Encryption & access control
    Security-focused cloud infrastructure

    Data Security at Blockchain4Talent

    An overview of the technical and organisational measures we use to protect accounts, profiles, CVs and platform interactions, including encryption, access control, AI processing boundaries and monitoring.

    Last updated: May 2026

    1. Password Security

    Passwords are never stored in plaintext. They are processed through modern cryptographic hashing algorithms with per-user salts and high work factors, so that the original password cannot be reconstructed from stored values.

    We also apply rate limiting and abuse-detection measures to login endpoints to reduce the risk of automated credential-stuffing or brute-force attacks.

    2. Encryption in Transit and at Rest

    In transit

    Modern TLS encryption

    Traffic between your browser and our platform is protected with modern TLS encryption, reducing the risk of interception or tampering on the network.

    At rest

    Encrypted storage

    Databases and file storage holding profiles, CVs and other personal data are encrypted at rest by our cloud infrastructure providers, using industry-standard algorithms and managed key services.

    3. Access Control

    Access to personal data is restricted on a need-to-know basis. The platform enforces role-based access (candidate, company, recruiter, admin) at the database level using row-level security policies, so that each user can only see and modify the data they are entitled to.

    Administrative access is limited to a small number of authorised personnel and is protected by strong authentication.

    4. AI Processing Boundaries

    Our AI features run on infrastructure that we control, and we set clear boundaries around how user data may be used:

    • We do not use user-submitted profiles or chat logs to train public third-party AI models.
    • If external AI processors are used for specific platform features (for example, language-model providers for parsing or summarisation), this is done under contractual safeguards and with appropriate data protection measures.
    • AI requests are limited to the data needed to perform a specific feature; we avoid sending unnecessary personal data to AI providers.

    5. Logging and Monitoring

    We collect technical and security logs to detect abuse, troubleshoot issues and support investigations. Logs are kept for a limited period and access is restricted to authorised personnel.

    6. Vulnerability Management

    We monitor our dependencies and infrastructure for known vulnerabilities and apply security updates in a timely manner. Where appropriate, we use automated scanners and managed security services provided by our cloud infrastructure providers, including firewalls and DDoS mitigation.

    If you believe you have discovered a security issue, please report it responsibly to compliance@blockchain4talent.com.

    7. Data Retention and Deletion

    Personal data is retained for as long as needed to provide our services and to comply with legal obligations. When an account is deleted, personal data is removed or anonymised from production systems within a reasonable period, and is rotated out of backups according to our backup retention schedule. More information about retention is available in our Privacy Policy.