Security
Measures in place
- Passwords — stored as salted PBKDF2-SHA256 hashes; never in plain text.
- Sessions — server-side sessions; cookies are HttpOnly and SameSite, with the Secure flag enabled in the production configuration (the Service is designed to be operated exclusively over HTTPS).
- Isolation — every record is scoped to your account; users cannot access each other's data.
- Access control — only persons individually authorised by the controller may access personal data; each is bound by confidentiality obligations (GDPR art. 29).
- Abuse protection — rate limiting on authentication and AI endpoints; input-length limits on profile fields.
- Payments — card data never reaches our servers; paid checkout, once enabled, is handled end-to-end by Paddle.
- No third parties in the browser — no external scripts, trackers or CDNs; all assets are served from our own domain.
Honest scope
EasyApply does not currently hold formal certifications (such as ISO 27001 or SOC 2), and this page deliberately claims no measures beyond those listed above. As the infrastructure evolves (e.g. managed hosting, automated backups), this page will be updated to reflect it.
Reporting a vulnerability
If you believe you have found a security issue, please write to support@easyapply.com with details. We read every report, respond within 72 hours and appreciate responsible disclosure.