Encrypted at rest & transit
All data is encrypted in transit via TLS/HTTPS. Database connections to Neon use SSL encryption. Passwords are hashed with bcrypt (12 rounds).
Invoice-based billing
We never collect or store credit card numbers. Employers post first and receive a standard invoice with payment terms — no card-on-file required, nothing for us to leak.
Minimal data collection
We collect only what's needed to operate the platform — employer accounts and job posting data. We don't collect candidate personal information or track users with advertising cookies.
Infrastructure
Hosted on Vercel's edge network with automatic DDoS protection. Database on Neon with automated backups and point-in-time recovery.
Authentication & access
Employer accounts are protected by bcrypt-hashed passwords with a cost factor of 12. Sessions are managed with signed JSON Web Tokens (JWT) via NextAuth.js. Password reset tokens are single-use and expire after 1 hour. All sensitive routes are protected by middleware that validates the session on every request.
Third-party vendors
We carefully select vendors that meet high security standards. Stripe (payments) is PCI DSS Level 1 certified. Neon (database) provides encrypted storage with SOC 2 Type II compliance. Vercel (hosting) provides automatic SSL, edge security, and DDoS protection. Resend (email) handles transactional emails with DKIM/SPF authentication.
Data handling
All data is stored in US data centers. We do not sell, share, or transfer your data to third parties except as necessary to operate the service (e.g., Stripe for payments). You can request full account and data deletion at any time through your account settings or by contacting us directly.
Report a vulnerability
If you discover a security issue, please email us at security@siteleadjobs.com. We take all reports seriously and will respond within 48 hours.