Security & Responsible Disclosure
Security & Responsible Disclosure Policy
Last updated March 23, 2026
Rocket Resume, Inc. ("Rocket Resume", "we", "us", or "our") is committed to the security of our users' data and our systems. We value the work of security researchers who help us maintain a safe platform. This policy outlines how to report security vulnerabilities responsibly and what you can expect from us in return.
Scope
This policy applies to:
- rocket-resume.com (all subdomains)
- The Rocket Resume web application, APIs, and associated infrastructure
Out of Scope
The following are not in scope for this policy:
- Denial-of-service (DoS/DDoS) attacks
- Social engineering or phishing of Rocket Resume employees or users
- Physical security of Rocket Resume offices or data centers
- Third-party services or applications that integrate with Rocket Resume
- Spam, email spoofing, or SPF/DKIM/DMARC configuration issues
- Vulnerabilities in outdated browsers or platforms
- Automated scanning or testing that generates excessive traffic
- Issues that require unlikely or impractical user interaction
How to Report
Please send vulnerability reports to security@rocket-resume.com with the subject line "Security Vulnerability Report". Include the following:
- A clear description of the vulnerability
- Steps to reproduce the issue (proof of concept)
- The potential impact of the vulnerability
- Your name and contact information (optional, for acknowledgment)
- Any relevant screenshots, logs, or request/response data
If you wish to encrypt your report, you may use the PGP key referenced in our security.txt file.
What We Ask
- Do not access, modify, or delete data belonging to other users
- Do not degrade the performance or availability of our services
- Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it
- Do make a good-faith effort to avoid privacy violations
- Do act in accordance with this policy and all applicable laws
Our Commitment
- Acknowledgment: We will acknowledge receipt of your report within 3 business days
- Assessment: We will provide an initial assessment within 10 business days
- Resolution: We will work to resolve confirmed vulnerabilities as quickly as possible, prioritized by severity
- Communication: We will keep you informed of our progress toward resolution
- Safe Harbor: We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and in compliance with this policy. Good-faith security research conducted in accordance with this policy is considered authorized and we will not initiate legal action against you. If legal action is initiated by a third party against you for activities conducted in accordance with this policy, we will take steps to make it known that your actions were authorized
Recognition
We appreciate the contributions of security researchers. With your permission, we may acknowledge your contribution after the vulnerability has been resolved.
Contact
For security-related inquiries, contact us at security@rocket-resume.com.
For general privacy inquiries, please see our Privacy Notice.
Rocket Resume, Inc. 6469 Almaden Expy Ste 80 #560, San Jose, CA 95120