Security & Trust

Built to protect the data you trust us with

You're handling candidates' personal data and your company's hiring decisions. Here are the actual controls behind JobsAI Enterprise — described plainly, not as badges we haven't earned.

Encryption everywhere

All data is encrypted in transit with TLS 1.2+ and at rest with AES-256 on our managed database. Secrets and API keys are stored encrypted, never in plaintext.

Access control & RBAC

Authentication runs through Clerk with MFA support. Role-based access control enforces least privilege across recruiters, hiring managers, and admins. SAML / SSO and advanced RBAC are available on higher plans.

Audit logging

Sensitive actions — logins, role changes, exports, and candidate-data access — are recorded in an audit trail your admins can review.

Retention & legal hold

Configurable data-retention policies automatically age out data you no longer need, with legal hold to preserve records when required.

GDPR data-subject requests

Access, export, and deletion requests are handled in the Compliance Center. We act as data processor on your instructions; you remain the controller of candidate data.

DPA & clear data handling

A Data Processing Agreement is available on request. Our privacy policy spells out exactly what we process, why, and the sub-processors involved.

Infrastructure & hosting

JobsAI runs on enterprise-grade cloud providers that are themselves independently audited — so our foundation is SOC 2-certified even as we pursue our own certification.

SOC 2-certified providers

Hosting, database, and authentication run on Vercel, Supabase, and Clerk — all SOC 2 Type II certified.

US data hosting

Customer data is hosted in the United States. EU / other data-residency options are available on request for Enterprise.

Isolation & backups

Per-organization data isolation with managed, encrypted, automated database backups.

Where we stand on compliance

We'd rather tell you exactly where we are than show badges we haven't earned.

Need our DPA, sub-processor list, or a security review?

We're happy to walk your security and legal teams through our controls and share documentation.