TheResumeParserHelp Center

Security & Compliance

Data security, privacy, and compliance information

The Resume Parser is built with security and privacy as core principles.

Data Security

Encryption

In Transit

  • TLS 1.3 for all API communications
  • HTTPS enforced for web dashboard
  • Secure WebSocket connections

At Rest

  • AES-256 encryption for all stored files
  • Encrypted database fields for sensitive data
  • Secure credential management

Infrastructure

  • SOC 2 compliant cloud providers
  • Regular security audits
  • Automated vulnerability scanning
  • 24/7 infrastructure monitoring

Data Privacy

Data Retention

Free Tier

  • Parse results: 7 days
  • Input files: 7 days

Paid Tiers

  • Parse results: 30 days
  • Input files: 30 days

After retention period, all data is permanently deleted.

Data Processing

  • Resumes processed only for parsing
  • No data sold or shared with third parties
  • No AI model training on your data
  • Isolated processing per account

Compliance

GDPR Compliance

  • Right to access your data
  • Right to deletion (via dashboard)
  • Data portability (JSON export)
  • Processing transparency

CCPA Compliance

  • Clear privacy disclosures
  • Opt-out mechanisms
  • Data access requests
  • No sale of personal information

Access Control

API Key Security

  • Keys hashed using bcrypt
  • Revocation takes effect immediately
  • Per-key usage tracking
  • Automatic key rotation recommended

Account Security

  • Multi-factor authentication available
  • Email verification required
  • Password complexity requirements
  • Session management

Abuse Prevention

Rate Limiting

  • 100 requests/minute per API key
  • 1000 requests/hour per account
  • Automatic throttling
  • Clear rate limit headers

Captcha Protection

  • hCaptcha on public demo
  • Account creation verification
  • Bot detection

Incident Response

Reporting Security Issues

Email: [email protected]

We respond to security reports within 24 hours.

Incident Handling

  1. Issue detected and isolated
  2. Users notified within 24 hours
  3. Root cause analysis
  4. Remediation and verification
  5. Post-incident report

Data Residency

  • Default: US region (Oregon)
  • Enterprise: EU region available
  • Contact support for region selection

Certifications & Audits

  • Regular penetration testing
  • Annual security audits
  • SOC 2 Type II (planned)
  • ISO 27001 (planned)

API Security

Authentication

  • API key required for all requests
  • Keys transmitted in headers only
  • No API keys in URLs or logs

Input Validation

  • File type verification
  • Size limit enforcement
  • Malware scanning
  • Content sanitization

Output Sanitization

  • XSS prevention
  • SQL injection protection
  • Command injection prevention
  • Path traversal protection