Security

Your career data is sensitive. Here's how we protect it.

At Landera, we understand that your resume contains some of your most personal professional information. We've built our platform from the ground up with security as a core principle, not an afterthought. Every feature we ship goes through rigorous security review, and we continuously audit our codebase to stay ahead of emerging threats.

End-to-End Encryption

  • TLS 1.3 in transit — All data between your browser and our servers is encrypted using the latest TLS protocols
  • AES-256 at rest — Your resume data is encrypted in our database using industry-standard AES-256 encryption
  • HTTPS everywhere — We enforce HTTPS on all connections with HSTS preloading and automatic certificate renewal

Authentication & Access Control

  • Secure password hashing — Passwords are hashed using bcrypt with high work factors, never stored in plain text
  • Rate limiting — Aggressive rate limiting on authentication endpoints prevents brute-force attacks
  • IP verification — New login locations trigger email verification to prevent unauthorized access
  • Secure session management — Sessions use cryptographically random tokens with automatic expiration

Data Isolation & Access Control

  • Row-level security — Database policies ensure you can only access your own data, enforced at the database level
  • Defense in depth — Multiple layers of authorization checks ensure data isolation even if one layer fails
  • Audit logging — Security-relevant events are logged for monitoring and incident response

Input Validation & Injection Prevention

  • Parameterized queries — All database queries use parameterized inputs to prevent SQL injection attacks
  • Input sanitization — User inputs are validated and sanitized before processing to prevent XSS and injection
  • Content Security Policy — CSP headers prevent unauthorized script execution and data exfiltration

Payment Security

  • PCI-DSS compliant — Payment processing is handled entirely by Stripe, a PCI Level 1 certified provider
  • No card storage — We never see or store your full credit card number, CVV, or sensitive payment details
  • Webhook verification — All payment notifications are cryptographically verified to prevent tampering

Infrastructure Security

  • SOC 2 compliant providers — We host on Vercel and Supabase, both SOC 2 Type II certified
  • Automatic backups — Database backups run continuously with point-in-time recovery capability
  • DDoS protection — Our infrastructure includes automatic DDoS mitigation at the edge
  • Dependency scanning — We continuously monitor and update dependencies to patch known vulnerabilities

Privacy by Design

  • Minimal data collection — We only collect data necessary to provide our service, nothing more
  • No data selling — We never sell your resume data or personal information to third parties
  • Data portability — Export all your data at any time in standard formats
  • Right to deletion — Request complete deletion of your account and data at any time

Security Reporting

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

Report security issues to:

security@landera.ai

Please include detailed steps to reproduce the issue. We aim to acknowledge reports within 24 hours and will keep you updated on our progress.

See also: Privacy Policy · Terms of Service