Security

Last updated: February 1, 2026

1. Our Commitment

At JobTrail, security is not an afterthought — it is built into every layer of the platform. We understand that you trust us with your business data, and we take that responsibility seriously.

2. Infrastructure

JobTrail is hosted on Google Cloud Platform (GCP), which provides world-class physical and network security. Our infrastructure includes:

  • Cloud hosting: Google Cloud / Firebase with automatic scaling, redundancy, and 99.9% uptime SLA.
  • Global CDN: Static assets and marketing pages served from edge locations worldwide for fast, reliable access.
  • Automatic backups: Data is backed up continuously with point-in-time recovery capabilities.

3. Encryption

  • In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • At rest: All data stored in our databases is encrypted at rest using AES-256 encryption.
  • Payment data: We never store credit card numbers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider.

4. Authentication & Access Control

  • Secure authentication powered by Firebase Authentication with support for email/password and Google OAuth.
  • Role-based access control (RBAC) ensures team members only see what they need to.
  • Session management with automatic token rotation and expiry.

5. Application Security

  • Server-side validation and sanitization of all user input to prevent injection attacks.
  • Firebase App Check to protect backend APIs from abuse and unauthorized access.
  • Firestore Security Rules enforce data access policies at the database level.
  • Regular dependency audits to identify and patch known vulnerabilities.

6. Data Isolation

Each organization's data is logically isolated within our database. Strict server-side rules ensure that one organization's users can never access another organization's data, even in the event of a software defect.

7. Incident Response

In the unlikely event of a security incident, we will notify affected customers within 72 hours, investigate the root cause, and take immediate steps to remediate the issue. We maintain an internal incident response plan that is reviewed and updated regularly.

8. Your Responsibilities

To keep your account secure, we recommend:

  • Using a strong, unique password for your JobTrail account.
  • Not sharing your login credentials with unauthorized individuals.
  • Promptly removing team members who no longer need access.
  • Contacting us immediately if you suspect unauthorized access to your account.

9. Contact

If you have questions about our security practices or want to report a vulnerability, contact us at security@jobtrail.com.