Security
Our commitment to protecting your data
🔒 AES-256 Encryption
🛡️ SOC 2 Ready
🔑 AWS KMS
🚫 Zero-Knowledge CV
✅ TLS 1.2+
Infrastructure Security
- Encryption at rest: All data encrypted with AES-256 via AWS KMS.
- Encryption in transit: TLS 1.2+ on all communications.
- Network isolation: Backend in private VPC subnets.
- IAM least privilege: Minimal permissions per service.
Zero-Knowledge CV Processing
- Raw CV uploaded to encrypted S3.
- AI extracts professional summary.
- Raw file permanently deleted within 60 seconds.
- Only AI-generated summary retained.
Authentication & Access Control
- AWS Cognito: Enterprise-grade auth with MFA support.
- JWT tokens: Short-lived (1 hour) with secure refresh.
- Session isolation: Strict per-user data isolation.
- WebSocket auth: Custom Lambda authorizer.
Audio & Transcription Security
- Audio processed in real-time during practice sessions, never stored permanently.
- AWS Transcribe with encrypted streams.
- PII auto-detected and redacted via AWS Comprehend.
Application Security
- WAF: Rate limiting on all endpoints.
- DDoS: CloudFront + AWS Shield.
- Prompt injection: Security delimiters on all AI inputs.
Responsible Disclosure
Report vulnerabilities to builder@copilotinterview.ai. We respond within 48 hours.