Information Security at SupremeJobs
At SupremeJobs, we understand that trust is the foundation of our recruitment platform. Protecting
the privacy and security of our users—candidates, employers, and partners—is our top priority.
We’ve implemented a comprehensive set of technical, organizational, and procedural measures to
safeguard your personal data, ensuring compliance with global standards like the General Data
Protection Regulation (GDPR) and ISO 27001 principles. Below, we outline the key security practices
that keep your information safe.
Our Security Approach
SupremeJobs leverages industry-leading technologies and best practices to secure your data throughout its lifecycle—from collection to disposal. Our multi-layered security framework is designed to protect against unauthorized access, data breaches, and other threats, while maintaining the confidentiality, integrity, and availability of your information.
Cloud Infrastructure and Hosting
Amazon Web Services
(AWS)
Our platform is hosted on AWS
in US regions, utilizing a multi-tenant cloud architecture with logical
separation of user accounts to ensure data isolation.
Elastic Container Services
(ECS)
We deploy our
application using Docker containers managed via Amazon ECS, with separate
repositories for Nginx/PHP configurations and our Laravel-based app,
ensuring scalability and consistency.
Application Load
Balancing
An AWS Application Load
Balancer distributes incoming traffic across multiple targets, enhancing
reliability and performance while mitigating risks of overload or failure.
Route 53
Domain and
subdomain management is handled
through AWS Route 53, providing secure and resilient DNS services.
Data Encryption
At Rest
We use AWS Key
Management Service (KMS) with
AES-256 encryption to secure data stored in our RDS databases and files.
Encryption keys are managed internally and accessible only to authorized
personnel with appropriate access rights.
In Transit
All data moving
between your device and our
servers is protected by HTTPS connections encrypted with Transport Layer
Security (TLS), ensuring end-to-end security.
Access Control and Authentication
Multi-Factor Authentication
(MFA)
Employees and users
accessing sensitive systems are required to use MFA (via SMS or email),
adding an additional layer of protection beyond standard login credentials.
Role-Based Access Control
(RBAC)
Access to personal
data is strictly limited to authorized personnel based on their job
responsibilities, enforced through granular permissions.
User Management
Candidates
can register freely, while
companies are required to provide a valid company registration number during
sign-up. Access can be revoked by admins at any time to maintain platform
integrity.
Application Security
Framework and
Technologies
Our platform is built on
Laravel, a secure PHP framework, with Bootstrap and jQuery for responsive
front-end components. MariaDB powers our database, Redis handles caching,
and Nginx serves as our web server—all containerized with Docker for
consistency and security.
CI/CD Pipeline
We use AWS
CodeBuild integrated with
Bitbucket to automate builds and deployments, ensuring that updates are
securely synced from our repositories to production environments.
Next-Generation Anti-Virus
(NGAV)
All servers run NGAV
software to detect and prevent malware, complemented by Windows Anti-Virus
and AWS firewall settings for layered protection.
Data Protection and Compliance
We align our practices with global data protection regulations to ensure your rights are upheld and your data is handled responsibly.
Data Minimization
We collect only the data necessary for our services (e.g., identity, contact, and job-related information) and clearly mark required fields to enhance transparency.
Retention and Disposal
Personal data is retained only as long as needed—candidate data for up to 5 years after last interaction, employee data for 7 years post-employment—and securely disposed of using certified shredding for physical records and secure deletion software for digital data.
Audit Logging
Security and application event logs are captured, protected from tampering, and retained for at least 90 days. RDS logs are managed by AWS and rotated automatically, accessible only to support users with temporary permissions.
Regulatory Standards
Our policies comply with GDPR and align with ISO 27001 principles, supported by regular audits and risk assessments conducted by our Data Protection Officer (DPO).
Resilience and Recovery
SupremeJobs is prepared to maintain service continuity and recover quickly from disruptions.
Daily Backups
Our AWS RDS database is backed up daily, with point-in-time recovery options to minimize data loss.
Disaster Recovery
In the event of an RDS Single-AZ instance failure, our Recovery Time Objective (RTO) ranges from 1 to 10 minutes, depending on database size, and our Recovery Point Objective (RPO) is typically 5 minutes. Cloned cloud images of our UI and WebAPI applications ensure rapid restoration if needed.
Incident Response
Our robust incident response plan includes immediate containment, investigation, and notification within 72 hours if a breach poses a high risk to users, as required by law.
Vulnerability Testing and Assurance
We proactively test our systems to identify and address potential security risks.
Vulnerability Testing
After every major release, we conduct thorough vulnerability tests to ensure our platform remains secure against emerging threats.
Penetration Testing
We perform one comprehensive penetration test annually, simulating real-world attacks to validate the strength of our defenses and address any weaknesses.
Browser and Device Support
Our platform is optimized for secure access across modern desktop browsers (Chrome, Safari, Edge) and mobile browsers (Chrome, Safari), ensuring a consistent and safe user experience. Password recovery is available via the email used for registration, keeping account access secure yet convenient.
Ongoing Commitment
Security is an evolving process. Our Data Protection Officer and Data Protection Committee conduct quarterly reviews and annual audits to assess our practices, address vulnerabilities, and adapt to emerging threats. We also provide regular security awareness training to our employees and contractors to foster a culture of vigilance.
Contact Us
Have questions about our security measures?
Reach out to our Data Protection Officer at privacy@supremejobs.com. We’re here to ensure your peace of mind while using SupremeJobs.