Security and data processing

Last reviewed 18 July 2026

This page explains the controls currently present in JOBE Recruit and the main data-processing relationships. It is written to help a recruiter assess the service without suggesting that risk can be eliminated.

Security summary

Where information is held

Current providers and processing roles

ProviderPurposeInformation involvedWhen used
SupabaseAuthentication, individual cloud workspaces, synchronisation, shortlist and feedback databaseAccount identifiers, individual customer workspace records and shortlist recordsSigned-in service use
RailwayWeb application, API hosting and protected Business shared-workspace storageRequests, operational logs, shared Business records and the other application-database categories described aboveAll production service use; shared records when Business team functionality is used
StripeCheckout, subscription status and customer billing portalEmail, selected plan, transaction and entitlement references; card details go directly to StripeTrial, purchase and billing management
AnthropicRequested extraction, structuring, summarisation, coaching, recruitment analysis and marketplace scoring or sales preparationThe text, image or corporate prospect fields needed for the requested functionOnly when an AI action is requested or a marketplace insight is prepared
OpenAIRequested audio transcription and, when configured, support assistanceAudio for transcription or support question textOnly when the relevant function is requested
GoogleAccount sign-in and optional Google AnalyticsAuthentication identity; approved screen labels and ordinary analytics request information after consentAt sign-in; analytics only after consent
ResendDeliver support-ticket notifications and team invitationsSupport contact, subject and message; or invited email address, owner email and team nameWhen a support report or team invitation is submitted and email delivery is configured
Companies HouseUK corporate identity and status lookup for marketplace researchCompany search terms, company number and public corporate data; not candidate recordsWhen corporate prospect research is requested

This list is updated when a material provider changes. Provider processing locations and safeguards can change; customers needing a particular residency commitment should obtain written confirmation before use.

Marketplace data boundaries

Controller and processor responsibilities

For candidate, client and customer-added recruitment records, the subscribing recruiter or recruitment business normally decides why and how the information is used and is the controller. JOBE acts as its processor when it stores, synchronises or sends those records to a provider to perform the user’s requested function. JOBE is separately an independent controller for account administration, billing, service security, support, consent-based analytics and corporate prospect research that JOBE sources or creates for the lead marketplace. When a customer saves, supplements or uses a marketplace record for outreach, the customer is a separate controller for that use.

Customer responsibilities

JOBE processing commitments

The standard Data processing addendum identifies Christopher John Howitt, trading as JOBE Recruit, as Processor and provides contractual processor clauses, assistance, sub-processor, deletion and audit terms. It becomes commercially complete only when the postal or service address flagged in the Terms is supplied. Customers requiring bespoke or separately signed terms should email chrisjhowitt@gmail.com before uploading personal information.

Current assurance limits

JOBE does not currently claim ISO 27001, SOC 2, Cyber Essentials or another independent security certification, and this page is not a penetration-test report or uptime SLA. Storage encryption, physical security and provider personnel controls depend partly on the named infrastructure providers. Customers that require certification, fixed data residency, customer-managed encryption keys, SSO, a bespoke retention schedule or formal audit rights should confirm suitability before purchase.

Report a security concern

Email chrisjhowitt@gmail.com with “JOBE Recruit security report” in the subject. Include the affected page, time, browser and safe reproduction steps. Do not access another user’s data, disrupt the service, send malware or include live candidate records, passwords, tokens or full database extracts in the initial report.