Security
How we look after your career data.
Boring, careful and visible. Below are the security guarantees you can hold us to — written in plain language, not pulled from a brochure.
Encryption in transit and at rest
All connections use TLS 1.2+. Career data and uploaded files are encrypted at rest in the database and object storage.
Auth managed by Clerk
Sign-in, sessions, passkeys and OAuth (Google / Apple / LinkedIn / Facebook) run on Clerk. We never store passwords ourselves.
UK data residency
The production database and file storage are hosted in the UK. AI calls to OpenAI run under their data-processing agreement.
Row-level access
Every backend procedure verifies the caller owns the row before reading or writing. IDOR regression tests cover the protected routers.
No silent profile changes
CV imports go through an explicit field-by-field review. AI suggestions stay suggestions until you accept them.
Backups
Database backups run on a fixed schedule and are retained for a defined window. Restore is tested as part of deploy rehearsals.
Patch cadence
Dependencies are kept current — security advisories are triaged and patched continuously, not on a quarterly cycle.
Reporting a vulnerability
If you find a vulnerability, please email us privately at security@multivohub.com. We acknowledge reports within 2 working days. We do not run a public bug-bounty programme yet, but we credit reporters in release notes when they consent.