Recruiter-grade. Enterprise-aware.
Carevra is built on managed cloud infrastructure with bank-grade encryption, isolated tenant data, and audited operational practices.
All data encrypted in our managed Postgres database.
Every byte between your browser and our servers is encrypted.
Database policies enforce that you can only ever read your own rows.
Automated dependency scanning and patching on every deploy.
Authentication
Authentication is handled by a managed identity provider. Passwords are hashed with bcrypt (cost factor 10+). Sessions use signed JWTs over HTTPS with automatic rotation. Google sign-in is available out of the box.
Data isolation
Every table that stores user content has row-level security policies enforced at the database layer — not the application layer. This means even an application bug cannot leak one user's resume to another.
AI provider
Tailoring requests are routed through a zero-retention AI gateway. The underlying model providers are contractually prohibited from training on or storing your inputs. We don't fine-tune any model on customer data.
Backups & deletion
Encrypted daily backups are retained for 7 days for disaster recovery. When you delete a resume, it's removed from the live database immediately and purged from backups within 7 days.
Reporting a vulnerability
We take security reports seriously. Email security@carevra.com with details and we'll respond within 48 hours. Please do not publicly disclose until we've had a chance to investigate and remediate.
Last updated: May 2026