← Back to home

Security Policy

Last updated: June 3, 2026

1. Information Security Policy

JobX maintains a formal information security framework that is reviewed regularly by senior leadership. All systems and data are managed according to industry best practices to protect the confidentiality, integrity, and availability of platform resources and customer data.

2. Network Security

JobX relies on infrastructure providers with industry-leading security certifications:

  • Application hosting: hosted on Vercel, certified for ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and DPF compliance.
  • Database: all data stored on Supabase, certified for SOC 2 Type 2, ISO 27001, and HIPAA compliance.
  • Encryption in transit: all network traffic is encrypted using TLS 1.2 or TLS 1.3.
  • Network segregation: network environments are segregated to protect internal access and prevent unauthorized lateral movement.

3. Endpoint Protection & Vulnerability Management

  • All development endpoints are protected with up-to-date security tooling.
  • Regular security scans are conducted on all systems.
  • Anti-virus and intrusion prevention measures are in place across all endpoints used to develop or operate the platform.

JobX conducts regular vulnerability scans using industry-standard tools:

  • Sucuri SiteCheck and Mozilla HTTP Observatory are used to scan for malware, misconfigurations, and security header issues.
  • Latest scan results (June 2026):
    • Sucuri SiteCheck: No malware detected, Low Risk, clean across 9 blacklists.
    • Mozilla HTTP Observatory: Score 80/100, Grade B+, 9/10 tests passed.
  • Scan reports are retained for audit purposes and identified issues are addressed promptly.

4. Security Controls

4.1 Security Baselines

  • Minimum password requirements are enforced, including length, complexity, and special character rules.
  • Screen auto-lock policies are in place on all devices used to access platform systems.
  • Regular security awareness practices are maintained across the team.

4.2 Data Protection & Minimization

  • Encryption at rest: all data stored in our database is encrypted using AES-256 (provided by Supabase).
  • Encryption in transit: all data transmitted between clients, servers, and third-party APIs uses TLS 1.2/1.3.
  • Secrets management: sensitive tokens and API keys are stored as environment variables and never committed to source code.
  • Only the minimum data required to provide the service is collected.
  • Only the necessary API scopes are requested when connecting third-party integrations (e.g. Meta, TikTok, Google, Telegram).

4.3 Incident Response

  • Incidents are monitored via Vercel and Supabase alerting systems.
  • In the event of a data breach, affected users and relevant authorities are notified within the required legal timeframes.
  • Incident response drills are conducted regularly to validate readiness.
  • All incident reports are documented and retained for post-incident review.

4.4 Multi-Factor Authentication (MFA)

JobX enforces Multi-Factor Authentication (MFA) for all administrative and privileged accounts. MFA is enabled on all critical systems, including:

  • GitHub
  • Vercel
  • Supabase
  • Google Workspace
  • Internal administration accounts

Access to production systems is restricted to authorized personnel only. Administrative access is reviewed periodically and removed immediately when no longer required.

4.5 Backup & Disaster Recovery

JobX maintains regular backups of critical systems and customer data through its infrastructure providers. Key controls include:

  • Automated database backups managed by Supabase
  • Encrypted backup storage
  • Secure backup access restricted to authorized personnel
  • Recovery procedures tested periodically
  • Disaster recovery processes designed to minimize service interruption

In the event of a system failure, JobX will restore services using the most recent available backups and provider recovery mechanisms.

4.6 Third-Party Service Providers

JobX relies on trusted third-party providers to deliver its services.

ProviderPurpose
VercelApplication Hosting & CDN
SupabaseDatabase, Authentication & Storage
OpenAIAI Processing Services
Meta PlatformsMessaging Integrations

All providers are selected based on their security posture and compliance standards.

5. Security Contact Information

A designated person within JobX is responsible for data privacy and security compliance, acting as the primary point of contact for all security and privacy inquiries from users, partners, and regulators.

Securitysecurity@jobx.me
Privacyprivacy@jobx.me
Supportsupport@jobx.me
Privacy PolicyTerms of ServiceData Retention PolicyData DeletionHome