Security

Encryption in Transit: All connections to ApplyPilot use TLS (Transport Layer Security) encryption. We enforce HTTPS and use modern TLS protocols (TLS 1.2 and 1.3).

Encryption at Rest: Your data stored in our databases is encrypted using AES-256 encryption.

Secure Storage: We use reputable cloud providers with SOC 2 compliance for data storage.

We use Clerk for authentication, which provides:

• Secure password hashing (bcrypt)
• Optional two-factor authentication (2FA)
• Session management with secure cookies
• Protection against brute force attacks
• OAuth integration with major providers

Payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. We never store your full credit card number — Stripe handles all payment information.

Access to user data is restricted to authorized personnel only, on a need-to-know basis. We maintain:

• Role-based access controls
• Audit logs of data access
• Regular access reviews
• Secure employee authentication

Help keep your account secure by:

• Using a strong, unique password
• Enabling two-factor authentication
• Not sharing your account credentials
• Logging out when using shared devices
• Keeping your devices and browsers updated

We appreciate the work of security researchers. If you discover a security vulnerability, please report it responsibly:

• Email: security@applypilotai.com
• Include detailed steps to reproduce the issue
• Allow us reasonable time to address the issue before public disclosure
• Don't access or modify other users' data

We commit to responding to security reports within 48 hours and keeping you informed of our progress.

For security-related questions, contact security@applypilotai.com