Security

Security is a core priority at Snake Signals. This page explains the measures we take to protect your data and our infrastructure, along with our responsible disclosure policy.

Security at a Glance

Encryption: All traffic encrypted via HTTPS/TLS
No CV storage: Uploaded documents processed in memory and deleted
Minimal data: We collect only what's necessary
Regular audits: Security practices reviewed quarterly
Responsible disclosure: We welcome security reports

Data Protection Measures

Transport Security

All connections to snakesignals.com use HTTPS with TLS 1.2 or higher. We enforce HSTS (HTTP Strict Transport Security) to prevent downgrade attacks. Certificate transparency logs are monitored for unauthorized certificates.

CV Analyzer Security

When you upload a CV to our analyzer:

The file is transmitted over encrypted HTTPS
Content is processed in memory by our AI service
The document is never written to disk or stored
Processing completes in seconds, after which data is purged
No copies are retained in logs, caches, or backups

We cannot retrieve, review, or share your CV because we never store it.

AI Processing Safeguards

CV content is sent to AI providers (Google, OpenAI) for analysis. These services process data according to their enterprise security policies. We use API configurations that disable training on customer data where available.

Newsletter Security

Email subscriptions are managed through Beehiiv, which provides enterprise-grade security for subscriber data. We do not have direct access to Beehiiv's infrastructure; we access subscriber data only through their secure dashboard.

Infrastructure Security

Hosting: Our site runs on Lovable Cloud with Supabase backend, providing enterprise-grade infrastructure security
Database: Data is encrypted at rest and in transit
Access control: Limited personnel have access to production systems
Monitoring: Automated alerts for suspicious activity
Updates: Dependencies and systems regularly updated for security patches

What We Don't Do

We don't store CVs or resume content
We don't sell personal data to third parties
We don't use tracking pixels that follow you across the web
We don't store payment information (we have no paid products requiring this)
We don't retain server logs with personally identifiable information

Responsible Disclosure

We welcome security researchers who find vulnerabilities in our systems. If you discover a security issue:

Email: jsmith@understandingrecruitment.com with "Security" in the subject
Provide a detailed description of the vulnerability
Include steps to reproduce if possible
Allow reasonable time for us to address the issue before public disclosure

We commit to:

Acknowledging your report within 48 hours
Providing an estimated timeline for resolution
Crediting you (if desired) when the issue is fixed
Not pursuing legal action against good-faith security researchers

Incident Response

In the event of a security incident affecting user data:

We will investigate and contain the issue immediately
Affected users will be notified within 72 hours
We will provide details on what data was affected and recommended actions
We will publish a post-incident report where appropriate

Questions

For security questions or concerns, contact us at jsmith@understandingrecruitment.com.