Security & Trust Center
At BrandingCV, we take candidate data security seriously. Our architecture is designed to minimize data residency and provide strong privacy controls for recruitment agencies.
1. Infrastructure & Data Security
- Encryption in Transit: All communications with BrandingCV APIs and web interfaces are encrypted using industry-standard TLS 1.2 or higher.
- Encryption at Rest: Any data temporarily stored on our servers is encrypted at rest using AES-256 encryption.
- Ephemeral Processing: Resumes and CVs uploaded for redaction are processed in-memory or on ephemeral storage volumes that are wiped after the redaction task completes.
2. Compliance Approach
BrandingCV is designed around security, availability, and confidentiality controls inspired by SOC 2 principles. We are not currently SOC 2 certified. We provide our B2B customers with support to help meet their GDPR, CCPA, and DPDP obligations as Data Controllers.
3. Logical Data Separation
We employ strict logical separation of data within our multi-tenant cloud architecture. Agency settings, custom branding assets (logos), and billing information are isolated at the database level using controls designed to prevent cross-tenant data exposure.
4. Human Review & AI Transparency
BrandingCV uses AI-assisted redaction to identify and remove personally identifiable information. AI is probabilistic by nature — we provide human review controls so agencies can verify redactions before sharing candidate profiles with clients. Final outputs should always be reviewed before distribution.
5. Authorized Sub-processors
To deliver our service, we utilize the following trusted sub-processors, all of whom are bound by Data Processing Agreements (DPAs):
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Cloud Hosting & Edge Compute | Global / USA |
| Cloudflare Inc. | CDN, DDoS Protection, Object Storage (R2) | Global |
| Dodo Payments | Payment Processing & Merchant of Record | UK / Global |
| MongoDB Atlas | Database Hosting | Global (AWS) |
6. Vulnerability Reporting
If you believe you have discovered a security vulnerability in BrandingCV, please report it immediately to security@brandingcv.com. We take all disclosures seriously and will investigate promptly.