Get Started

Security at Exibell

Your career data is sensitive. Here is exactly how we protect it.

Data Encryption

Your resumes, interview recordings, and career data are encrypted using AES-256 at rest and TLS 1.3 in transit. Access to raw data requires explicit authorization through role-based controls.

Access Control

We use role-based access controls, multi-factor authentication, JWT session management, and bcrypt password hashing to keep your account secure.

Secure Infrastructure

Built on AWS with isolated VPCs, automated backups, CloudFront CDN with DDoS protection, and 24/7 automated threat monitoring.

AES-256
Encryption Standard
TLS 1.3
In-Transit Encryption
< 72hrs
Breach Notification
Zero
Data Sold to Third Parties

Why this matters

Your career data is deeply personal. Resumes, interview recordings, and career assessments contain your work history, contact details, and professional goals. We treat it seriously.

How we handle security

Here is how security works across the platform, from password storage to API handling.

  • Passwords hashed with bcrypt, never stored in plaintext
  • JWT sessions with 30-day expiry and token rotation
  • Rate limiting on public endpoints to prevent brute-force attacks
  • Input validation and sanitization on all API endpoints
  • Regular dependency audits and automated security patches
  • Sensitive data never exposed in client-side code, logs, or error messages

What we do not do with your data

Plain and simple: here is what we will not do with your data.

  • Your resume data is not sold to recruiters, employers, or any third party
  • Interview practice recordings stay within your account and are not shared externally
  • Any AI model training uses only anonymized, aggregated data that cannot be traced to an individual
  • Account deletion removes all associated data and can be requested at any time
  • No third-party advertising trackers, and behavioral data is not sold

Infrastructure

We run on Amazon Web Services. Here are the specifics.

  • AWS hosting with SOC 2 compliant data centers
  • Database in an isolated VPC with encrypted connections, no public internet exposure
  • S3 storage with server-side encryption (SSE-S3) for all uploads
  • CloudFront CDN with AWS Shield for DDoS protection and edge caching
  • Automated daily backups with point-in-time recovery to prevent data loss

Compliance

We follow data protection laws in every region we operate in and get regularly audited.

  • GDPR compliant with full support for data portability, right to deletion, and consent management
  • CCPA compliant with California consumer privacy rights fully honored
  • Regular third-party security assessments and penetration testing
  • Incident response plan with a 72-hour notification commitment for any data breaches
  • Working toward SOC 2 Type II certification for independent verification of our security controls
GDPR CCPA SOC 2 (In Progress) AWS Shield

Found a vulnerability?

We want to hear about it. If you find a security issue, reach out to us at security@exibell.com. We commit to acknowledging all reports within 48 hours and will work with you to understand and address the issue promptly. We ask that you give us reasonable time to investigate and resolve vulnerabilities before making any public disclosure.

Your part

We handle the infrastructure side, but there are a few things on your end too.

  • Use a strong, unique password that you don't reuse across other services
  • Enable multi-factor authentication when available for an additional layer of protection
  • Never share your account credentials with anyone, including people claiming to be Exibell support
  • Always log out of your account when using shared or public devices
  • Report any suspicious activity or unauthorized access to security@exibell.com immediately