Security

Last updated June 2, 2026

Real Job Check is a tool people use when they are worried about a scam, so earning trust matters to us. This page explains how we handle what you paste and how to report a security problem.

How we handle your data

• We process what you paste to run the check and we keep as little as possible. We do not require an account.
• Traffic runs over HTTPS, with HSTS and a strict content security policy.
• We never ask you for payment, your Social Security number, or bank details to run a check.
• See the privacy page for what we collect and the subprocessors we rely on.

Reporting a vulnerability

If you find a security issue, please tell us before sharing it publicly, and give us a reasonable chance to fix it. Report it through the contact page with the subject "Security". Helpful details:

• What you found and where (the URL or request).
• Steps to reproduce it, and the impact you think it has.
• Any proof of concept, kept to the minimum needed to show the issue.

Our commitment to researchers

If you make a good-faith effort to follow this policy, we will not pursue legal action against you for your research. Please do not access or change other people's data, degrade the service, or run automated scans that disrupt it. We will acknowledge your report and keep you posted as we work on a fix.

In scope

• realjobcheck.com and its pages.
• api.realjobcheck.com (the intake service).
• The verification engine that produces a result.

Out of scope

• Denial of service, traffic flooding, or volumetric tests.
• Social engineering of our team or our providers.
• Reports from automated scanners with no demonstrated impact.

A machine readable version of this policy is at /.well-known/security.txt. Real Job Check is operated by Aliso LLC.