AES-256-GCM encryption
Every stored credential is encrypted with a per-credential data encryption key using AES-256 in GCM authenticated mode. A unique 128-bit IV is generated for each encryption operation.
Jobeezy
Trust and security
How Jobeezy protects your data and your job search.
Encryption, access controls, rate limiting, and session management — built into the platform from the start.
Credential security
Your credentials are encrypted before they touch our database.
AWS KMS envelope encryption
Data encryption keys are themselves encrypted by a hardware-backed AWS KMS customer-managed key. Plaintext keys are zeroed from memory immediately after use.
Session and token management
Access tokens expire after 15 minutes. Refresh tokens last 7 days. Every request validates that the device session has not been revoked in the database.
Infrastructure protections
HTTP security, rate limiting, and access controls.
Strict transport security with preload.
All connections use HSTS with a one-year max-age, subdomains included, and preload enabled. Clickjacking is blocked with frame-ancestors set to none.
Redis-backed sliding-window rate limits.
Login attempts, registration, and API calls are rate-limited per endpoint. Plan-based quotas enforce separate limits for free, pro, and enterprise tiers.
Optional two-factor authentication.
TOTP-based MFA with 8 one-time recovery codes. Challenge tokens expire after 10 minutes and lock after 5 failed attempts.
Your data, your rules