent abuse (e.g., contact form submissions, analytics tracking)
  • Input Validation: All user inputs are validated and sanitized
  • Error Handling: Error messages do not expose sensitive system information

8. Monitoring and Incident Response

  • Continuous monitoring of system logs and security events
  • Automated alerts for suspicious activities
  • Regular security audits and vulnerability assessments
  • Incident response procedures for security breaches

9. Third-Party Security

We carefully vet and monitor third-party services we integrate with:

  • OpenAI: Used for AI features with strict data handling policies
  • Supabase: Database and storage with enterprise security
  • Stripe: PCI DSS compliant payment processing
  • Vercel: Secure hosting infrastructure

10. Data Retention and Deletion

You can delete your account and all associated data at any time through your account settings. When you delete your account, we permanently remove your data from our systems, except where we are required to retain certain information for legal or regulatory purposes.

11. Password Requirements

We require strong passwords to protect your account. All passwords must meet the following requirements:

  • Minimum 8 characters in length
  • At least one uppercase letter (A-Z)
  • At least one lowercase letter (a-z)
  • At least one number (0-9)
  • At least one special character (!@#$%^&*()_+-=[]{}|;:,.<>?)

Additional security recommendations:

  • Use a unique password that you don't use elsewhere
  • Enable OAuth authentication when available (Google sign-in)
  • Log out from shared or public computers
  • Keep your browser and operating system updated
  • Report any suspicious activity immediately

12. Security Updates

We regularly update our systems and dependencies to address security vulnerabilities. Critical security updates are applied as soon as possible, and we maintain a security update schedule for routine patches.

13. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to security@Resumedit.com. We appreciate your help in keeping Resumedit secure. Please do not disclose security issues publicly until we have had a chance to address them.

14. Compliance

We strive to comply with applicable data protection regulations, including GDPR and CCPA. Our security practices are designed to meet or exceed industry standards for protecting user data.

15. Contact Us

If you have questions about our security practices, please contact us at support@Resumedit.com or security@Resumedit.com