Post a remote job for free POST NOW

Security

Last updated: February 27, 2026

At RemoteInside, security is a core priority. We are committed to protecting the data of our users -- job seekers, employers, and partners alike. This page provides an overview of our security posture, the technologies we rely on, and the practices we follow to keep your information safe.

Infrastructure

RemoteInside is built on modern, security-focused infrastructure providers:

Cloudflare Workers

Our application runs on Cloudflare Workers, a global edge-compute platform. This provides:

  • A globally distributed network with built-in DDoS mitigation
  • Automatic TLS termination for all traffic
  • Web Application Firewall (WAF) rules to block common attack vectors
  • Bot management and rate limiting
  • Isolation between requests -- each invocation runs in its own secure context

Supabase

Our database layer is powered by Supabase, which provides:

  • Managed PostgreSQL with automated backups
  • Row Level Security (RLS) policies enforced at the database level
  • Data encrypted at rest using AES-256
  • Connections encrypted in transit via TLS
  • Network isolation and restricted access to database instances

Data Security

We take a defense-in-depth approach to protecting your data:

  • Encryption in transit: All connections to RemoteInside use TLS 1.2 or higher. We enforce HTTPS across the entire platform with HSTS headers.
  • Encryption at rest: Database storage is encrypted using AES-256 via Supabase's managed infrastructure.
  • No plain-text secrets: API keys, database credentials, and other sensitive values are stored as encrypted environment variables within Cloudflare Workers, never in source code.
  • Minimal data collection: We only collect data necessary to operate the platform and provide our services.

Application Security

Our application follows security best practices at every layer:

  • Input validation: All user input is validated and sanitized on both client and server sides.
  • Parameterized queries: Database queries use parameterized statements to prevent SQL injection.
  • XSS protection: Output encoding and Content Security Policy headers mitigate cross-site scripting risks.
  • CSRF protection: State-changing operations are protected against cross-site request forgery.
  • Secure headers: Cloudflare and our application set security headers including X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
  • Dependency management: We regularly audit and update third-party dependencies to address known vulnerabilities.

Access Control

Access to systems and data is tightly controlled:

  • Role-based access: Internal systems use role-based access control (RBAC) to limit permissions to what is necessary.
  • API key authentication: Internal and administrative API endpoints require authenticated API keys.
  • Principle of least privilege: Team members and services are granted the minimum access required to perform their functions.

Payment Security

RemoteInside uses Stripe for all payment processing. Stripe is a PCI Level 1 Service Provider, the highest level of certification in the payment card industry.

  • We never store, process, or have access to full credit card numbers on our servers.
  • All payment data is handled directly by Stripe's PCI-compliant infrastructure.
  • Payment pages use Stripe Elements, which isolate card input in secure iframes.

Incident Response

We maintain an incident response process to handle security events:

  • Monitoring: We use Cloudflare analytics and logging to detect anomalous activity in real time.
  • Escalation: Suspected security incidents are escalated immediately to our engineering team for investigation and containment.
  • Notification: In the event of a data breach affecting user data, we will notify impacted users and relevant authorities in accordance with applicable laws and regulations.
  • Post-incident review: After resolving an incident, we conduct a review to identify root causes and implement measures to prevent recurrence.

Responsible Disclosure

We welcome security researchers who help us keep RemoteInside safe. If you discover a vulnerability, please report it responsibly through our dedicated disclosure process.

For full details, see our Vulnerability Disclosure Policy.

Contact

If you have questions about our security practices, please reach out:

Email: security@remoteinside.com