At TailorMeSwiftly.com, we treat your career data with the highest level of security. This page
outlines exactly how your information is stored, encrypted, and protected.
1. Encryption in Transit
All data transmitted between your device and our servers is strictly encrypted in transit. We use
industry-standard HTTPS (TLS/SSL encryption) for every single network request. This ensures that
your resume text, job descriptions, and user profile information cannot be intercepted by third
parties while traveling across the internet.
2. Encryption at Rest (Cloud Storage)
Our backend infrastructure is powered by Supabase (built on PostgreSQL). All database data is
encrypted at rest by default using strong AES-256 encryption.
When you create an account, the following information is securely stored in this encrypted database:
- Your authentication records (managed by Supabase Auth).
- Basic profile details (such as your display name or avatar).
- Copies of your generated resumes and cover letters, ensuring you can access your application
history from any device.
- Learning roadmaps, skill gap analyses, study guide progress, and XP scores from Tailor My Learning.
- Anonymous crash logs to help us improve the application's stability.
3. Local Browser Storage (Your Device)
To provide a snappy user experience and allow certain tools to work immediately without requiring an
account, we rely heavily on your browser's local storage (localStorage).
- Cached Inputs: The last resume you pasted or uploaded is cached locally on your
device so you don't have to re-upload it on your next visit.
- Preferences: Your UI preferences (such as Light Mode vs. Dark Mode) and custom
AI tailoring instructions are saved directly to your browser.
- Stateless Tools: Some tools store their tracking data exclusively on your
device unless you choose to create an account to sync them.
Security Tip: Because this data lives directly within your web browser, it is only as secure
as the device you are using. If you are on a public or shared computer, we recommend signing out or
clearing your browsing data after use.
4. Client-Side Processing
- Real-Time ATS Scoring: The live scoring feature in the resume editor extracts keywords from the job description and scores your resume entirely in your browser. No data is sent to our servers for this feature.
- Phrase Library Caching: AI-generated resume phrases are cached in your browser's session storage after initial generation. Cached data is cleared when you close your browser tab.
5. News Briefing & Podcast Data
- Briefing content (text, interests, sources, story reactions, and story thread data) is stored in our encrypted Supabase database, associated with your user ID. Row-level security policies ensure you can only access your own reactions and story threads.
- Podcast audio files are stored in Supabase Storage with public access URLs for RSS feed delivery. We retain the last 10 audio files per user; older files are automatically purged.
- RSS podcast feeds are served at user-specific URLs. These feeds contain your briefing audio and metadata but do not expose your email or account information.
6. Hosting & Infrastructure
Our site is hosted on GitHub Pages, which provides automatic SSL certificate provisioning and serves static assets over HTTPS. Deployments are triggered automatically from the main branch.
Backend services (authentication, database, edge functions, file storage) are managed by Supabase, hosted on AWS infrastructure with SOC 2 Type II compliance.
7. Payment Processing
All payment processing is handled by Stripe. We never see, store, or transmit your credit card number, CVV, or billing details. Payment information is sent directly from your browser to Stripe's PCI DSS Level 1 certified servers. We only receive a confirmation of your subscription status.
8. Third-Party AI Processing
We use third-party APIs strictly to process text and generate content:
- Google Gemini API: Generates tailored documents, interview prep, and news briefing summaries. API Terms.
- Inworld AI: Generates text-to-speech narration for podcast briefings. Terms.
- GNews API: Fetches publicly available news articles. No personal data is sent beyond your interest keywords.
- Resend: Delivers email briefings. Your email address is shared only for delivery purposes.
We access AI services through paid API tiers whose terms state that data submitted is not used to train their models.
9. Security Audits & Updates
We regularly audit our dependencies, update our Supabase client libraries, and monitor our edge
functions to ensure we are protected against the latest security vulnerabilities. Content Security Policy headers are enforced on all pages to mitigate XSS and injection attacks.