TheSHFTApp logo
Menu
HomePricing
SHFTR Resources โŒ„
Free Tools
ATS Resume ScanCareer DirectionWorker DiscoveryCareer RoadmapAnswer VaultResume HelpInterview HelpFlexible Work Guide
Access Pass Tools
Smart Apply๐Ÿ”’ PassResume Builder๐Ÿ”’ PassCover Letter Writer๐Ÿ”’ PassInterview Prep๐Ÿ”’ PassApplication Tracker๐Ÿ”’ PassCareer Tools Dashboard๐Ÿ”’ PassUnlock Access Pass โ†’
Media โŒ„
BlogTutorialsVideos
About
Contact โŒ„
Contact UsBusiness FAQsSHFTR FAQsSupport
Sign InCreate Account
โ† Legal documents

Security

Security Overview

Overview of our security practices, controls, and data protection measures.

Effective: 2026-06-25Updated: 2026-06-25Version 1.0

1. Introduction

TheSHFTApp LLC ("TheSHFTApp") takes the security of your data seriously. This Security Overview describes the technical and organizational security measures we implement to protect the Platform, Services, and User Data. This document is a summary of our practices for transparency purposes and does not constitute a legally binding security warranty or certification claim.

2. Data Encryption

2.1 In Transit. All data transmitted between users and the Platform is encrypted using industry-standard Transport Layer Security (TLS). We enforce HTTPS across all Platform endpoints.

2.2 At Rest. Sensitive data stored in our databases, including Personal Information and Resume Data, is encrypted at rest using AES-256 or equivalent encryption standards.

2.3 Credentials. User passwords are stored as salted cryptographic hashes and are never stored in plaintext.

3. Access Controls

3.1 Principle of Least Privilege. Internal access to User Data is governed by role-based access control (RBAC). Personnel are granted access only to the minimum data required for their job function.

3.2 Authentication. Administrative access to production systems requires multi-factor authentication (MFA).

3.3 Employee Access Review. Access permissions are reviewed periodically and revoked promptly upon role change or employment termination.

4. Infrastructure Security

4.1 Cloud Infrastructure. The Platform is hosted on industry-standard cloud infrastructure providers that maintain their own security certifications (e.g., SOC 2, ISO 27001). TheSHFTApp leverages those provider certifications as part of its security posture.

4.2 Network Security. We implement firewalls, network segmentation, and intrusion detection monitoring appropriate to our infrastructure.

4.3 Vulnerability Management. We conduct security assessments, dependency scanning, and code reviews as part of our development lifecycle. Critical vulnerabilities are prioritized for immediate remediation.

5. Incident Response

5.1 Incident Detection. We maintain security monitoring and logging systems to detect potential Security Incidents.

5.2 Incident Response Plan. TheSHFTApp maintains an incident response plan covering detection, containment, investigation, remediation, and notification.

5.3 Notification. In the event of a Security Incident affecting your Personal Information, we will notify affected users as required by applicable law, which may require notification within 30โ€“72 hours of discovery.

5.4 Reporting. Security vulnerabilities may be reported through our Vulnerability Disclosure Policy. Contact: security@theshftapp.com.

6. Third-Party Security

6.1 Vendor Assessment. We review the security practices of Subprocessors and critical third-party vendors before engagement.

6.2 Contractual Obligations. Security requirements are included in our agreements with Subprocessors.

7. Application Security

7.1 Development Practices. We implement secure development lifecycle (SDLC) practices, including security review of code changes, dependency management, and testing.

7.2 Common Vulnerabilities. We take steps to address common application security risks including OWASP Top 10 vulnerabilities such as SQL injection, XSS, and authentication flaws.

8. Certifications and Compliance

TheSHFTApp does not currently hold independent SOC 2 Type II, ISO 27001, or HIPAA certifications. We leverage the certifications of our cloud infrastructure and service providers. We intend to pursue appropriate security certifications as the business scales. Current security practices are described in this document.

9. User Security Recommendations

We recommend all users:

  • Use a strong, unique password for your TheSHFTApp Account;
  • Enable multi-factor authentication if available;
  • Do not share Account credentials;
  • Log out from shared devices; and
  • Report any suspicious account activity to security@theshftapp.com immediately.

10. Contact

Security concerns: security@theshftapp.com Vulnerability disclosure: See Vulnerability Disclosure Policy

Questions about this document?

Contact legal@theshftapp.com ยท TheSHFTApp LLC ยท 13365 Arbor Pointe Circle, Apt 201, Tampa, FL 33617

All legal documentsContact legal