The Problem
Sharing a CV publicly exposes personal contact details to scrapers and spam. Sharing it privately via email is manual and unscalable. Existing CV distribution services require third-party accounts and hand your data to a platform.
What Was Built
A Hugo static site with a Netlify Function backend. When someone requests CV access, they enter their email. A one-time password is sent via AWS SES. Once verified, they receive a time-limited, signed link to download the CV. Every request is rate-limited by IP and email domain. All access events are logged for auditing.
This project solved a real personal problem: I wanted people to be able to request my CV without me having to manually approve each one, but I also didn’t want it indexed by scrapers or handed to a SaaS service that would use the data.
The solution is serverless by design — no persistent infrastructure, no database. The entire access flow runs through a Netlify Function. AWS SES handles transactional email. The signed URL is generated with a short TTL and invalidated after first use.
The pattern is reusable for any sensitive document that needs controlled access at low volume without a full auth system.
Outcomes & Learnings
- Zero third-party auth dependency — entirely self-hosted logic via Netlify Functions
- Eliminated CV scraping while keeping access friction low for genuine contacts
- Rate limiting blocks bulk download attempts without affecting real users
- Full audit trail of who requested access and when