OpenRole
All FAQs

Security & Privacy

Is the pixel safe to install? What data does it collect?

Yes. The OpenRole pixel is designed with security as the primary concern — because we're asking you to put code on your website, and that requires trust.

What the pixel does

The pixel is a lightweight JavaScript snippet (~2KB) that serves structured employer data to AI crawlers visiting your careers page. It makes your company information (job listings, benefits, salary ranges, culture data) readable by AI models.

Think of it as a translator: your ATS and careers page have rich data, but AI crawlers can't read it (especially through bot protection). The pixel exposes that data in a format AI understands.

What it does NOT do

  • ✓ Does not collect personal data from visitors
  • ✓ Does not track individual users or set cookies
  • ✓ Does not send data to third parties
  • ✓ Does not modify your page content or appearance
  • ✓ Does not access anything behind authentication
  • ✓ Does not affect page load speed (async, deferred)

Security measures

Subresource Integrity (SRI)

Every pixel script includes an SRI hash. Your browser verifies the script hasn't been tampered with before executing it. If the hash doesn't match, it won't run.

Public integrity verification

You can verify the pixel's integrity at any time via our public endpoint. Compare the hash against what's on your site to confirm nothing has changed.

HMAC request signing

All communication between the pixel and our API uses HMAC-SHA256 signed requests with timestamp and nonce to prevent replay attacks.

SOC 2 aligned infrastructure

Built on SOC 2 Type II certified infrastructure (Vercel, Supabase). Full audit logging, row-level security, encrypted at rest and in transit. Own certification planned via Vanta.

Open source

The pixel source code is open for inspection. You (or your security team) can read every line before installing it.

GDPR & compliance

The pixel processes zero personal data, so it doesn't require cookie consent under GDPR. It's equivalent to serving a static file — no tracking, no profiling, no personal data processing. Full details in our Privacy Policy and Data Processing Agreement.

Need to get IT approval? We provide a security questionnaire pre-filled with all technical details, plus direct access to our Trust Centre at /security. Your security team can verify everything independently.

Related questions

What does the OpenRole pixel do?How does OpenRole handle our company data?