Resumease

Security at Resumease

Your resume is some of your most personal professional data. Here is how we protect it.

Encryption in transit and at rest

All traffic is served over TLS. Data stored in our databases and file storage is encrypted at rest by our cloud provider (AWS).

Managed authentication

Accounts are managed by Amazon Cognito with verified email, secure password policies, and signed, expiring session tokens validated on every API request.

Per-user data isolation

Every resume, cover letter, and chat is keyed to your account. API routes verify token signatures and scope every read and write to the authenticated user.

Rate limiting & abuse prevention

AI and export endpoints are rate limited per user to prevent abuse, and input is validated with strict schemas before processing.

No training on your data

AI requests are processed via AWS Bedrock; your content is used only to produce your response and is not used to train models.

Least-privilege infrastructure

Services run with narrowly scoped IAM roles. Secrets live in managed configuration, never in source control.