Skip to content

How we protect your career data

Career data is sensitive. We design Talent Risk so security controls are built into the platform, and we aim to describe those controls plainly without overclaiming.

Data protection

  • Encryption in transit via TLS and encryption at rest through managed infrastructure controls.
  • Payment card details are handled by Stripe and do not touch our application servers.
  • Row-level security policies restrict account data access to the owning user.
  • We do not sell personal data for advertising or broker purposes.

AI and your data

  • Primary provider: Google Gemini. Backup providers: Anthropic Claude and OpenAI.
  • Data shared with AI providers is limited to what is needed to generate your analysis.
  • We configure providers for product delivery workflows, not ad targeting.
  • We publish our approach in our AI Ethics and Privacy Policy pages.

Infrastructure and controls

  • Strict security headers and Content Security Policy across the app.
  • Rate limits on sensitive routes (account actions, admin routes, tool analysis endpoints).
  • File upload validation by extension, MIME type, and magic bytes.
  • Bot checks on public forms using Cloudflare Turnstile.

Your rights and controls

  • Export your account data from settings.
  • Delete your account and associated data.
  • Control analytics consent and change your preference at any time.
  • Contact privacy@talentrisk.com for data rights requests.

Responsible disclosure

If you discover a potential vulnerability, email security@talentrisk.com. We aim to acknowledge reports within 48 hours and resolve confirmed issues promptly. Please allow reasonable time for remediation before public disclosure.