How we protect your data and what to do if you find a vulnerability.
Security Measures
Encryption in transit & at rest
All data is transmitted over TLS 1.3. Data at rest is encrypted with AES-256 on Supabase (PostgreSQL + pgcrypto).
Authentication & access control
Supabase Auth with email OTP verification. Row-Level Security (RLS) ensures users can only access their own data. Service-role keys are never exposed to the client.
Infrastructure
Hosted on Vercel (global edge network) and Supabase (EU region). Automatic DDoS protection. No shared infrastructure between tenants.
Minimal data collection
We collect only what is necessary to operate the service. No third-party analytics or tracking scripts. AI processing uses API calls — candidate data is not stored by AI providers.
Incident response
In the event of a personal data breach, affected users and relevant supervisory authorities will be notified within 72 hours as required by GDPR Article 33.
Compliance
GDPR
EU / EEA
UK GDPR
United Kingdom (ICO)
KVKK
Turkey
Operated from Germany (EU GDPR jurisdiction). UK users: UK GDPR enforced by the ICO. Turkish users: KVKK compliant.
Responsible Disclosure
If you discover a security issue, we want to know. We follow responsible disclosure and commit to responding within 48 hours.
Report a Vulnerability →© 2026 Workruno-app. All rights reserved.