Skip to main content
FreeCV.co

Security Policy

Responsible disclosure

We welcome reports of security vulnerabilities. If you believe you've found an issue, email security@freecv.co with enough detail for us to reproduce it. This page is the human-readable companion to our machine-readable security.txt.

What we commit to

We will acknowledge your report promptly, investigate in good faith, keep you informed of progress, and — where you wish — credit you in the acknowledgments below once an issue is resolved.

Scope

In scope: the live freecv.co site and its API. Out of scope: third-party services we do not control, such as AdSense, Google Tag Manager, and the OAuth providers themselves.

Please do not

  • Run automated scans that degrade service for other users.
  • Access, modify, or delete other users' data.
  • Publicly disclose an issue before a fix is shipped and a reasonable disclosure window has passed.

Acknowledgments

We thank the researchers who have responsibly disclosed issues to us. (This list grows over time.)