Back to Home

Security

Your career data deserves enterprise-grade protection.

Neuradesk.ai handles sensitive career information — resumes, salary data, interview recordings, professional networks. We treat security as a core product feature, not an afterthought. Here's exactly how we protect your data.

Encryption

  • All data in transit is encrypted with TLS 1.3 (HTTPS enforced site-wide).
  • Data at rest is encrypted using AES-256 on our PostgreSQL databases.
  • Authentication tokens use signed, HttpOnly, SameSite cookies — never exposed to JavaScript.

Authentication & Access

  • OAuth 2.0 via Google, GitHub, and LinkedIn — we never see or store your social passwords.
  • Email/password accounts use bcrypt hashing with per-user salts (cost factor 12).
  • Session management via NextAuth with CSRF protection on every request.
  • Rate limiting on all API endpoints to prevent brute-force attacks.

Infrastructure

  • Hosted on Vercel's global edge network with automatic DDoS protection.
  • Database hosted on Neon PostgreSQL with encrypted connections and automated backups.
  • No SSH access to production — all deployments via CI/CD pipeline from version-controlled code.
  • Environment secrets are encrypted and never committed to source control.

Security Headers

  • Content Security Policy (CSP) restricts script and resource origins.
  • HTTP Strict Transport Security (HSTS) with 1-year max-age and preload.
  • X-Frame-Options: DENY — prevents clickjacking.
  • X-Content-Type-Options: nosniff — prevents MIME-type sniffing.
  • Referrer-Policy: strict-origin-when-cross-origin.
  • Permissions-Policy restricts camera, geolocation, and microphone access.

AI Data Handling

  • Your resume and career data is sent to AI providers (Google Gemini, OpenAI, Anthropic) only when you use AI features.
  • We use task-based routing to send the minimum data required for each AI task.
  • AI providers process data according to their enterprise data processing agreements.
  • AI interaction logs are not stored beyond the active session unless you explicitly save results.

Compliance

  • OWASP Top 10 security practices implemented across all API routes.
  • GDPR-compliant data handling with right to access, correction, and deletion.
  • Indian IT Act 2000 and DPDP Act 2023 compliance.
  • Zod schema validation on every API endpoint to prevent injection attacks.
  • Input sanitization on all AI prompts to prevent prompt injection.

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report it to security@neuradeskai.com with details of the issue. We will acknowledge receipt within 24 hours and work with you to address it promptly.

Please do not publicly disclose vulnerabilities before we've had a chance to address them.

© 2026 Neuradesk.ai. All rights reserved.

PrivacyTermsContactHome