Security overview

Data isolation

Every customer's data is isolated at the database layer with row-level security. Saved searches, pipeline items, and scores are scoped to your company and are never visible to other customers.

Encryption

All traffic to and from the Service is encrypted in transit with TLS. Data at rest is encrypted by our infrastructure providers.

Data location

The Service is operated for users in the United States, and your data is stored and processed in the United States.

Access control

Application access requires authentication, and accounts can be protected with two-factor authentication (TOTP) from account settings. Privileged service credentials follow the principle of least privilege, and internal access to production systems is limited and logged.

Application hardening

The Service sends a strict Content-Security-Policy and standard security headers, validates input on the server, and protects automated endpoints with secret-based authentication.

Reporting a vulnerability

Found a security issue? We appreciate responsible disclosure. Email security@jobsitebids.com and we'll respond promptly.