Security

HiredFast is operated by JMV Labs LLC. HiredFast follows a practical security program built around collecting only what is needed, protecting stored data, restricting access, monitoring abuse, and planning for incident response.

• Authentication is handled through Supabase-managed auth sessions.
• Protected app routes require an active session before resume, tracker, profile, or billing pages are shown.
• Server-side API routes validate request shape and use body-size and content-type limits.
• Production rate limits are designed to use Upstash Redis to reduce spam and abuse.
• Administrative analytics access requires an approved admin email and MFA challenge.

Payment details are processed by Stripe. HiredFast does not store full card numbers on its servers. AI features send the resume, profile, LinkedIn import text, job description, and generated context needed for the requested feature to OpenAI API services.

HiredFast may use security logs, rate-limit metadata, and error monitoring to protect the Service, investigate abuse, debug failures, and improve reliability. Access to operational systems is limited to people who need it to operate the Service.

If you believe you found a security issue, do not test against other users, access data that is not yours, or degrade the Service. Report the issue through the support form and select “Security,” or email security@hiredfast.io.