Security & Responsible Disclosure

Security & Responsible Disclosure Policy

Last updated March 23, 2026

Rocket Resume, Inc. ("Rocket Resume", "we", "us", or "our") is committed to the security of our users' data and our systems. We value the work of security researchers who help us maintain a safe platform. This policy outlines how to report security vulnerabilities responsibly and what you can expect from us in return.

Scope

This policy applies to:

  • rocket-resume.com (all subdomains)
  • The Rocket Resume web application, APIs, and associated infrastructure

Out of Scope

The following are not in scope for this policy:

  • Denial-of-service (DoS/DDoS) attacks
  • Social engineering or phishing of Rocket Resume employees or users
  • Physical security of Rocket Resume offices or data centers
  • Third-party services or applications that integrate with Rocket Resume
  • Spam, email spoofing, or SPF/DKIM/DMARC configuration issues
  • Vulnerabilities in outdated browsers or platforms
  • Automated scanning or testing that generates excessive traffic
  • Issues that require unlikely or impractical user interaction

How to Report

Please send vulnerability reports to security@rocket-resume.com with the subject line "Security Vulnerability Report". Include the following:

  • A clear description of the vulnerability
  • Steps to reproduce the issue (proof of concept)
  • The potential impact of the vulnerability
  • Your name and contact information (optional, for acknowledgment)
  • Any relevant screenshots, logs, or request/response data

If you wish to encrypt your report, you may use the PGP key referenced in our security.txt file.

What We Ask

  • Do not access, modify, or delete data belonging to other users
  • Do not degrade the performance or availability of our services
  • Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it
  • Do make a good-faith effort to avoid privacy violations
  • Do act in accordance with this policy and all applicable laws

Our Commitment

  • Acknowledgment: We will acknowledge receipt of your report within 3 business days
  • Assessment: We will provide an initial assessment within 10 business days
  • Resolution: We will work to resolve confirmed vulnerabilities as quickly as possible, prioritized by severity
  • Communication: We will keep you informed of our progress toward resolution
  • Safe Harbor: We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and in compliance with this policy. Good-faith security research conducted in accordance with this policy is considered authorized and we will not initiate legal action against you. If legal action is initiated by a third party against you for activities conducted in accordance with this policy, we will take steps to make it known that your actions were authorized

Recognition

We appreciate the contributions of security researchers. With your permission, we may acknowledge your contribution after the vulnerability has been resolved.

Contact

For security-related inquiries, contact us at security@rocket-resume.com.

For general privacy inquiries, please see our Privacy Notice.

Rocket Resume, Inc. 6469 Almaden Expy Ste 80 #560, San Jose, CA 95120