ATStruggleBuster

Security

Last Updated: January 1, 2025

Security at ATStruggle Buster

As a hobbyist project, I take security seriously within my capabilities. While I can't promise enterprise-level security, I follow best practices and use trusted services to protect your data.

Security Measures

  • Authentication: Handled by Google OAuth (I never see your Google password)
  • API Keys: Hashed using SHA-256 before storage
  • Payments: Processed entirely through Stripe (I never see card details)
  • Data Transmission: All connections use HTTPS/TLS encryption
  • Database: Hosted on Neon with encrypted connections
  • Hosting: Vercel's secure infrastructure
  • Dependencies: Regularly updated when security issues are disclosed

Reporting Security Issues

🔒 Responsible Disclosure

If you discover a security vulnerability, please help keep users safe by:

  1. NOT exploiting the vulnerability
  2. NOT sharing it publicly until it's fixed
  3. Reporting it privately so I can fix it

How to Report

Please send security reports to:

Email: admin@theextravaganthobo.com

Subject: [SECURITY] Brief description

Include:

  • • Description of the vulnerability
  • • Steps to reproduce
  • • Potential impact
  • • Your suggested fix (if any)

Response Timeline

As a solo hobbyist developer, I'll do my best to:

  • Acknowledge your report within 48 hours
  • Investigate and verify the issue within a week
  • Deploy a fix as soon as possible (depends on complexity)
  • Credit you for the discovery (if you'd like)

Please be patient - this is a side project, and complex fixes may take time.

Scope

Security issues in scope include:

  • Unauthorized access to user data
  • API key or authentication bypass
  • Credit system manipulation
  • Cross-site scripting (XSS)
  • SQL injection or database vulnerabilities
  • Sensitive data exposure

Out of scope:

  • Denial of service attacks (please don't test these!)
  • Social engineering
  • Issues in third-party services (report to them directly)
  • Theoretical vulnerabilities without proof of concept

Recognition

While I can't offer bug bounties (hobbyist budget!), I'm happy to:

  • Thank you publicly (with your permission)
  • Add you to a Hall of Fame section
  • Provide a recommendation or reference
  • Give you free credits as thanks

Known Limitations

As a transparent hobbyist project, here are known limitations:

  • No dedicated security team (just me)
  • No formal security audits (too expensive)
  • Dependency on third-party service security
  • Limited resources for monitoring

Despite these limitations, I'm committed to fixing security issues promptly and maintaining user trust.

Contact

For security issues: admin@theextravaganthobo.com

GitHub: https://github.com/TheExtravagantHobo/atstrugglebuster

Please use email for security issues, not public GitHub issues!

ATStruggleBuster - AI Resume Analyzer