← Back to home

Security Policy

Last updated: June 1, 2026

1. Information Security Policy

JobX maintains a formal information security framework that is reviewed regularly by senior leadership. All systems and data are managed according to industry best practices to protect the confidentiality, integrity, and availability of platform resources and customer data.

2. Network Security

JobX relies on infrastructure providers with industry-leading security certifications:

  • Application hosting: hosted on Vercel, certified for ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and DPF compliance.
  • Database: all data stored on Supabase, certified for SOC 2 Type 2, ISO 27001, and HIPAA compliance.
  • Encryption in transit: all network traffic is encrypted using TLS 1.2 or TLS 1.3.
  • Network segregation: network environments are segregated to protect internal access and prevent unauthorized lateral movement.

3. Endpoint Protection

  • All development endpoints are protected with up-to-date security tooling.
  • Regular security scans are conducted on all systems.
  • Anti-virus and intrusion prevention measures are in place across all endpoints used to develop or operate the platform.

4. Security Baselines

  • Multi-factor authentication (MFA) is enforced on all administrator accounts.
  • Minimum password requirements are enforced, including length, complexity, and special character rules.
  • Screen auto-lock policies are in place on all devices used to access platform systems.
  • Regular security awareness practices are maintained across the team.

5. Data Protection

  • Encryption at rest: all data stored in our database is encrypted using AES-256 (provided by Supabase).
  • Encryption in transit: all data transmitted between clients, servers, and third-party APIs uses TLS 1.2/1.3.
  • Secrets management: sensitive tokens and API keys are stored as environment variables and never committed to source code.

6. Access Control

  • Access to systems and data is granted on a need-to-know and least-privilege basis.
  • Role-based access control (RBAC) is enforced across all platform features.
  • System access logs are retained for audit purposes.
  • User privileges are reviewed regularly to ensure appropriateness.

7. Data Minimization

  • Only the minimum data required to provide the service is collected.
  • Only the necessary API scopes are requested when connecting third-party integrations (e.g. Meta, TikTok, Google, Telegram).

8. Vulnerability Management

JobX conducts regular vulnerability scans using industry-standard tools:

  • Sucuri SiteCheck and Mozilla HTTP Observatory are used to scan for malware, misconfigurations, and security header issues.
  • Latest scan results (June 2026):
    • Sucuri SiteCheck: No malware detected, Low Risk, clean across 9 blacklists.
    • Mozilla HTTP Observatory: Score 80/100, Grade B+, 9/10 tests passed.
  • Scan reports are retained for audit purposes and identified issues are addressed promptly.

9. Incident Response

  • A formal incident response policy is in place.
  • Incidents are monitored via Vercel and Supabase alerting systems.
  • In the event of a data breach, affected users and relevant authorities are notified within the required legal timeframes.
  • Incident response drills are conducted regularly to validate readiness.
  • All incident reports are documented and retained for post-incident review.

10. Dedicated Privacy Role

A designated person within JobX is responsible for data privacy and security compliance. This person acts as the primary point of contact for all privacy and security inquiries from users, partners, and regulators.

To reach our privacy and security contact, please use the jobx.me contact page.

Privacy PolicyTerms of ServiceData Retention PolicyData DeletionHome