Change your coordinates.AetharaEmployer-direct hiring intelligence

Trust

Security & trust

Last updated July 3, 2026. Honest posture for a consumer tech-sales research product — not a claim of completed enterprise certifications.

What Aethara is

Aethara is an independent tech-sales job research product: live employer-direct openings, state market blueprints, Hiring Aggressiveness scores, Academy training, and ApexForge resume tooling. We sell a consumer Pro subscription. We are not a healthcare system, payment processor, or federal cloud provider.

What we protect

  • Account identity — email-based magic-link sign-in via Supabase Auth (no passwords stored by Aethara).
  • Subscription entitlement — plan status and payment-processor identifiers in our database; card numbers never touch our servers.
  • Optional resume / career inputs — stored in your browser by default; may be sent to our AI provider only when ApexForge AI is enabled and you run generation.
  • Public job data — employer-published ATS listings we index for research; not private candidate dossiers.

Controls in place today

  • HTTPS on aethara.us; security response headers (frame denial, content-type sniffing protection, referrer policy).
  • Secrets and API keys held in the host environment (Vercel), not in the client bundle.
  • Passwordless auth; session cookies managed by our auth provider.
  • Payments processed by PayPal; we receive subscription status and customer/subscription IDs only.
  • Account deletion and privacy requests via email (see Privacy policy).
  • Published subprocessors list for vendors that process data on our behalf.

Compliance scope (current product)

Frameworks map to what we actually do. We do not claim certifications we have not completed.

  • SOC 2 / ISO 27001 — not yet audited. Roadmap priority for B2B / employer sales; see operator roadmap in-repo.
  • NIST CSF 2.0 — used as an internal baseline for access, logging, and vendor risk.
  • GDPR / CCPA–CPRA — privacy rights, retention, and no-sale posture documented in our Privacy policy.
  • PCI DSS — card data is handled by PayPal. Aethara does not store, process, or transmit full card numbers.
  • HIPAA / HITRUST — not applicable; we do not handle protected health information.
  • FedRAMP / CMMC / CJIS / StateRAMP — not applicable; we are not a government cloud or defense contractor offering.
  • ISO 42001 / NIST AI RMF — AI use is disclosed; formal AI management certification is not yet complete. ApexForge falls back to non-LLM generation when AI is off or unavailable.

AI (ApexForge)

When ApexForge AI is enabled, resume text and job-description context you submit may be sent to our model provider to generate tailored output. When AI is disabled, generation stays on-device / on-server with deterministic logic and does not call an external model. Do not paste secrets or third-party confidential data you are not allowed to process.

Report a vulnerability

Email hello@aethara.us with subject line Security report. Please include steps to reproduce and impact. We do not run a public bug bounty yet; good-faith reports are welcome.

Related