Security overview

Effective 1 June 2026

Security is built into how Jobcom works, not added afterwards.

Private files, always

There are no public file links. Documents are stored privately and served only through short-lived signed links after a server-side permission check. Every view and download is logged.

Access control

Access is controlled per organisation and per campaign, and enforced on the server for every action. Uploaded files are scanned before they can be used.

Tamper-evident audit trail

Sensitive actions are written to an append-only audit log with no update or delete path, so the record of what happened cannot be quietly changed.

Encryption and hosting

Data is encrypted in transit and at rest and hosted in Australia. Secrets are managed securely and never exposed to the browser.