Security & Trust Center
At BrandingCV, we treat candidate data as toxic assets. Our architecture is designed to minimize data residency and maximize security.
1. Infrastructure & Data Security
- Encryption in Transit: All communications with BrandingCV APIs and web interfaces are encrypted using industry-standard TLS 1.2 or higher.
- Encryption at Rest: Any data temporarily stored on our servers is encrypted at rest using AES-256 encryption.
- Ephemeral Processing: Resumes and CVs uploaded for redaction are processed in-memory or on ephemeral storage volumes that are wiped immediately after the redaction task completes.
2. Compliance & Certifications
BrandingCV is built with Enterprise compliance in mind. We operate our security program in alignment with SOC 2 (Type II) principles, focusing on Security, Availability, and Confidentiality. We provide our B2B customers with full support to meet their GDPR and CCPA obligations as Data Controllers.
3. Logical Data Separation
We employ strict logical separation of data within our multi-tenant cloud architecture. Agency settings, custom branding assets (logos), and billing information are strictly isolated at the database level to ensure cross-tenant data leakage is impossible.
4. Authorized Sub-processors
To deliver our service globally, we utilize the following trusted sub-processors, all of whom are bound by strict Data Processing Agreements (DPAs):
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Cloud Hosting & Edge Compute | Global / USA |
| Cloudflare Inc. | CDN, DDoS Protection, Object Storage (R2) | Global |
| Paddle.com | Payment Processing & Merchant of Record | UK / Global |
| MongoDB Atlas | Database Hosting | Global (AWS) |
5. Vulnerability Reporting
If you believe you have discovered a security vulnerability in BrandingCV, please report it immediately to security@brandingcv.com. We take all disclosures seriously and will investigate promptly.