Legal

Cybersecurity Policy

Effective Date: July 13, 2026

JobsU, Inc. ("JobsU," "we," "our," or "us") is committed to protecting the security of your personal information and the integrity of the JobsU platform. This Cybersecurity Policy describes the security measures we implement, how we respond to security incidents, and how you can help protect your account. This policy should be read in conjunction with our Privacy Policy and Terms of Service.

1. Scope

This policy applies to all systems, applications, and infrastructure operated by or on behalf of JobsU, Inc. in connection with the JobsU platform, including:

2. Our Security Commitments

JobsU implements commercially reasonable technical, administrative, and organizational safeguards designed to protect the confidentiality, integrity, and availability of user data.

2.1 Encryption

All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Sensitive data stored in our database infrastructure is encrypted at rest using AES-256 or equivalent encryption standards provided by our infrastructure partners.

2.2 Access Controls

Access to user data is restricted on a need-to-know basis. JobsU personnel who require access to production systems or user data are subject to role-based access controls and are required to use multi-factor authentication (MFA). Administrative access is logged and subject to periodic review.

2.3 Authentication

User accounts are protected by password-based authentication and, where supported, multi-factor authentication. Passwords are hashed using industry-standard algorithms and are never stored in plaintext. Session tokens are time-limited and revocable.

2.4 Security Assessments

We conduct regular reviews of our security posture, including dependency audits, code review practices, and monitoring of our infrastructure for known vulnerabilities. As the platform scales, we will expand our assessment program to include third-party penetration testing and formal security audits.

2.5 Monitoring and Logging

We maintain security logs for authentication events, administrative actions, and system access. These logs are monitored for anomalous activity and retained in accordance with our data retention practices described in the Privacy Policy.

3. Security Incident Response

JobsU maintains an incident response process to identify, contain, and remediate security incidents that may affect user data or platform integrity.

3.1 Detection and Containment

Upon identification of a suspected security incident, JobsU will take immediate steps to contain the incident, assess its scope and impact, and preserve evidence for investigation.

3.2 Breach Notification

In the event of a confirmed data breach affecting your personal information, JobsU will notify affected users in accordance with applicable law, including the New York SHIELD Act, Massachusetts data breach notification law (M.G.L. ch. 93H), and any other applicable state or federal breach notification requirements. Notifications will include:

3.3 Remediation

Following any confirmed incident, JobsU will conduct a root cause analysis, implement corrective measures to prevent recurrence, and update security procedures as appropriate.

4. Responsible Disclosure and Vulnerability Reporting

We value the work of independent security researchers and welcome responsible reports of potential vulnerabilities in the JobsU platform. If you believe you have found a security vulnerability, please report it to us at security@jobsu.app.

4.1 What to Include

When reporting a vulnerability, please provide:

4.2 Our Commitments to Reporters

We will acknowledge receipt of your report within 5 business days and provide a timeline for resolution. We will not pursue legal action against individuals who report vulnerabilities in good faith, in compliance with this policy, and who do not access, modify, or delete user data beyond what is necessary to demonstrate the vulnerability. We ask that reporters refrain from publicly disclosing a vulnerability until we have had a reasonable opportunity to investigate and address it.

4.3 Out of Scope

The following are not within scope for this responsible disclosure policy: social engineering attacks (including phishing) against JobsU employees or users, denial-of-service testing, physical security testing, and any testing that degrades, disrupts, or damages the platform or user data.

5. Protecting Your Account

Users play an important role in maintaining the security of the platform. We encourage all users to:

6. Third-Party Service Security

JobsU relies on established third-party service providers for critical platform functions. These providers maintain their own security certifications and compliance programs:

JobsU selects third-party providers that meet our security standards and enters into data processing agreements where required. However, JobsU does not control and is not responsible for the security practices of third-party providers.

7. Data Protection Practices

For comprehensive information about how we collect, use, retain, and protect your personal information, please refer to our Privacy Policy. For information about your rights regarding your personal data — including rights of access, correction, deletion, and portability — see Section 7 of the Privacy Policy.

8. Changes to This Policy

We may update this Cybersecurity Policy from time to time to reflect changes in our security practices, technology, or legal requirements. When we make material changes, we will post the updated policy on the platform with a new effective date and, where practicable, notify users through email or in-app notification.

9. Contact Us

If you have any questions about this Cybersecurity Policy, our security practices, or wish to report a security concern, please contact us:

JobsU, Inc. — Attn: Security
2 Clifford Street, Norwalk, CT 06853
Security reports: security@jobsu.app
General inquiries: support@jobsu.app
Website: jobsu.app