Security & Trust
Your resume data is sensitive. Here's how we protect it.
Security Features
Your Data, Your Control
Export your complete profile as JSON anytime. Delete your account with full data removal. No data sold to third parties, ever.
- Complete data export (JSON)
- Full account deletion
- No third-party data sales
- GDPR/CCPA-ready practices
Authentication & Sessions
Industry-standard authentication with secure session management. Your login is protected at every step.
- AWS Cognito (OAuth 2.0)
- HttpOnly, Secure, SameSite cookies
- Session tracking with IP forensics
- Automatic session expiration
Infrastructure Security
Enterprise-grade infrastructure protection with multiple layers of defense against attacks.
- HTTPS everywhere (HSTS preload)
- Content Security Policy (CSP)
- Rate limiting on all endpoints
- Cloudflare bot protection
Payment Security
We never touch your credit card. Stripe handles all payment processing with bank-level security.
- Stripe-only payment processing
- Webhook signature verification
- Replay attack prevention
- No card data on our servers
AI & Data Handling
AI assists you without compromising your data. Every generated bullet is grounded in your actual experience.
- Input sanitization (XSS protection)
- AI outputs validated against schemas
- No data used for AI training
- Content grounded in your profile
Audit & Compliance
Comprehensive logging and regular security reviews ensure we catch and address issues quickly.
- Comprehensive audit logging
- Security audit completed
- 100% findings resolved
- Regular security reviews
Built by Security-Minded Engineers
SnappyCVs is built by engineers with experience scaling platforms to hundreds of thousands of users. We've implemented PCI-aware payment systems, comprehensive audit logging, and security practices refined through years of building and operating production systems.
Our Data Practices
Clear commitments about how we handle your information.
| Sell your data to advertisers | Never |
| Use your data for AI training | Never |
| Share data with third parties for marketing | Never |
| Store payment card details | Never |
| Allow complete data export | Always |
| Allow full account deletion | Always |
| Use HTTPS encryption | Always |
| Log security events | Always |
Have security questions?
We're happy to discuss our security practices in detail.
Frequently Asked Questions
No. Your profile and job data are never sold, shared for marketing, or used to train AI models. We only use your data to provide the service you signed up for.
Yes. You can export all your data (JSON format) and permanently delete your account at any time from Settings. Deletion requires email confirmation and removes all your data from our systems.
All AI-generated resume content is grounded in your profile data. We validate AI outputs against schemas and never allow the AI to invent achievements, metrics, or claims that aren't in your profile.
We never see or store your credit card details. All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We only receive confirmation of successful payments.
We maintain audit logs for security events and have incident response procedures in place. If we discover a security issue affecting your data, we'll notify you promptly and take immediate action to resolve it.