Security
Sovereign security for your career records
Learn how VeriWorkly protects your resumes, cover letters, portfolios, and invoices using local-first browser storage, decoupled document sandboxes, and cloud sync options.
Least Privilege Architecture
Our services are built on minimal access. By default, the application runs entirely inside your browser tab. We don't harvest or aggregate your career documents.
Decoupled Data Sandboxes
Your documents copy data from your Master Profile but remain isolated. Edits, visual scales, or deletions within templates do not leak to other assets.
Responsible Disclosure
We investigate security vulnerabilities proactively. We ask that potential flaws are reported privately to our team before publishing publicly.
Encryption boundaries
- •Browser Sandbox: All core files compile locally. Your credentials are never uploaded to a remote parsing backend during PDF generation.
- •Cloud Backups: If you register and log in, your Master Profile and sandbox documents are backed up and synchronized to our cloud. Connections are encrypted in transit via SSL/TLS and secured by Better Auth OTP.
- •Public Portfolios & Subdomains: Portfolios published to subdomains (e.g. username.veriworkly.com) are serveable publicly. Visitors' views are tracked in aggregate without using cookies.
Vulnerability reporting
If you discover a security flaw or vulnerability in our database schema, authentication client, or server routing, please send details privately to [email protected].
We will acknowledge receipt within 24 hours and patch validated vulnerabilities quickly. Please do not publish exploit details in GitHub discussions or public forums before a fix is released.