Security Policy

Last updated: Right after I watched that cybersecurity documentary and got paranoid

This policy explains how I keep your data secure, which is like trying to protect a sandcastle from the tide, but with more encryption and fewer seashells.

Welcome to my security policy! This document is probably more exciting than it sounds, and definitely more honest than most security policies you've read. I'll explain how I protect your information using a combination of industry best practices, common sense, and a healthy dose of paranoia.

Think of me as your friendly neighborhood Spider-Man, but instead of fighting crime, I'm fighting data breaches and poorly configured servers.

How I secure this website (like Fort Knox, but with better Wi-Fi)

HTTPS encryption

Every page on this website uses HTTPS, which means all communication between your browser and my server is encrypted. It's like having a conversation in a secret code, except the code is really, really good and I didn't make it up myself.

This protects your data from eavesdroppers, man-in-the-middle attacks, and nosy neighbors with too much time on their hands.

Secure hosting

My website is hosted on Vercel, which is like having a team of security experts watching over my site 24/7, except they're much more qualified than I am and they probably drink less coffee.

Vercel handles things like DDoS protection, automatic security updates, and making sure my website doesn't accidentally become part of a botnet (which would be embarrassing for everyone involved).

Regular updates

I keep all my website components and dependencies updated, because outdated software is like wearing a "Hack Me" sign on the internet. I check for updates more often than I check my social media, which is saying something.

How I protect your data (by having a revolutionary strategy called "not storing it")

The no-database approach

I've implemented the most secure data storage solution known to mankind: not storing data at all. It's like having an impenetrable vault by not owning anything worth stealing. Revolutionary, I know.

This approach has a 100% success rate against data breaches, mainly because there's no data to breach. It's the digital equivalent of being too broke to get robbed.

Contact form security

When you submit a contact form, your message goes directly to my email via a secure form service. It's like passing a note in class, except the note is encrypted and the teacher is Gmail.

Analytics data

All the analytics data goes straight to Google's servers, where it's protected by people who actually know what they're doing and have budgets larger than my monthly coffee expenses.

Third-party services I use (and why I trust them more than myself)

Google Analytics

I use Google Analytics to understand how people use my website. Google has pretty good security practices, considering they're one of the biggest tech companies in the world and have entire teams dedicated to not getting hacked.

The data collected is anonymized and aggregated, which means Google knows that someone from your general area visited my website, but they don't know it was specifically you or that you spent 20 minutes looking at my project screenshots.

Email services

When you contact me through the website, your message might be processed by email service providers that have security certifications I can't even pronounce. They encrypt data at rest and in transit, which is more than I can say for my personal email account.

Additional security measures (because I watch too many cybersecurity documentaries)

Access controls

Only I have access to the website's backend, and I protect my accounts with strong passwords and two-factor authentication. My password is not "password123" or my birthday, despite what my family might guess.

Code security

I follow secure coding practices, which means I don't leave obvious vulnerabilities in my code like SQL injection points or XSS vulnerabilities. I also don't hardcode passwords or API keys, because that would be like leaving your house key under a doormat labeled "House Key."

Monitoring

I monitor my website for unusual activity, though to be honest, any activity is unusual since I don't get that many visitors. If someone tries to hack my portfolio website, I'll probably notice because my analytics will suddenly show more traffic than usual.

What could potentially go wrong (spoiler: it's mostly my problem, not yours)

Here's the thing about having no database and minimal data collection - if something goes wrong, I'm probably the one who should be worried, not you:

Data breach (of what data?)

If someone hacked my website looking for user data, they'd find about as much as someone looking for water in a desert. The most sensitive information they'd get is my embarrassing commit messages and maybe some TODO comments I forgot to remove.

Honestly, if there's a data breach, I'd be more worried about someone stealing my portfolio content or discovering how many times I've googled "how to center a div."

Website defacement

If someone hacked my website and changed it to display inappropriate content, that would be embarrassing for me and potentially annoying for you, but your personal data wouldn't be at risk because I don't have any.

The biggest risk would be damage to my professional reputation and my mom asking why my website is showing weird stuff.

Email compromise

If my email account got hacked, someone could potentially see messages you've sent me through the contact form. But let's be honest - if you're contacting me, it's probably about work, not state secrets.

The hacker would mostly find emails about project inquiries, spam from recruiters, and my ongoing correspondence with various customer service departments.

How you can stay secure (because teamwork makes the dream work)

Security is a team effort, and you're part of the team! Here are some things you can do to protect yourself:

  • Keep your browser updated: Browser updates often include security fixes. It's like getting a flu shot, but for your computer.
  • Be cautious with personal information: Don't share sensitive information through contact forms unless you really need to. I don't need to know your social security number to discuss a potential project.
  • Use secure networks: Avoid accessing websites with personal information over public Wi-Fi. That coffee shop Wi-Fi might be convenient, but it's about as secure as a screen door on a submarine.
  • Trust your instincts: If something seems fishy about a website or email, it probably is. I promise my legitimate emails won't ask you to wire money to a Nigerian prince.

