Security at Resumease
Your resume is some of your most personal professional data. Here is how we protect it.
Encryption in transit and at rest
All traffic is served over TLS. Data stored in our databases and file storage is encrypted at rest by our cloud provider (AWS).
Managed authentication
Accounts are managed by Amazon Cognito with verified email, secure password policies, and signed, expiring session tokens validated on every API request.
Per-user data isolation
Every resume, cover letter, and chat is keyed to your account. API routes verify token signatures and scope every read and write to the authenticated user.
Rate limiting & abuse prevention
AI and export endpoints are rate limited per user to prevent abuse, and input is validated with strict schemas before processing.
No training on your data
AI requests are processed via AWS Bedrock; your content is used only to produce your response and is not used to train models.
Least-privilege infrastructure
Services run with narrowly scoped IAM roles. Secrets live in managed configuration, never in source control.
Responsible disclosure
If you believe you have found a security vulnerability, please report it privately via our contact form with the subject "Security". Include reproduction steps and affected URLs. We acknowledge reports within 48 hours, will not pursue action against good-faith research, and ask that you avoid accessing other users' data or degrading the service while testing.
Data deletion
You can permanently delete your account and all associated data at any time from account settings. See the Privacy Policy for retention details.