Prelaunch Prelaunch: the product is live, this marketing site is still being polished. Get started free

Security

Security

Last updated: July 3, 2026 Questions? Contact us

Your job search data is sensitive, so we treat it that way. Encryption at rest and in transit, least-privilege access controls, and a documented incident response plan. If you find a vulnerability, we want to hear from you.

Security overview

Encrypted

Your data is encrypted at rest and in transit

Secure Auth

Authentication via Better Auth with session isolation

Monitored

Continuous security monitoring and alerting

Encryption

All data at rest is encrypted using AES-256. All data in transit is protected with TLS 1.3. Database backups use the same standards, and encryption keys are managed through a managed key management service.

Access Controls

Access to production systems requires multi-factor authentication, and all access is logged and reviewed regularly. We apply the principle of least privilege: people only have access to the systems they need for their role. Production data access is restricted and audited.

Infrastructure Security

RoleReady runs on cloud infrastructure with physical security, redundant power, and network-level DDoS protection. We review our security posture regularly and address vulnerabilities as they come up.

Incident Response

We keep a documented incident response plan. In the event of a data breach, we notify affected users and the relevant authorities within 72 hours, as required by GDPR and applicable law. Security incidents are documented and reviewed to prevent recurrence.

Employee Security

Team members complete security awareness training. Background checks are run for anyone with access to production systems, and contractors follow the same security requirements as employees.

Compliance

We build RoleReady with GDPR, UK GDPR, and CCPA/CPRA in mind. Our Privacy Policy and Data Protection & GDPR Rights page describe how we handle personal data and honor the rights those laws give you. We aren't formally certified and don't claim to be; if you need specifics for a review, email security@roleready.me.

Vulnerability Disclosure

If you discover a security vulnerability in RoleReady, report it to security@roleready.me. We'll acknowledge your report within 48 hours and aim to resolve verified vulnerabilities within 30 days. Please don't publicly disclose a vulnerability until we've had a chance to address it.

Contact

Security team: security@roleready.me