Skip to main content
Security & Data Protection

Your Data Stays Yours

Enterprise-grade security practices protect your career information. Here's exactly how we keep your data safe.

End-to-End Encryption

All data transmitted between your device and our servers uses TLS 1.3 encryption. Your resumes and personal information are encrypted at rest using AES-256.

Secure Authentication

OAuth 2.0 for Google and LinkedIn sign-in. Password authentication uses bcrypt hashing. Optional two-factor authentication (2FA) for added protection.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with 99.9% uptime. Regular backups, disaster recovery plans, and geographically distributed servers.

Access Controls

Strict role-based access for our team. Employees only access user data when absolutely necessary for support, and all access is logged and audited.

Data Protection Practices

No Spam, No Selling: We never sell your resume or contact information. Period.
Data Minimization: We only collect information necessary to provide our service. No tracking pixels, no unnecessary cookies.
Regular Security Audits: Quarterly vulnerability scans and penetration testing by third-party security firms.
Incident Response Plan: In the unlikely event of a breach, we notify affected users within 72 hours as required by GDPR.
Continuous Monitoring: 24/7 system monitoring with automated alerts for suspicious activity or unauthorized access attempts.

Compliance & Standards

GDPR Compliant

Full compliance with EU General Data Protection Regulation. Right to access, rectify, erase, and port your data.

CCPA Compliant

Meets California Consumer Privacy Act requirements. California residents have additional privacy rights.

SOC 2 Type II

Working towards SOC 2 Type II certification for security, availability, and confidentiality.

Privacy Shield

Adheres to international data transfer standards for global users.

Your Rights

Right to Access: Request a copy of all data we have about you.

Right to Correction: Update or correct any inaccurate information.

Right to Deletion: Request permanent deletion of your account and all associated data.

Right to Portability: Export your data in machine-readable formats (JSON, CSV, PDF).

Right to Object: Opt out of specific data processing activities while keeping your account.

Report a Security Issue

If you discover a security vulnerability, please report it responsibly. We take all reports seriously and respond within 48 hours.

Email: security@pathlyft.app

Please do not publicly disclose security issues before we've had a chance to address them.

Security You Can Trust

Join thousands who trust Pathlyft with their career data. Your information is protected every step of the way.