SECURITY AT TRACKR PRO

Enterprise-grade security

Built into every layer

Last updated: 2 May 2026

Trackr Pro manages highly sensitive career data. We treat security as a first-class citizen, ensuring your CVs, applications, and communications are protected by industry-standard encryption, strict access controls, and robust infrastructure.

For details on how we handle your data privacy and AI usage, see our Privacy and data page.

Data residency & hosting

Trackr Pro's primary infrastructure runs on top-tier global cloud providers to ensure low latency and high availability while maintaining strict data separation.

• Application Hosting: Vercel Global Edge Network
• Database: Fully managed Postgres hosted in secure cloud regions
• File Storage: Private, non-public object storage buckets for CVs and JD snapshots
• Backups: Automated daily backups with strict geographic redundancy policies

Encryption standards

We protect your data from the moment it leaves your device until it is safely stored in our databases.

• In Transit: All communications between your browser and our servers, and between our servers and our database/AI providers, are encrypted using TLS 1.2 or higher (HTTPS).
• At Rest: All structured database records and files stored in our object storage are encrypted at rest using industry-standard AES-256 encryption.
• Authentication Tokens: Handled securely using HTTP-only, secure cookies or strongly encrypted session tokens.

Access control

Access to your account and underlying infrastructure is strictly controlled and monitored.

• User Access: Handled by Clerk, a modern and highly secure authentication provider supporting multi-factor authentication, bot protection, and session management.
• Tenant Isolation: Our database schemas and application logic enforce strict tenant isolation, ensuring your queries only ever return your own data.
• Internal Access: Administrative access to production databases and servers is restricted to essential personnel, guarded by MFA and zero-trust VPNs, and requires documented business justification.

AI provider security

We carefully vet the security posture of the AI partners we use to power our intelligence layer.

• API Security: Connections to LLM providers are made exclusively over secure API channels via backend servers (your browser never communicates directly with the LLM API).
• Zero Data Retention policies: Where available, we explicitly opt out of data sharing for model training purposes. We only use providers that offer enterprise-level data compliance.
• Anonymisation: We scrub non-essential PII from payloads before transmitting context to AI services for tasks like CV-JD matching.

Security questions?

If you are a security researcher or have specific compliance questions, please contact us.