Security Information

1. How We Protect Your Data

Security matters to us. We use industry-standard security measures to protect your resume and personal information. Here's what we do.

2. Encryption

We use HTTPS/TLS 1.3 to encrypt all data in transit (that's the padlock icon in your browser). Your resume files and all data are also encrypted when stored, with keys managed by Google Cloud.

3. Login and Permissions

We use Google OAuth for login, so you don't need another password to remember. You can only access and manage your own resumes - no one else can see or edit them. Sessions expire periodically, so you'll need to log in again.

4. Hosting and Infrastructure

We host on Vercel and Google Cloud (Firebase). Both are certified with ISO 27001, SOC 2, and have professional teams monitoring 24/7. The site has DDoS protection and firewalls configured.

5. Application Security

5.1 Secure Development Practices

• Code Review: All code changes undergo security review
• Dependency Management: Regular updates and security scans of dependencies
• Static Analysis: Automated tools to detect code vulnerabilities
• Security Testing: Regular penetration testing and vulnerability scanning

5.2 Input Validation and Protection

• Input Validation: Strict validation of all user inputs
• XSS Protection: Preventing cross-site scripting attacks
• CSRF Protection: Preventing cross-site request forgery
• SQL Injection Protection: Using parameterized queries and ORM
• File Type Verification: Strict validation of uploaded file types and sizes

6. Data Protection

6.1 Resume Privacy

• SEO Protection: Resume pages are not indexed by search engines (noindex)
• Access Control: Only people with the link can access
• Soft Delete: Deleted resumes retained for 30-day recovery period
• Permanent Deletion: Complete removal after 30 days, unrecoverable

6.2 Data Backup

• Automatic Backups: Firebase performs automatic data backups
• Geographic Distribution: Backups stored in multiple geographic locations
• Encrypted Backups: All backups are encrypted
• Disaster Recovery: Comprehensive disaster recovery plan and procedures

7. Monitoring and Response

7.1 Security Monitoring

• 24/7 Monitoring: Round-the-clock system monitoring and alerts
• Log Analysis: Real-time analysis of access and error logs
• Anomaly Detection: Automatic detection of unusual behavior and patterns
• Performance Monitoring: Monitoring system performance and availability

7.2 Incident Response

• Response Plan: Comprehensive security incident response procedures
• Rapid Response: Security team quickly handles security incidents
• User Notification: Timely notification of affected users
• Post-Incident Analysis: Analyzing incident causes and improving security measures

8. Compliance

• GDPR: Compliant with EU General Data Protection Regulation
• CCPA: Compliant with California Consumer Privacy Act
• SOC 2: Through Google Cloud's SOC 2 certification
• ISO 27001: Following Information Security Management System standards

9. Employee Security Training

• Security Awareness: Regular security training
• Confidentiality Agreements: All employees sign NDAs
• Least Privilege: Employees can only access data needed for their work
• Background Checks: Background checks for key positions

10. User Security Recommendations

You can also take these measures to protect your account security:

• Strong Password: Use strong passwords and two-factor authentication for your Google account
• Regular Checks: Regularly review your resume access records
• Share Carefully: Only share your resume link with trusted individuals
• Timely Deletion: Delete resumes when no longer needed
• Beware of Phishing: Be alert to phishing emails impersonating ResumeLink
• Secure Logout: Remember to logout when using public devices

11. Third-Party Security

Our third-party services undergo strict security reviews:

• Google Firebase: Multiple international security certifications
• Vercel: Enterprise-grade security and compliance
• Resend: GDPR-compliant email service

12. Vulnerability Reporting

We welcome security researchers to report vulnerabilities. If you discover a security vulnerability, please:

• Send details to security@resumelink.co
• Do not publicly disclose the vulnerability
• Give us reasonable time to fix the vulnerability
• Do not exploit the vulnerability to access others' data

We commit to responding to vulnerability reports within 24 hours and acknowledging you (if desired) after the fix.

13. Security Updates

We continuously improve our security measures:

• Regular Updates: Timely updates to systems and dependencies
• Security Patches: Quick application of security patches
• Technology Upgrades: Adopting latest security technologies and standards
• Continuous Improvement: Ongoing improvements based on security audit results

14. Questions?

If you have questions about our security measures or found a security issue, please let us know through our contact form. We take every report seriously.