HireReady is designed with security in mind:

• API keys are never exposed — The Anthropic API key is stored as a Vercel environment variable and only used server-side in api/generate.js
• No user data is stored — CV data is processed in memory and never saved to a database
• No authentication required — No passwords or personal accounts to compromise
• HTTPS only — Vercel enforces HTTPS on all deployments

• Never commit your .env file to GitHub
• Use Vercel's environment variables dashboard to store your API key
• Rotate your Anthropic API key regularly
• Set spending limits on your Anthropic account to prevent unexpected charges

If you discover a security vulnerability, please:

1. Do NOT open a public GitHub issue
2. Open a private security advisory in this repository
3. Include a description of the vulnerability and steps to reproduce

We will respond within 48 hours and work to fix it promptly.

To prevent unexpected API costs if your deployment is abused:

1. Go to console.anthropic.com
2. Set a monthly spending limit
3. Enable usage alerts