🛡️ Security Policy
Last Updated: March 2026
1. Security Overview
ELI5 Park is committed to maintaining the security of our users. As a static educational website with no user accounts or data collection, we have minimal security risk.
2. What We Do Well
- ✅ No user data collection - completely static site
- ✅ No external dependencies (except Chart.js CDN on one page)
- ✅ All content is server-side rendered (no user input stored)
- ✅ HTTPS enabled via GitHub Pages
- ✅ No authentication or user accounts
- ✅ No third-party analytics or tracking
- ✅ PWA service worker for offline support (local caching only)
3. Potential Considerations
- ⚠️ Chart.js CDN: One page uses external JavaScript library from jsDelivr CDN
- ⚠️ Inline JavaScript: Many pages use inline scripts for interactive demos
- ⚠️ GitHub Pages hosting: Security depends on GitHub's infrastructure
4. Known Issues (Previously Fixed)
- ✅ External Tailwind CSS CDN removed from LeetCode section (Feb 2026)
- ✅ All external dependencies eliminated from main site
5. Vulnerabilities & Reporting
If you discover a security vulnerability, please:
- Do not exploit the vulnerability
- Report it through our GitHub Issues
- Include detailed steps to reproduce
- We will acknowledge reports within 48 hours
6. Play Store Security (For App Version)
When publishing as an Android app:
- App will be published with minimal permissions
- No network access required (content is bundled)
- No personal data collection
- Content Security Policy will be implemented
7. Content Safety
All educational content is:
- Appropriate for all ages
- Fact-checked for accuracy
- Reviewed for harmful content
- Includes disclaimers where appropriate (medical, financial, career advice)
- ✅ All career pages include disclaimers to consult parents/counselors
- ✅ Product recommendations include disclaimer to verify with parents
8. Nepali Culture Section
- ✅ All pages have educational disclaimers
- ✅ Content made culturally appropriate and celebratory
- ✅ Religious content minimized, cultural focus emphasized
- ✅ Bartaman rewritten as fun coming-of-age celebration
- ✅ All festival pages include cultural context disclaimers