Built to protect the data you trust us with
You're handling candidates' personal data and your company's hiring decisions. Here are the actual controls behind JobsAI Enterprise — described plainly, not as badges we haven't earned.
Encryption everywhere
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256 on our managed database. Secrets and API keys are stored encrypted, never in plaintext.
Access control & RBAC
Authentication runs through Clerk with MFA support. Role-based access control enforces least privilege across recruiters, hiring managers, and admins. SAML / SSO and advanced RBAC are available on higher plans.
Audit logging
Sensitive actions — logins, role changes, exports, and candidate-data access — are recorded in an audit trail your admins can review.
Retention & legal hold
Configurable data-retention policies automatically age out data you no longer need, with legal hold to preserve records when required.
GDPR data-subject requests
Access, export, and deletion requests are handled in the Compliance Center. We act as data processor on your instructions; you remain the controller of candidate data.
DPA & clear data handling
A Data Processing Agreement is available on request. Our privacy policy spells out exactly what we process, why, and the sub-processors involved.
Infrastructure & hosting
JobsAI runs on enterprise-grade cloud providers that are themselves independently audited — so our foundation is SOC 2-certified even as we pursue our own certification.
SOC 2-certified providers
Hosting, database, and authentication run on Vercel, Supabase, and Clerk — all SOC 2 Type II certified.
US data hosting
Customer data is hosted in the United States. EU / other data-residency options are available on request for Enterprise.
Isolation & backups
Per-organization data isolation with managed, encrypted, automated database backups.
Where we stand on compliance
We'd rather tell you exactly where we are than show badges we haven't earned.
- GDPR-aligned data handling — controller/processor model, DPA on request, and data-subject requests fulfilled in-product.
- Encryption at rest (AES-256) and in transit (TLS 1.2+).
- Built on SOC 2 Type II-certified infrastructure (Vercel, Supabase, Clerk).
- Our own SOC 2 (Type I) — on our roadmap; not yet certified. We'll publish a target date once the audit is scheduled.
- Contractual uptime SLA — available on the Enterprise plan; talk to us about your requirements.
Need our DPA, sub-processor list, or a security review?
We're happy to walk your security and legal teams through our controls and share documentation.