Security here is mostly architectural — the safest data is the data we never handle. Here's how the product is built to protect you.
All the thinking runs in your own AI client and browser. We make zero server-side LLM calls, so your prompts and conversations never reach us — there’s no model on our side to leak them, and nothing to train on your data.
We use magic-link sign-in — there is no password to phish, reuse, or breach. Sessions are scoped and can be revoked from your dashboard. Connecting your AI client uses standard OAuth, with a grant you can revoke at any time.
The hosted database enforces row-level isolation so your data is only ever reachable by you. It’s a structural guarantee, not a per-query convention.
Traffic is encrypted in transit (TLS). Optional demographic (EEO) data is encrypted at rest and never used in scoring. Your salary floor is a private field, used only to filter matches.
Card payments are handled by Stripe. We never see or store your full card details.
Found a vulnerability? We welcome reports and will work with you in good faith. Email security@mcpfor.work — please give us reasonable time to fix before public disclosure.