Profile update and resume import paths currently write sensitive user data to application logs.
Examples:
/api/profile logs the full profile update payload, validation data, and wallet addresses.parseResumeFile logs the first 2,000 characters of extracted resume text.- resume parsing logs parsed contact/location fields.
Those flows can contain names, emails, phone numbers, work history, wallet addresses, and other private profile details. The data is already persisted where needed, so debug logging creates avoidable privacy exposure.
I opened a small fix in PR #273 that removes the full payload/raw resume logs and keeps only non-sensitive resume parse counts.
Profile update and resume import paths currently write sensitive user data to application logs.
Examples:
/api/profilelogs the full profile update payload, validation data, and wallet addresses.parseResumeFilelogs the first 2,000 characters of extracted resume text.Those flows can contain names, emails, phone numbers, work history, wallet addresses, and other private profile details. The data is already persisted where needed, so debug logging creates avoidable privacy exposure.
I opened a small fix in PR #273 that removes the full payload/raw resume logs and keeps only non-sensitive resume parse counts.