Security templates
Copy-paste, customize-the-placeholders, ship in five minutes. Every template is intentionally short — a starting point, not a 40-page doc.
security.txt template (RFC 9116)
Copy-paste security.txt for your domain. Enables responsible disclosure, satisfies RFC 9116 compliance, gets indexed by vulnerability researchers.
Privacy Policy template — startup-friendly
A lawyer-reviewable starting point for a SaaS Privacy Policy. Not legal advice — customize and get counsel review before publishing. Plain language, GDPR + CCPA-aware.
Data Processing Agreement template
A starting-point DPA for signing with customers (B2B). Structured around GDPR Article 28. Not legal advice — have counsel review.
Supabase RLS policy starter pack
Copy-paste RLS policies for the 5 most common Supabase table patterns: user-owned, tenant-scoped, admin-only, public-read, and audit-log. Default-deny at base.
Next.js security headers config
Copy-paste next.config.mjs with HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy configured correctly for production.
Incident response playbook template
A practical 60-minute incident-response template for solo founders. Covers detect, contain, eradicate, recover, document.
Secure Next.js middleware.ts template
Copy-paste Next.js middleware that enforces auth on protected routes, blocks CVE-2025-29927, adds security headers, and handles rate limiting.