Security

Your data security
is our top priority

CareerMap is built with enterprise-grade security from the ground up. We protect your career data with the same rigor as financial institutions.

Encryption

All data encrypted in transit with TLS 1.3 and at rest with AES-256. Database backups are encrypted with separate keys.

Access Control

Role-based access controls, multi-factor authentication support, and principle of least privilege across all systems.

Monitoring

24/7 infrastructure monitoring, real-time alerting, and automated threat detection across all production systems.

Infrastructure Security

SOC 2 Type II Compliant

Independently audited controls for security, availability, and confidentiality

GDPR Compliant

Full compliance with EU data protection requirements

99.9% Uptime SLA

Redundant infrastructure with automatic failover

Daily Encrypted Backups

Automated backups with 30-day retention stored in separate regions

Network Isolation

VPC with private subnets, security groups, and WAF protection

DDoS Protection

Automatic DDoS mitigation at the network and application layer

Application Security

OWASP Top 10 Protection

Built with protection against SQL injection, XSS, CSRF, and all OWASP Top 10 vulnerabilities. Laravel's built-in protections are leveraged and extended.

Dependency Scanning

Automated vulnerability scanning of all dependencies using Dependabot and Composer audit. Critical patches applied within 24 hours.

Secure Authentication

Passwords hashed with bcrypt (cost factor 12). Session tokens rotated on authentication. CSRF protection on all state-changing requests.

Security Headers

Strict Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers enforced.

Incident Response

We maintain a documented incident response plan with defined severity levels and escalation procedures:

< 1hr

Critical incident response

< 4hrs

High severity response

< 24hrs

Medium severity response

Responsible Disclosure

We welcome security researchers to help keep CareerMap safe. If you discover a vulnerability, please report it responsibly:

  • Email your findings to security@careermap.io
  • Include steps to reproduce the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not access or modify other users' data

We commit to acknowledging reports within 24 hours and providing a timeline for resolution within 72 hours.

Have a security question?

Our security team is here to help. Reach out for security reviews, SOC 2 reports, or custom compliance requirements.

Contact Security Team