Security & trust

Your resume, your data

Production-grade security on day one — because a resume is one of the most personal documents you'll ever upload.

Encrypted storage

Resume content and account data are encrypted at rest with AES-256 and in transit over TLS 1.2+. Database backups inherit the same encryption.

Supabase-backed infrastructure

Authentication, Postgres storage, and Row-Level Security are powered by Supabase, hosted on SOC 2-compliant infrastructure.

Strict access controls

Row-Level Security policies ensure every row of resume data is scoped to its owner. Service-role keys never touch the browser.

PCI-DSS payments

Card details never reach our servers. Razorpay processes every payment on PCI-DSS Level 1 infrastructure.

Privacy-first AI

Prompts and outputs sent to our LLM provider are excluded from third-party model training. We minimise what we send and never log raw resume text outside your account.

Continuous monitoring

Anomaly alerts, dependency scanning, and audit logs run continuously. Critical patches are deployed within 24 hours.

Our commitments

• Your resume data is never sold or shared with employers or third parties.
• You can delete your resume or account at any time. Deletion propagates to backups within 30 days.
• We don't train any model on your data. AI inference is stateless and provider-side training is disabled.
• Independent dependency vulnerability scans run on every deploy.
• Found a vulnerability? Report it to security@cvtailor.ai — we acknowledge within 48 hours.