Security & Privacy
CanCareer handles real information about real people — applications, resumes, survey answers, and consent. We protect it the way a workforce program needs: the right people see the right data, individuals stay in control of theirs, and it’s safeguarded at every step.
Everyone sees only what they should
For organizations running a program, access follows the shape of the program. No one sees across the lines — not other cohorts, and not other organizations.
- Administrator — sees the whole organization
- Coach — sees only their assigned cohort
- Participant — sees only their own record
You stay in control
Nothing happens without consent. Each person agrees before they take part, and that agreement is captured with their signature and the date. If someone asks to be removed, we permanently erase their record and everything connected to it — applications, resumes, uploaded files, and survey answers included.
Protected at every layer
Information is encrypted while it travels and while it’s stored, every action requires a secure sign-in, and access is recorded.
Reporting that protects individuals
Outcome and equity reports show the big picture without exposing anyone. When a group is small, the numbers are automatically held back — so no individual can be identified from a statistic. Self-identified demographic information is optional and is used only for aggregate reporting, never to gate anyone’s access.
Technical detail
For IT and privacy reviewers — the specifics behind the summary above.
Hosting & encryption
CanCareer runs entirely on Cloudflare’s developer platform (Workers, D1, R2, Vectorize, and Workers AI) — there are no self-managed servers to patch. Data is encrypted in transit (TLS) everywhere and at rest for the database and file storage. There is no public database access; storage is reachable only through the access-controlled application.
Access control & isolation
Access is role-based (participant, coach, organization admin, and platform admin). Every program API is permission-gated and organization-scoped — one organization cannot read another’s data. This is enforced in code and covered by an automated isolation test that runs in CI.
Within an organization, access is scoped per cohort: a coach sees only the cohorts they’re assigned to (admins/directors see all), enforced on every surface that shows participant information — case views, notes, surveys, course progress, schedules, and reports.
Authentication
Sign-in is passwordless magic-link (email-based) with expiring sessions, so there are no passwords to leak or reuse. Sensitive identity actions (claiming an account, access changes) are recorded.
Auditing & monitoring
Sensitive identity and access actions are audit-logged, and the platform has runtime observability for errors and anomalies.
Backups & recovery
The database supports point-in-time recovery (Cloudflare D1 Time Travel) and file storage is durable and replicated. Deletions propagate to backups within the backup-rotation window.
Privacy & data minimization
We practice data minimization and align to Canadian privacy expectations (PIPEDA). Self-identified equity and earnings information is optional and consent-based, and is used only for a program’s aggregate outcomes reporting — funder reports contain no per-person demographic data, and small groups are suppressed so individuals can’t be re-identified.
Your data, your control
Your data is yours. Records, outcomes, and generated artifacts can be exported at any time. Deletion removes the record and everything connected to it — applications, resumes, uploaded files, survey answers, and AI-derived artifacts — with the same cleanup reaching file storage. No lock-in.
AI you can trust
AI assists people; it never acts on its own. It never auto-applies to jobs, and no resume is sent to an employer without a person’s approval. Generated resumes are grounded in your real experience — the system re-expresses what you actually did rather than inventing achievements. Matching carries fairness invariants, so someone’s barriers never lower their match score. We never use your data to train or fine-tune AI models.
Vulnerability & secrets management
Secrets are held in a managed secrets store, never in code or the repository. Dependency updates are tracked, and there is a responsible-disclosure contact for reporting security issues.
Vendor access
Production data access is least-privilege and need-to-know, used only for support and operations, and the underlying account is protected by multi-factor authentication. We never sell or share your data.
Have a security question, or want to report an issue? Use the Feedback link in the footer, or email han@cancareer.com.
CanCareer