Trust, Security & Privacy

JobAWS handles sensitive career data. This page summarizes the controls we have in place. It is maintained by our team and is not an independent certification.

Data protection

• All traffic is served over HTTPS/TLS.
• Data is stored in a managed Postgres database with encryption at rest.
• Resumes, verification documents, placement documents, and invoice PDFs are kept in private storage buckets and served via short-lived signed URLs.
• Row-Level Security policies restrict every table so users can only read and modify their own records, with staff access scoped to admin roles.

Authentication & access

• Accounts are protected by email/password and Google sign-in.
• Roles (candidate, recruiter, admin, super admin) are stored server-side and enforced via database policies, not client checks.
• Administrative actions are recorded in an immutable audit log.

Payments

• Payments are processed by Stripe. JobAWS never stores raw card numbers.
• Stripe webhooks are signature-verified before any invoice is updated.

Privacy

• We collect only the data needed to match you with recruiters and process success-fee invoicing.
• You can request export or deletion of your account data by contacting support.
• We do not sell personal data to third parties.

Reporting a vulnerability

Email security@jobaws.com with reproduction steps. We acknowledge reports within two business days.

Back to home.