Vulnerability Disclosure Policy

1. Vulnerability Reporting Guidelines

If you believe you have discovered a security vulnerability in EliteResume AI, please report it to us as soon as possible. We ask that you follow these guidelines:

• Prompt Disclosure: Report the vulnerability immediately to info@eliteresume.net. Avoid disclosing the issue publicly until we have resolved it.
• Detailed Report: Provide a clear description of the issue, including steps to reproduce, code snippets, or proof of concept if applicable.
• Respect Privacy: Do not access, modify, or destroy user data or interfere with our systems during your research.

2. Scope of Policy

This policy applies only to the core web platform and application services hosted under the *.eliteresume.net domains. The following activities are strictly out of scope:

• Non-technical attacks: Phishing, social engineering, physical security bypasses, or spamming.
• Disruption: Denial of Service (DoS/DDoS) attacks, brute forcing, or resource exhaustion.
• Third-party services: Vulnerabilities in third-party integrations (e.g., Stripe, AWS, Cloudflare) unless they directly impact our configurations.

3. Our Response Commitment

Upon receiving a report, we will make every effort to:

• Acknowledge receipt: Confirm receipt of your vulnerability report within 48 business hours.
• Resolution: Investigate and work toward a fix in a timely manner, keeping you informed of our progress.

4. Safe Harbor Protection

EliteResume AI considers security research conducted in good faith to be authorized. We will not initiate legal action or file a complaint with law enforcement against researchers who make a good-faith effort to comply with this policy.