Jobflow's Security & Privacy Overview

Last Updated: May 2026

Jobflow is operated by NovoHire, Inc. and is designed to help job seekers, workforce organizations, educational institutions, and employers improve employment outcomes through AI-assisted career services. We are committed to protecting customer data through security, privacy, governance, and operational controls aligned with industry best practices and emerging public-sector AI governance standards.

Security Controls

Jobflow employs layered administrative, technical, and operational safeguards designed to protect customer information and platform integrity.

Key controls include:
AES-256 encryption at rest
TLS 1.2+ encryption in transit
Role-based access controls (RBAC)
Row-level security (RLS) for logical tenant isolation
Audit logging and activity monitoring
Credential-restricted administrative access
Backup and recovery proceduresIncident response and security monitoring processes

Administrative access to production systems is restricted to authorized technical leadership personnel and is logged.

AI Governance & TAC 219 Alignment

Jobflow is designed as a human-in-the-loop AI-assisted platform and aligns with the core principles reflected in the Texas Administrative Code (TAC 219) Artificial Intelligence governance framework and the NIST AI Risk Management Framework. These frameworks emphasize transparency, accountability, human oversight, privacy protection, security, and responsible use of artificial intelligence systems.

Jobflow does not autonomously make employment, eligibility, governmental, or high-impact decisions on behalf of users or organizations. Instead, the platform provides AI-assisted recommendations, document generation, job matching insights, and employment guidance that remain reviewable, editable, and user-controlled. Human judgment remains central to all employment-related actions and outcomes.

Jobflow maintains governance, security, and privacy controls designed to support responsible AI use throughout the lifecycle of customer data and AI-generated outputs. This includes human oversight, auditability, data governance, security monitoring, incident response procedures, and documented policies governing data retention, privacy, and AI usage. Jobflow's AI governance posture continues to evolve alongside emerging public-sector guidance, workforce requirements, and industry best practices.

Human Oversight & Accountability

Jobflow is designed as a human-in-the-loop AI-assisted platform.

AI-generated outputs remain reviewable and editable by users
Users maintain control over final employment materials
Jobflow does not autonomously make employment, eligibility, or governmental decisions
Workforce staff do not have access to private user-generated content unless explicitly shared by the user
AI is used to assist decision-making, not replace human judgment
Jobflow's governance approach is informed by NIST AI Risk Management Framework concepts and emerging public-sector guidance, including Texas TAC 219 AI governance requirements.

PII Governance & Data Protection

Jobflow collects only information necessary to provide employment assistance services and platform functionality.
Customer and user data remains owned by the customer or user
Jobflow does not sell personal information
User information is encrypted in transit and at rest
Access to customer information is restricted through authentication, authorization, and security controls
Users may request deletion of their information in accordance with applicable policies

AI Transparency

Jobflow is clearly presented as an AI-assisted platform
Users are informed when AI-generated functionality is used
AI outputs are visible and editable before use

AI Data Usage

Jobflow utilizes commercial AI providers, including OpenAI and Anthropic, to support AI-assisted functionality.

Jobflow does not use customer organizational data to train proprietary AI models.

Based on current provider policies for commercial API usage, customer API data is not used to train public foundation models absent explicit customer opt-in arrangements.

Customer retains ownership of uploaded data.

Security Monitoring & Risk Management

Administrative access is restricted to authorized technical leadership personnel and is logged
Audit logging is maintained for platform operations and security monitoring
Security monitoring, vulnerability remediation, and incident response procedures are maintained
Jobflow evaluates AI-related risks including unauthorized access, prompt manipulation, data exposure, and misuse scenarios as part of its evolving governance posture
Infrastructure, authentication, database, storage, and AI providers are evaluated as part of vendor and subprocessor management processes

Records Retention & Lifecycle Management

Jobflow maintains documented data retention and lifecycle management procedures
Customer data is retained to support returning users and ongoing service delivery
Users may request deletion of their information
Security logs, operational records, and backups may be retained in accordance with operational, legal, contractual, and security requirements
Retention and deletion practices are documented and reviewed periodically

Incident Response

Jobflow maintains documented incident response procedures for identifying, investigating, containing, and remediating security incidents.

In the event of a confirmed reportable security incident involving customer data, Jobflow will notify affected organizational customers without unreasonable delay and generally within 24 hours of confirmation, subject to applicable legal and regulatory requirements.

Infrastructure

Jobflow is hosted within U.S.-based cloud infrastructure environments utilizing enterprise-grade service providers.

Infrastructure services may include cloud hosting, database, storage, authentication, monitoring, payment processing, and AI service providers operating under contractual security and confidentiality obligations.

Additional Documentation

Additional documentation may be available upon request.

AI Acceptable Use Policy
Subprocessor List
Data Retention Policy
Incident Response Summary
Privacy Policy
Terms of Use

Contact

NovoHire, Inc.
privacy@myjobflow.com
security@myjobflow.com

Ready to get started?
Get started
AI Job Search Solutions
Resume Writer
Cover Letter Writer
Resumes Builder
Chrome Extension
Curated Job Matches
Information
AboutContactLearnPricingHow it worksSecurity & Privacy
Audiences we help
Job BoardsColleges & UniversitiesVeteran & Federal TransitionMid-Career ProfessionalsStudents & Early-CareerWorkforce Development & Innovation
Terms Of UsePrivacy Policy
copyright NovoHire, Inc. 2026