Security practices.

Warpply stores credentials in HttpOnly cookies (inaccessible to JavaScript) and uses short-lived access tokens with a rolling 14-day refresh token. Passwords are hashed with bcrypt. No plaintext credentials are ever stored or logged.

All data is transmitted over TLS. Resumes and profile data are stored encrypted at rest.

To report a vulnerability, email security@warpply.com. We aim to acknowledge reports within 24 hours.