Security at OpenCareerAI

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL, and all API communication is served over HTTPS.

Hosted on AWS with managed RDS databases, private VPC networking, and automated backups. Infrastructure is monitored 24/7 with automated alerting.

Role-based access ensures you only see what you need. Session tokens are short-lived with secure, HTTP-only cookies. We never store passwords in plain text.

Your data is processed in accordance with GDPR and CCPA requirements. We support data export, deletion requests, and configurable retention policies.

Passwords are hashed using bcrypt. OAuth 2.0 integration with Google and LinkedIn. OTP email verification for new accounts.

Dependencies are regularly audited and updated. We use automated security scanning in our CI/CD pipeline and follow responsible disclosure practices.