Security & Privacy

I take website security seriously and implement various measures to protect both my website and its visitors. This page outlines the security practices and technologies used on this site.

As a student learning about cybersecurity, I’m committed to implementing best practices and continuously improving the security posture of this website.

This website respects your privacy and follows data protection principles. The site collects minimal data necessary for functionality and analytics.

For detailed information about data collection, usage, and your rights, please refer to the Privacy Policy.

This website uses Umami Analytics, a privacy-focused analytics platform that:

• Does not use cookies
• Does not track users across websites
• Respects Do Not Track browser settings
• Collects only aggregated, anonymized data

The analytics help me understand how visitors interact with the site to improve content and user experience while respecting privacy.

The contact form is protected against spam and abuse through multiple layers of security measures:

• IP-based rate limiting (5 requests per 15 minutes)
• Strict CORS policy with specific allowed origins
• Input validation and sanitization
• Form submission timing validation
• Structured security event logging
• Additional security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection)
• Secure email transmission with retry logic
• No storage of sensitive personal data

All contact form submissions are logged with security events for monitoring and analysis.

The website APIs implement robust security measures to protect against common web vulnerabilities:

• Strict CORS policies with domain-specific origins
• Rate limiting to prevent abuse and DDoS attacks
• Input validation and sanitization
• Security headers for all API responses
• Structured logging for security monitoring
• Proper error handling without information disclosure