Security and Privacy

HireKit takes your data security seriously. Here is how your information is protected.

Self-Hosted Architecture

HireKit runs entirely on your local network:

• All data is stored in local Docker volumes
• No data is sent to external servers (except AI API calls)
• Database is accessible only within your Docker network
• Files are served through authenticated API endpoints only

Authentication

HireKit uses Clerk for enterprise-grade authentication:

• Secure sign-in with email/password
• Multi-factor authentication (MFA) support
• Session token management
• Bearer token validation on all API requests

API Key Security

For the browser extension:

• API keys are prefixed with hk_ for identification
• Keys are stored as SHA-256 hashes (never plain text)
• Each key can be individually revoked
• Keys use separate authentication from web sessions

Data Encryption

• Database connections use internal Docker networking
• AI API calls use HTTPS encryption
• File uploads are stored in authenticated Docker volumes
• Redis cache data is ephemeral and local

AI Data Handling

When using AI features:

• Your resume and job descriptions are sent to Anthropic's API for processing
• AI responses are cached locally in Redis for 24 hours
• No data is retained by the AI provider after processing
• You can review Anthropic's data handling policy for details

Best Practices

1. Enable MFA on your account
2. Use a strong, unique password
3. Regularly review your active sessions
4. Revoke unused API keys
5. Keep your Docker environment updated