Security

Architecture Separation

Seeker separates its user-facing frontend from its intelligence processing infrastructure. These are independent systems connected over HTTPS.

• The frontend serves the web application and forwards requests to the API gateway. It never processes resume content directly.
• The API gateway receives requests and routes them to internal processing services running on isolated infrastructure.
• Backend intelligence services (parsing, scoring, matching) operate on a private network and are not directly accessible from the public internet.

This separation reduces the attack surface and allows security controls to evolve independently across layers.

Resume Handling Lifecycle

Resume files follow a controlled lifecycle:

• Uploaded via encrypted HTTPS connection
• Forwarded immediately to processing infrastructure. Never stored on the frontend server
• Processed to extract structured career data
• Raw files are deleted after processing completes
• Structured metadata is retained only as needed to deliver analysis results

Resume content is never logged, cached in browsers, or sent to analytics providers.

Data Minimization

• We do not sell personal data.
• We do not use resumes for advertising or lead generation.
• We do not train generalized AI models on resume data.
• Access to uploaded data is restricted to system operations required to deliver the service.
• Analytics events are explicitly declared. Autocapture is disabled.

Encryption

All data transmitted between your browser and our servers is encrypted using HTTPS with modern TLS. Data at rest is encrypted where supported by our infrastructure providers. No API keys, tokens, or secrets are exposed in client-side code.

Rate Limiting and Abuse Prevention

Upload and feedback endpoints enforce rate limits to prevent abuse. IP-based throttling is applied at the application layer. Excessive or automated access may result in temporary restriction.

Access Control

Internal tools and administrative interfaces require authentication. Access to production systems is restricted to authorized personnel. Administrative sessions use HTTP-only secure cookies with strict same-site policies and limited time-to-live.

Client-Side Security

• Resume files are processed server-side. After upload, resume content does not remain in the browser.
• File deduplication uses a SHA-256 hash computed locally. The hash cannot reconstruct the original document.
• No secrets, API keys, or backend credentials are included in client JavaScript bundles.

Responsible Disclosure

If you believe you have discovered a security vulnerability, please report it to security@danylchukstudios.dev. We take all reports seriously and will respond promptly. We ask that you allow us reasonable time to investigate and address the issue before disclosing it publicly.

Continuous Improvement

Security is an ongoing investment. As the platform grows, our safeguards will continue to mature. We regularly review our practices and update our approach as the threat landscape evolves.

Related Policies

For details on data collection and usage, see our Privacy Policy. For platform usage rules, see our Terms of Service.