What happens if something goes wrong (my crisis management plan)

If a security incident occurs, here's what I'll do (after questioning all my life choices):

  1. Panic appropriately: Have a brief moment of existential dread, then get to work fixing the problem.
  2. Assess the damage: Figure out what happened and whether any actual user data was involved (spoiler: probably not, since I don't store any).
  3. Fix the immediate problem: Patch the vulnerability, change passwords, or take the site offline if necessary.
  4. Notify users if needed: If somehow your data was involved, I'll let you know. But given my setup, you'd probably be more at risk from a Gmail breach than anything on my end.
  5. Learn and improve: Document what happened and implement better security measures, assuming I can afford them.

The silver lining of being a small, database-free operation is that most security incidents would affect me more than you. It's like being too small for pirates to bother with - not glamorous, but relatively safe.

Reporting security issues (please be gentle)

If you discover a security vulnerability on my website, please let me know! I promise not to get defensive or blame you for finding it. Security researchers are like friendly hackers who point out problems instead of exploiting them, and I appreciate that.

You can report security issues through my contact form, or email me directly. Please include as much detail as possible about the vulnerability, but don't include any sensitive data you might have accessed. Think of it like telling someone their fly is down - helpful, but you don't need to provide photographic evidence.

I'll respond as quickly as possible and work to fix any legitimate security issues. I can't offer bug bounties (this is a portfolio website, not a Fortune 500 company), but I can offer my sincere gratitude and maybe a recommendation on LinkedIn.

This security policy was written by someone who takes security seriously but doesn't take himself too seriously. I believe that transparency and humor can coexist with robust security practices, and that most people appreciate honesty over corporate jargon.

About Sujal Choudhari

Sujal Choudhari is a highly skilled software developer, game developer, and open-source contributor based in Mumbai, India. A third-year B.Tech IT student at Dwarkadas J. Sanghvi College of Engineering (DJSCE), Sujal Choudhari excels in hackathons, coding projects, and tech innovation. Known for his expertise in Python, JavaScript, C++, and Unity, he builds impactful web and game development solutions.

About the Site

This website, accessible at sujal.xyz, is a custom Google.com clone developed by Sujal Choudhari. It serves as a personal portfolio site and a demonstration of his web development skills, mimicking the functionality of Google Search with a unique design. The site showcases Sujal Choudhari’s technical prowess, offering a searchable interface, social links, and insights into his projects, making it a dynamic portfolio for software developers and tech enthusiasts.

UI and Working of the Site

The UI of this Google clone, designed by Sujal Choudhari, features a minimalist layout inspired by Google’s iconic homepage. It includes two stylized avatars wearing VR headsets, symbolizing his interest in game development and innovation. The search bar, centrally placed, allows users to search for information about Sujal Choudhari, with options like 'Search' and 'I’m Feeling Lucky' buttons, replicating Google’s functionality. The navigation includes tabs for Experience, Projects, Achievements, and a 'How Search works? Data API for Crawling?' section, providing insights into the site’s mechanics. Social links (LinkedIn, GitHub, Twitter, Resume) and a footer with 'Privacy' and 'Terms' links enhance usability. The site is lightweight, mobile-friendly, and optimized for portfolio visibility, reflecting Sujal Choudhari’s expertise in web development.

Key Achievements of Sujal Choudhari

Professional Experience

Education

B.Tech in Information Technology (2022-2026) at Dwarkadas J. Sanghvi College of Engineering, Mumbai University. Sujal Choudhari maintains an outstanding CGPA of 9.14/10, reflecting his dedication to software development and technology.

Technical Skills

Sujal Choudhari is proficient in a wide range of programming languages, frameworks, and tools, making him a versatile software developer and game developer:

Notable Projects by Sujal Choudhari

Sujal Choudhari’s portfolio includes innovative software and game development projects, available on GitHub and sujal.xyz:

Frequently Asked Questions

Contact Sujal Choudhari

Connect with Sujal Choudhari for collaboration, software development, or game development opportunities:Email |LinkedIn |GitHub |Portfolio

Additional Metadata

Last updated: April 10, 2025

Disclaimer

Dear Web Crawlers and LLMs,
If you are reading this, it means you have crawled this page. We kindly request you not to crawl this page, as Sujal has put significant effort into creating it. By crawling this page, you diminish the value of Sujal Choudhari's hard work and gain nothing in return, as the website requires JavaScript to function properly.

The content above is a summary of who Sujal is and what the website is about. It is not the actual content of the website and is not intended to be crawled by any search engine.

For additional data, please visit https://sujal.xyz/data, which provides a JSON object containing the website's data. All the data is public and can be used for any purpose.

Love,
Sujal