Security

Tenant Separation

RezRank is structured around company workspaces. Company data, users, jobs, candidates, rankings, invites, and usage records are scoped to the customer's tenant.

Authentication

Auth0 handles user authentication, login, signup, and credential security. RezRank does not store user passwords in application tables.

Billing

Stripe handles subscription checkout, invoices, payment methods, customer portal sessions, and webhook events.

AI Provider Credentials

AI provider keys should be stored only in server-side environment variables. The ranking workflow is designed to call AI providers from protected backend routes.

Administrative Controls

Company admins can manage seats, invite users, revoke pending invites, and remove users. RezRank owners can review tenant-level records through SuperAdmin access.