Your personal and professional information is valuable and sensitive. FindVil takes data security seriously and implements comprehensive measures to protect your information from unauthorized access, disclosure, alteration, and destruction. This article explains our security practices and what you can do to help keep your account secure.
Understanding Data Security Risks
No online service can guarantee absolute security. While FindVil implements industry-leading security practices, it's important to understand the nature of online security risks and how we work to mitigate them.
Common Security Threats
Online services face various security threats including unauthorized access attempts through password guessing or phishing, malware and viruses that could compromise user devices, man-in-the-middle attacks attempting to intercept data transmission, data breaches targeting stored information, and social engineering schemes designed to trick users into revealing credentials.
FindVil's multi-layered security approach addresses these threats through technical controls, operational procedures, and user education.
FindVil's Security Infrastructure
We employ comprehensive security measures across all aspects of our Service.
Data Encryption
All sensitive data is encrypted both in transit and at rest. Encryption in Transit: All data transmitted between your device and FindVil's servers is encrypted using industry-standard SSL/TLS protocols. This ensures that information cannot be intercepted and read during transmission. You can verify this encryption by looking for "https://" in your browser's address bar and the padlock icon indicating a secure connection.
Encryption at Rest: Sensitive data stored on our servers, including uploaded resumes, personal information, and account details, is encrypted using strong encryption algorithms. This means that even if someone gained unauthorized access to our storage systems, they could not read the encrypted data without the encryption keys, which are stored separately and securely.
Secure Authentication
FindVil supports multiple secure authentication methods. Password-Based Authentication: If you register with email and password, your password is never stored in plain text. Instead, we use cryptographic hashing algorithms to create a one-way hash of your password. When you log in, we hash the password you enter and compare it to the stored hash—we never have access to your actual password.
Google Authentication: When you use Google authentication, you benefit from Google's robust security infrastructure, including their advanced threat detection, two-factor authentication support (if you enable it on your Google account), and secure OAuth protocols that never share your Google password with FindVil.
Access Controls: Our systems implement strict access controls limiting who can access user data. Only authorized employees with legitimate business needs can access personal information, and all access is logged and monitored. We use role-based access control (RBAC) ensuring employees can only access the specific data and systems necessary for their job functions.
Payment Security
All payment processing happens through Stripe, the world's leading internet payment processor. Stripe maintains PCI-DSS Level 1 certification—the highest level of payment industry security standards. When you enter payment information, it goes directly to Stripe's secure servers, not to FindVil.
FindVil never stores complete credit card numbers. We only receive and store limited information (last four digits, expiration date, card brand) for display purposes in your billing history. Your complete financial information remains exclusively with Stripe, protected by bank-level security measures including encryption, tokenization (replacing sensitive data with non-sensitive equivalents), fraud detection and prevention systems, and regular third-party security audits.
This architecture ensures your payment information is 100% safe when using FindVil—we simply don't have the data to compromise even if our systems were breached.
Infrastructure Security
FindVil's technical infrastructure incorporates multiple layers of security. Secure Hosting: We use reputable cloud infrastructure providers with certified security practices, including physical security at data centers, redundant systems for reliability, regular security patching and updates, and distributed denial-of-service (DDoS) protection.
Network Security: Our network architecture includes firewalls protecting against unauthorized access, intrusion detection and prevention systems, network segmentation isolating different system components, and monitoring and logging of all network traffic for security analysis.
Application Security: Our application code undergoes regular security reviews including security-focused code reviews before deployment, automated security testing as part of our development process, vulnerability scanning to identify potential security issues, and penetration testing by security professionals to identify and address weaknesses.
Data Backup and Recovery
We maintain regular backups of all data to protect against data loss from technical failures, accidental deletion, or security incidents. Backups are encrypted and stored securely in geographically distributed locations. If data loss occurs, we can restore your information from recent backups.
Our disaster recovery procedures ensure business continuity even in the event of major system failures or security incidents, minimizing service disruption and protecting your data integrity.
AI Processing Security
Your resumes and other content are processed through artificial intelligence systems to generate search criteria, tailored documents, and job matches. These AI systems operate securely within FindVil's protected infrastructure.
Secure AI Operations: AI processing happens on FindVil's secure servers, never on your local device. Your data is never sent to external AI services or third parties for processing. The AI models themselves are proprietary and protected from unauthorized access or tampering.
Temporary Processing: When AI analyzes your content, the processing is temporary—we don't permanently store intermediate AI processing states beyond what's necessary to generate your results. Once your tailored resume or search criteria is created, the temporary processing data is discarded.
Model Training: While we use aggregated, anonymized data to improve AI models over time, individual user data is never used in ways that would compromise your privacy or allow others to identify your specific information.
Operational Security Practices
Beyond technical measures, FindVil maintains operational security practices protecting your data.
Employee Training: All FindVil employees receive security training covering data protection principles, recognizing and reporting security threats, proper handling of sensitive information, and compliance with privacy regulations.
Background Checks: Employees with access to user data undergo background checks appropriate for their level of data access.
