Get discovered for the right jobs — create your free profile.
Log inGet Started

Security & Trust

Last updated: June 23, 2026

This page summarizes TraceRoster's current security practices in plain language and may evolve as the product matures. It is provided for transparency and does not constitute legal advice or a contractual warranty.

Protecting your data is fundamental to how we build and operate TraceRoster. Candidates trust us with resumes and personal details, and recruiters and clients rely on us to keep their workspaces safe. We take that responsibility seriously and apply layered safeguards across our application, infrastructure, and operations. This page describes the practices we have in place today.

1. Data protection

We protect your data both in transit and through how the application is designed:

  • Encryption in transit: traffic between you and the Service is encrypted using TLS, so data exchanged with TraceRoster is protected as it travels over the network.
  • Access controls and role-based authorization: every request is checked against the permissions of the account making it, so users can only access the data they are authorized to see and act on.
  • Least-privilege internal access: internal access to systems and data is limited to what is needed to operate and support the Service.
  • Protected file access: uploaded files such as resumes and images are never served from public buckets. They are delivered only through short-lived, expiring links, so access cannot be shared or reused indefinitely.

2. Account & authentication security

We build safeguards around accounts and sensitive actions to reduce the risk of unauthorized access:

  • Email verification: we require email verification before an account becomes fully usable, helping confirm that accounts belong to real, reachable owners.
  • Re-authentication for sensitive actions: destructive or high-impact actions, such as closing an account, require re-authentication with your account password before they proceed.
  • Use a strong, unique password: we encourage you to protect your account with a strong, unique password that you do not reuse on other services.

3. Privacy by design

Privacy considerations are built into the product rather than added afterward:

  • Data minimization: we collect and retain the information needed to provide the Service and avoid collecting more than necessary.
  • Candidate control: candidates control their discoverability in recruiter search and how their profile is shared, including revocable share links.
  • Self-serve export and erasure: you can export your personal data and permanently close your account directly from Settings.

For full detail on what we collect and the choices available to you, see our Privacy Policy.

4. Infrastructure, monitoring & vendors

We run TraceRoster on reputable cloud infrastructure and partner only with established service providers:

  • Reputable providers: our infrastructure and services are built on well-established cloud and service providers.
  • Continuous monitoring: we use ongoing monitoring, logging, and error tracking to help us detect, investigate, and respond to issues.
  • Vendor due diligence: we perform due diligence on the vendors we work with and put data-protection terms in place with them. A current list is available on our Sub-processors page.

5. Payments

Payment card data is collected and processed by our payment processor and is never stored by TraceRoster. This keeps sensitive card details out of our systems and within the scope of a specialized payments provider.

6. Your role in security

Security is a shared responsibility, and a few habits go a long way toward keeping your account safe:

  • Keep your password confidential and avoid reusing it on other services.
  • Be cautious of phishing attempts. We will never ask for your password by email, and you should access TraceRoster only through our official website.
  • Sign out of shared or public devices and let us know if you notice anything unusual with your account.

7. Responsible disclosure

We welcome reports from security researchers and users who identify potential vulnerabilities. If you believe you have found a security issue, please email us at support@traceroster.com with the details. We ask that you give us a reasonable amount of time to investigate and address the issue before disclosing it publicly, and that you avoid accessing or modifying data that is not your own.

8. A note on security

No online service can guarantee absolute security, and we will never claim otherwise. What we can commit to is working continuously to protect your data, to improve our safeguards as the product matures, and to be transparent about how we operate. If you have questions about our security practices, contact us at support@traceroster.com or see our Privacy Policy.