I built a resume builder and I have no idea what’s in anyone’s resumes.
That’s the point.
Why?
I realized something uncomfortable while using existing resume builders:
they store everything in plain text. Your work history, contact info, sometimes even salary expectations.
How it works (short version)
Your browser encrypts your resume before it’s sent anywhere.
The server only stores encrypted data.
When you open your resume again, your browser downloads the encrypted data and decrypts it locally.
I can’t read your resume.
My database can’t read it.
A data breach would just leak meaningless bytes.
Crypto details for the curious:
AES-256-GCM with PBKDF2 key derivation (310k iterations, via the Web Crypto API).
What about PDF export?
This is the one exception.
To generate a PDF, the decryption key is temporarily sent to the server for rendering. It lives only in memory, is never logged, and is discarded immediately.
Not perfect zero-knowledge, but a conscious tradeoff to avoid external PDF services handling your resume.
What’s included
- 20 templates with real-time preview
- Drag-and-drop section reordering
- WCAG color contrast checks
- Shareable links where the decryption key lives in the URL fragment
- Animations
- Color schemes
- Fully self-hostable
Why open source?
Because "trust us" isn’t a privacy model.
If the server claims it can’t read your data, you should be able to verify that.
Repo here:
👉 https://github.com/hdcodedev/resume256
PRs welcome. Code reviews welcome.
CSS criticism expected.
Top comments (0)