Privacy and Security
Your job search data is sensitive. Learn how we protect it.
Our Commitment
TrackMyRoles is built with privacy and security as foundational principles, not afterthoughts:
- We never sell your data to third parties
- We collect only what is necessary to provide the service
- You own your data and can export or delete it anytime
- We use industry-standard security practices
Data Encryption
In Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3. This protects your information from interception.
At Rest
Data stored in our database is encrypted using AES-256 encryption. Even if someone gained access to the raw database, they could not read your data.
Backups
Database backups are encrypted and stored securely with limited access controls.
Authentication
TrackMyRoles uses Clerk for authentication, providing enterprise-grade security:
Secure Password Storage
Passwords are hashed using bcrypt with salt. We never store plaintext passwords.
Two-Factor Authentication
Enable 2FA for an additional layer of security. Supports authenticator apps like Google Authenticator or Authy.
OAuth 2.0
Sign in with Google uses OAuth 2.0, meaning we never see or store your Google password.
Session Management
Sessions expire after inactivity. You can view and revoke active sessions from your account settings.
Infrastructure Security
TrackMyRoles is hosted on secure, certified infrastructure:
Vercel
Our application is hosted on Vercel, which is SOC 2 Type II certified and provides enterprise-grade security, DDoS protection, and automatic SSL certificates.
Neon Database
Our PostgreSQL database is hosted on Neon, which provides encrypted storage, automated backups, and SOC 2 Type II compliance.
Clerk Authentication
Clerk provides SOC 2 Type II certified authentication infrastructure with built-in protection against common attacks.
Who Can Access Your Data
Only You
Your job application data is only accessible to you. There is no shared access, and we do not view, analyze, or share your personal data with anyone.
Limited technical access may occur for:
- Support requests: Only if you explicitly request help and grant access
- Legal requirements: Only if legally compelled (we will notify you if allowed)
- System maintenance: Automated processes may access aggregated, anonymized data
Your Data Rights
TrackMyRoles supports GDPR and similar data protection regulations:
Right to Access
You can view all your data in the application and export it at any time in CSV format.
Right to Portability
Export your data in a standard format (CSV) that can be used with other services.
Right to Rectification
Edit any of your data at any time through the application interface.
Right to Erasure
Delete individual records, all your data, or your entire account from Settings.
Deleting Your Data
You have full control over your data deletion:
Delete Specific Records
Delete individual applications, contacts, interviews, or other records through the regular interface.
Delete All Data
Remove all your job search data while keeping your account active. Available in Settings.
Delete Account
Permanently delete your account and all associated data. This removes everything from our systems within 30 days and cannot be undone.
Security Best Practices
Help keep your account secure:
Enable Two-Factor Authentication
Add 2FA from your account settings for an extra security layer.
Use a Strong Password
If using email login, choose a unique password with at least 12 characters, mixing letters, numbers, and symbols.
Monitor Active Sessions
Periodically review your active sessions and revoke any you do not recognize.
Keep Backups
Export your data periodically to maintain a local backup.
Security Concerns
If you discover a security vulnerability or have concerns about your account security, please contact us immediately:
We take all security reports seriously and will respond within 24 hours.