CanCareer

Security & Privacy

CanCareer handles real information about real people — applications, resumes, survey answers, and consent. We protect it the way a workforce program needs: the right people see the right data, individuals stay in control of theirs, and it’s safeguarded at every step.

Everyone sees only what they should

For organizations running a program, access follows the shape of the program. No one sees across the lines — not other cohorts, and not other organizations.

Your organizationCohort · Spring 2026Coach A · this cohort onlyCohort · Fall 2026Coach B · this cohort only
  • Administrator — sees the whole organization
  • Coach — sees only their assigned cohort
  • Participant — sees only their own record

You stay in control

Nothing happens without consent. Each person agrees before they take part, and that agreement is captured with their signature and the date. If someone asks to be removed, we permanently erase their record and everything connected to it — applications, resumes, uploaded files, and survey answers included.

Consentsigned & datedTake partin the programAsk to leaveany timeErasedfully removed

Protected at every layer

Information is encrypted while it travels and while it’s stored, every action requires a secure sign-in, and access is recorded.

Encrypted in transitEncrypted at restSecure sign-in requiredAccess recorded

Reporting that protects individuals

Outcome and equity reports show the big picture without exposing anyone. When a group is small, the numbers are automatically held back — so no individual can be identified from a statistic. Self-identified demographic information is optional and is used only for aggregate reporting, never to gate anyone’s access.

Technical detail

For IT and privacy reviewers — the specifics behind the summary above.

Hosting & encryption

CanCareer runs entirely on Cloudflare’s developer platform (Workers, D1, R2, Vectorize, and Workers AI) — there are no self-managed servers to patch. Data is encrypted in transit (TLS) everywhere and at rest for the database and file storage. There is no public database access; storage is reachable only through the access-controlled application.

Access control & isolation

Access is role-based (participant, coach, organization admin, and platform admin). Every program API is permission-gated and organization-scoped — one organization cannot read another’s data. This is enforced in code and covered by an automated isolation test that runs in CI.

Within an organization, access is scoped per cohort: a coach sees only the cohorts they’re assigned to (admins/directors see all), enforced on every surface that shows participant information — case views, notes, surveys, course progress, schedules, and reports.

Authentication

Sign-in is passwordless magic-link (email-based) with expiring sessions, so there are no passwords to leak or reuse. Sensitive identity actions (claiming an account, access changes) are recorded.

Auditing & monitoring

Sensitive identity and access actions are audit-logged, and the platform has runtime observability for errors and anomalies.

Backups & recovery

The database supports point-in-time recovery (Cloudflare D1 Time Travel) and file storage is durable and replicated. Deletions propagate to backups within the backup-rotation window.

Privacy & data minimization

We practice data minimization and align to Canadian privacy expectations (PIPEDA). Self-identified equity and earnings information is optional and consent-based, and is used only for a program’s aggregate outcomes reporting — funder reports contain no per-person demographic data, and small groups are suppressed so individuals can’t be re-identified.

Your data, your control

Your data is yours. Records, outcomes, and generated artifacts can be exported at any time. Deletion removes the record and everything connected to it — applications, resumes, uploaded files, survey answers, and AI-derived artifacts — with the same cleanup reaching file storage. No lock-in.

AI you can trust

AI assists people; it never acts on its own. It never auto-applies to jobs, and no resume is sent to an employer without a person’s approval. Generated resumes are grounded in your real experience — the system re-expresses what you actually did rather than inventing achievements. Matching carries fairness invariants, so someone’s barriers never lower their match score. We never use your data to train or fine-tune AI models.

Vulnerability & secrets management

Secrets are held in a managed secrets store, never in code or the repository. Dependency updates are tracked, and there is a responsible-disclosure contact for reporting security issues.

Vendor access

Production data access is least-privilege and need-to-know, used only for support and operations, and the underlying account is protected by multi-factor authentication. We never sell or share your data.

Have a security question, or want to report an issue? Use the Feedback link in the footer, or email han@cancareer.com.