Skip to content
RoleSprint
Security

Security

Last updated: June 7, 2026

Security and careful data handling are foundational to RoleSprint. This page explains our principles and what we are building toward. We aim to be honest about where we are rather than overclaim.

01

Our security principles

  • Collect only the data we need to provide the product
  • Treat resume and career data as sensitive by default
  • Use reputable infrastructure and third-party providers
  • Be transparent about what we do and do not do yet
02

Sensitivity of career data

Your resume, target roles, and application history say a lot about you. We treat this information as sensitive and use it only to provide the features you ask for, such as analyzing a role or generating tailored materials.

03

Secure account handling (planned)

Accounts are part of how RoleSprint will work. As we build account creation, we are designing for secure authentication and for giving you control over your data. We will describe specifics here as those systems go live.

04

Encryption in transit

Data sent between your browser and RoleSprint is encrypted in transit using HTTPS. As storage and account features launch, we will apply protections appropriate to the data we hold.

05

Access control

We follow the principle of least privilege. Access to systems and data is limited to what is needed to operate and support the product, and we aim to keep that access tight as the team and product grow.

06

Payments

Paid plans are not active yet. When billing launches, payments will be processed by a trusted third-party payment provider. We do not intend to store full payment card details ourselves.

07

Responsible data handling

We aim to collect the minimum data needed, retain it only as long as useful, and give you ways to access or delete your information. Our Privacy Policy covers data use and retention in more detail.

08

Reporting a vulnerability

If you discover a security issue, we want to hear about it. Please email hello@rolesprint.io with the details and we will look into it. We appreciate responsible disclosure and ask that you give us a reasonable chance to address an issue before sharing it publicly.

09

What we do not claim yet

We want to be clear about our current stage. As of today, RoleSprint does not claim:

  • SOC 2, ISO 27001, HIPAA, or PCI certification
  • Formal third-party security audits or penetration tests
  • Compliance certifications under specific privacy regulations

We will update this page as our security program matures and as any of these change.

Security questions or reports

Reach our team at hello@rolesprint.io. This page reflects our current practices and will be updated as RoleSprint grows.