Encrypted at rest & transit
All data is encrypted in transit via TLS/HTTPS. Database connections to Neon use SSL encryption. Passwords are hashed with bcrypt (12 rounds).
Card data never touches our servers
Card payments are handled entirely by Stripe's hosted checkout — we never collect or store credit card numbers, so there's nothing for us to leak. Invoice billing is also available for larger plans.
Minimal data collection
We collect only what's needed to run the platform — employer accounts, job postings, and the candidate details required to deliver applications (email, profile, and resume, stored encrypted at rest). We don't track users with advertising cookies. See our Privacy Policy for the full list.
Infrastructure
Hosted on Vercel's edge network with automatic DDoS protection. Database on Neon with automated backups and point-in-time recovery.
Authentication & access
Employer accounts are protected by bcrypt-hashed passwords with a cost factor of 12. Sessions are managed with signed JSON Web Tokens (JWT) via NextAuth.js. Password reset tokens are single-use and expire after 1 hour. All sensitive routes are protected by middleware that validates the session on every request.
Third-party vendors
We carefully select vendors that meet high security standards. Stripe (payments) is PCI DSS Level 1 certified. Neon (database) provides encrypted storage with SOC 2 Type II compliance. Vercel (hosting) provides automatic SSL, edge security, and DDoS protection. Resend (email) handles transactional emails with DKIM/SPF authentication.
Data handling
All data is stored in US data centers. We do not sell, share, or transfer your data to third parties except as necessary to operate the service (e.g., Stripe for payments). You can request full account and data deletion at any time through your account settings or by contacting us directly.
Report a vulnerability
If you discover a security issue, please email us at security@siteleadjobs.com. We take all reports seriously and will respond within 48 hours.