Incident Response: We maintain security incident response procedures enabling rapid detection of security issues, immediate containment of breaches, investigation and remediation of root causes, notification of affected users when required, and coordination with law enforcement when appropriate.
Security Monitoring: Our systems include continuous security monitoring with alerts for suspicious activities, regular log reviews to identify potential security issues, automated threat detection, and analysis of patterns indicating possible security compromises.
Third-Party Security
While FindVil controls security for our own systems, we also carefully select and vet third-party service providers who access user data.
Vendor Security Requirements: Service providers must meet our security standards including encryption of data in transit and at rest, regular security audits and certifications, incident notification requirements, and compliance with relevant privacy regulations.
Limited Data Sharing: We share only the minimum necessary data with service providers. For example, our email service provider receives email addresses and message content for delivery purposes, but not your full profile or resume information.
Service Provider Agreements: Legal agreements with service providers include data protection obligations, confidentiality requirements, and prohibitions on using data for purposes beyond providing services to FindVil.
User Responsibility for Account Security
While FindVil provides robust security infrastructure, your cooperation is essential for protecting your account.
Strong Password Practices
If you use password-based authentication, follow these guidelines. Create Strong Passwords: Use at least 12 characters combining uppercase and lowercase letters, numbers, and special symbols. Avoid dictionary words, personal information (names, birthdays), or common patterns. Never reuse passwords across different services.
Password Managers: Consider using a reputable password manager to generate and store strong, unique passwords for all your accounts including FindVil.
Password Updates: Change your password if you suspect it may have been compromised, if you've used the same password on another service that experienced a data breach, or periodically as a security best practice (every 6-12 months).
Secure Login Practices
Protect your account through safe login behaviors. Avoid Public WiFi: Don't log in to FindVil from unsecured public WiFi networks where traffic could be intercepted. If you must use public WiFi, use a VPN (virtual private network) for encryption.
Verify URLs: Always verify you're on the actual FindVil website (https://findvil.com) before entering credentials. Phishing attacks often use fake websites with URLs similar to legitimate sites.
Log Out: Always log out when using FindVil on shared or public computers. Don't save passwords in browsers on shared devices.
Device Security: Keep your devices secure with up-to-date operating systems and security patches, antivirus and anti-malware software, device passwords or biometric locks, and caution about installing unknown software or clicking suspicious links.
Recognizing Phishing and Social Engineering
Be alert to attempts to trick you into revealing your credentials. Phishing Emails: FindVil will never email you asking for your password, requesting urgent login to resolve "security issues," or linking to login pages (we'll direct you to visit findvil.com directly). Be suspicious of urgent or threatening language, emails from addresses that don't end in @findvil.com, or requests for sensitive information via email.
Suspicious Communications: If you receive any communication claiming to be from FindVil that seems suspicious, don't click links or provide information. Instead, go directly to findvil.com and log in normally, or contact support@findvil.com to verify whether the communication was legitimate.
Reporting Security Concerns
If you suspect security issues, contact us immediately. Report if you believe your account has been accessed without authorization, you've received suspicious emails claiming to be from FindVil, you've discovered a potential security vulnerability in the Service, or you've noticed unusual activity in your account.
Contact us at support@findvil.com with "Security Concern" in the subject line. We take all security reports seriously and will investigate and respond promptly.
Privacy by Design
FindVil incorporates privacy and security considerations into every aspect of Service design and development.
Data Minimization: We collect only the information necessary to provide the Service effectively. We don't request unnecessary personal information or retain data longer than needed.
User Control: You maintain control over your information including what you upload, whether your profile is public or private, which information displays in your public profile, and when you want to export or delete your data.
Transparency: We clearly communicate our data practices through our Privacy Policy and help articles. We notify you of significant changes to how we handle your data.
Default Privacy: Settings default to more privacy-protective options. For example, profiles are private by default—you must explicitly choose to make your profile public.
Compliance and Certifications
FindVil complies with applicable data protection laws and regulations including relevant provisions of the GDPR for European users, CCPA for California residents, and other state and federal privacy laws in the United States.
While we are a growing company and may not yet hold all industry security certifications, we follow security best practices aligned with recognized frameworks and standards.
What to Do If There's a Security Incident
Despite all protective measures, security incidents can potentially occur in any online service. If FindVil experiences a security incident affecting your data, we will respond quickly and transparently by promptly investigating and containing the incident, notifying affected users as required by law and as appropriate given the circumstances, providing information about what data was affected and what steps we're taking, offering guidance on how you can protect yourself, and implementing additional security measures to prevent similar incidents.
We will communicate with affected users via email at the address associated with your account, so ensure your email address is current and that you monitor it regularly.
Continuous Security Improvement
Security is not a one-time project but an ongoing commitment. FindVil continuously works to improve our security posture through regular security assessments and audits, staying current with emerging threats and security best practices, updating systems and software with security patches, training employees on evolving security risks, and listening to security feedback from users and security researchers.
Your data security is fundamental to FindVil's success and your trust. We are committed to maintaining robust security measures protecting your information while providing the powerful AI features that make your job search more effective. By combining our technical safeguards with your security awareness, we create a secure environment for your professional information.