Trust & Compliance

Security Policy

Last updated: May 28, 2026

At thedigitalresume.in, secure data processing is a core pillar of our platform. We deploy modern security safeguards to protect your personal details, resume files, credentials, and portfolios.

1. PDF Resume Screening & Sanitization

To prevent Cross-Site Scripting (XSS), script injection, or remote code execution, our server employs an automated **security scanner** on all uploaded files.

• Any uploaded PDF is parsed in memory to scan for executable scripts, Javascript payloads, iframe embeds, eval calls, or location redirects.
• If script-like or suspicious content is detected, the server immediately stops execution.
• **The account responsible for the upload is instantly logged out and permanently blacklisted** to maintain platform safety.

2. Server-Side Secret Management

All communications with advanced AI models (Google Gemini API and OpenAI API) are performed strictly **server-side**. Our API keys and platform credentials reside in a secure, isolated server environment and are never exposed, sent, or accessible to the client-side browser.

3. Secure GitHub Integrations

When you link your portfolio project, we use your personal GitHub developer token to communicate with the GitHub API.

• All API operations are run server-side over HTTPS to prevent token leaks.
• Your portfolio repository is initialized as a **private GitHub repository** by default. This ensures you maintain full read/write permission control over your portfolio codebase.
• We only write the direct frontend files and the parsed `data.json` required to run your website.

4. Vercel Hosting and SSL Encryption

Your portfolio is deployed using Vercel, a state-of-the-art secure serverless hosting platform.

• Vercel guarantees end-to-end SSL/TLS encryption, meaning your live portfolio will always load over **HTTPS** with valid SSL certificates by default.
• Your server logic is run on isolated, firewalled serverless functions, protecting your site from server-level exploits.

5. Web Application Security

We build our application following modern web security standards:

• Data in Transit: All communication between your browser and our servers is encrypted using industry-standard TLS.
• Session Security: We authenticate user sessions using secure, HTTP-only cookies. This prevents malicious scripts in the browser from accessing or stealing your login session token.
• DDoS Protection: Our hosting infrastructure handles rate limiting, DDoS mitigation, and traffic filtering to keep the platform responsive.

6. Reporting Security Vulnerabilities

We welcome security researchers and developers to audit our platform. If you discover a security vulnerability or exploit on our site, please report it immediately to Deepak Soni at thedigitalresume@gmail.com. We will investigate and patch verified vulnerabilities with the highest priority.