Bug bounty:
This platform participates in Hack Club's security bounty program.
Please report any issues you find there for a possible reward.
Please don't report security bugs in public Slack channels or GitHub issues.
Infrastructure Security
The identity platform runs on a dedicated Hetzner server that is isolated from other Hack Club infrastructure. Server access is restricted to two individuals (Nora and Zach), both of whom use physical second-factor authentication tokens.
All production console access is logged and audited.
Identity documents are encrypted at rest with a unique AES-256-GCM key per file via SSE-C in Cloudflare R2 storage.
Questions?
For security concerns or questions, contact @nora on Slack or email nora@hackclub.com.