Security

Information Security at SupremeJobs

At SupremeJobs, we understand that trust is the foundation of our recruitment platform. Protecting the privacy and security of our users—candidates, employers, and partners—is our top priority.
We’ve implemented a comprehensive set of technical, organizational, and procedural measures to safeguard your personal data, ensuring compliance with global standards like the General Data Protection Regulation (GDPR) and ISO 27001 principles. Below, we outline the key security practices that keep your information safe.

Our Security Approach

SupremeJobs leverages industry-leading technologies and best practices to secure your data throughout its lifecycle—from collection to disposal. Our multi-layered security framework is designed to protect against unauthorized access, data breaches, and other threats, while maintaining the confidentiality, integrity, and availability of your information.


Cloud Infrastructure and Hosting

Amazon Web Services (AWS)
Our platform is hosted on AWS in US regions, utilizing a multi-tenant cloud architecture with logical separation of user accounts to ensure data isolation.

Elastic Container Services (ECS)
We deploy our application using Docker containers managed via Amazon ECS, with separate repositories for Nginx/PHP configurations and our Laravel-based app, ensuring scalability and consistency.

Application Load Balancing
An AWS Application Load Balancer distributes incoming traffic across multiple targets, enhancing reliability and performance while mitigating risks of overload or failure.

Route 53
Domain and subdomain management is handled through AWS Route 53, providing secure and resilient DNS services.

Data Encryption

At Rest
We use AWS Key Management Service (KMS) with AES-256 encryption to secure data stored in our RDS databases and files. Encryption keys are managed internally and accessible only to authorized personnel with appropriate access rights.

In Transit
All data moving between your device and our servers is protected by HTTPS connections encrypted with Transport Layer Security (TLS), ensuring end-to-end security.

Access Control and Authentication

Multi-Factor Authentication (MFA)
Employees and users accessing sensitive systems are required to use MFA (via SMS or email), adding an additional layer of protection beyond standard login credentials.

Role-Based Access Control (RBAC)
Access to personal data is strictly limited to authorized personnel based on their job responsibilities, enforced through granular permissions.

User Management
Candidates can register freely, while companies are required to provide a valid company registration number during sign-up. Access can be revoked by admins at any time to maintain platform integrity.

Application Security

Framework and Technologies
Our platform is built on Laravel, a secure PHP framework, with Bootstrap and jQuery for responsive front-end components. MariaDB powers our database, Redis handles caching, and Nginx serves as our web server—all containerized with Docker for consistency and security.

CI/CD Pipeline
We use AWS CodeBuild integrated with Bitbucket to automate builds and deployments, ensuring that updates are securely synced from our repositories to production environments.

Next-Generation Anti-Virus (NGAV)
All servers run NGAV software to detect and prevent malware, complemented by Windows Anti-Virus and AWS firewall settings for layered protection.

Data Protection and Compliance

We align our practices with global data protection regulations to ensure your rights are upheld and your data is handled responsibly.

Data Minimization

We collect only the data necessary for our services (e.g., identity, contact, and job-related information) and clearly mark required fields to enhance transparency.

Retention and Disposal

Personal data is retained only as long as needed—candidate data for up to 5 years after last interaction, employee data for 7 years post-employment—and securely disposed of using certified shredding for physical records and secure deletion software for digital data.

Audit Logging

Security and application event logs are captured, protected from tampering, and retained for at least 90 days. RDS logs are managed by AWS and rotated automatically, accessible only to support users with temporary permissions.

Regulatory Standards

Our policies comply with GDPR and align with ISO 27001 principles, supported by regular audits and risk assessments conducted by our Data Protection Officer (DPO).

Resilience and Recovery

SupremeJobs is prepared to maintain service continuity and recover quickly from disruptions.

Daily Backups

Our AWS RDS database is backed up daily, with point-in-time recovery options to minimize data loss.

Disaster Recovery

In the event of an RDS Single-AZ instance failure, our Recovery Time Objective (RTO) ranges from 1 to 10 minutes, depending on database size, and our Recovery Point Objective (RPO) is typically 5 minutes. Cloned cloud images of our UI and WebAPI applications ensure rapid restoration if needed.

Incident Response

Our robust incident response plan includes immediate containment, investigation, and notification within 72 hours if a breach poses a high risk to users, as required by law.

Vulnerability Testing and Assurance

We proactively test our systems to identify and address potential security risks.

Vulnerability Testing

After every major release, we conduct thorough vulnerability tests to ensure our platform remains secure against emerging threats.

Penetration Testing

We perform one comprehensive penetration test annually, simulating real-world attacks to validate the strength of our defenses and address any weaknesses.

Browser and Device Support

Our platform is optimized for secure access across modern desktop browsers (Chrome, Safari, Edge) and mobile browsers (Chrome, Safari), ensuring a consistent and safe user experience. Password recovery is available via the email used for registration, keeping account access secure yet convenient.

Ongoing Commitment

Security is an evolving process. Our Data Protection Officer and Data Protection Committee conduct quarterly reviews and annual audits to assess our practices, address vulnerabilities, and adapt to emerging threats. We also provide regular security awareness training to our employees and contractors to foster a culture of vigilance.

Contact Us

Have questions about our security measures?

Reach out to our Data Protection Officer at privacy@supremejobs.com. We’re here to ensure your peace of mind while using SupremeJobs.