Security
Last updated: January 2025
Encrypted
Your data is encrypted at rest and in transit
Secure Auth
Authentication via Better Auth with session isolation
Monitored
Continuous security monitoring and alerting
Encryption
All data at rest is encrypted using AES-256 encryption. All data in transit is protected with TLS 1.3. Database backups are encrypted using the same standards. Encryption keys are managed using industry-standard key management systems.
Access Controls
Access to production systems requires multi-factor authentication. All access is logged and reviewed regularly. We apply the principle of least privilege: employees only have access to the systems they need for their role. Production data access is restricted and audited.
Infrastructure Security
RoleReady is hosted on industry-standard cloud infrastructure with physical security, redundant power, and network-level DDoS protection. We regularly review our security posture and address vulnerabilities as they are identified.
Incident Response
We maintain a documented incident response plan. In the event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by GDPR and applicable law. All security incidents are documented and reviewed to prevent recurrence.
Employee Security
All team members complete security awareness training. Background checks are conducted for all employees with access to production systems. Contractors are subject to the same security requirements as employees.
Compliance Certifications
Vulnerability Disclosure
If you discover a security vulnerability in RoleReady, please report it to security@roleready.me. We will acknowledge your report within 48 hours and aim to resolve verified vulnerabilities within 30 days. We ask that you not publicly disclose vulnerabilities until we have had the opportunity to address them.
Contact
Security team: security@roleready.me