Recruiter Reference
This page exists to answer a specific class of interview question honestly: what I am actually running today, what I have tested, and where I draw the line between useful privacy controls and unnecessary infrastructure theatre.
Last reviewed: March 2026
I do not present myself as currently running a full dedicated enterprise LLM stack with private endpoints, isolated VPC routing, or a formally verified zero-retention provider configuration across every workload. That would overstate the reality.
What I am running is a pragmatic hybrid setup: Linux-first local systems, deterministic tooling, selective external API usage when the task justifies it, static public web pages, Cloudflare at the edge, and mirrored GitHub and Gitea workflows for source control and validation.
That is important because it reflects how I actually work: minimize exposure first, keep the public surface simple, and only add complexity when the risk or business requirement clearly demands it.
My honest answer is that I lean hybrid and local-first, not provider-marketing-first. I have used external APIs and experimented with access isolation patterns, but my current posture is to keep privacy-sensitive and deterministic steps local wherever practical, then call external services selectively for bounded tasks.
If an interviewer asks whether I am primarily on zero-retention API modes, dedicated instances, or a hybrid local-first mix, the accurate answer is the third one. I would rather be precise than claim a premium architecture tier I am not actively operating end to end today.
During earlier Hubsays experiments, I used Cloudflare Zero Trust as a front-door control: login screen, access rules, and policy gating while testing deployment paths and unfinished surfaces. That work was done through the Cloudflare API and hands-on iteration, with Warp in the mix early and later agent-assisted configuration as I explored the control surface more deeply.
That period sat alongside experiments with Vercel, Render, Supabase, Neon, Northflank, and Fly.io. The practical lesson was useful: I learned what each platform was good at, but I also learned how quickly infrastructure can become operational drag when the real need is much simpler.
I eventually simplified because the Zero Trust front door was becoming overkill for the current stage. The present model is cleaner: a hybrid stack centered on Cloudflare, GitHub, and Gitea, with fewer moving parts and less friction.
My bias is deterministic ingress control. I prefer explicit rules, policy checks, and narrow scanners over vague promises that a model will somehow behave safely after it already saw too much context.
In practice, that means I treat secret detection and data minimization as ingress controls. My repo workflows already reflect that mentality: tracked-content secret scans, deterministic validation, and local-only encrypted secret handling instead of casual plaintext sharing.
I trust structure more than vibes. Where output matters, I want contracts: schema checks, link validation, content policy scans, and fail-closed gates that reject malformed or policy-breaking artifacts.
The public Hubsays site itself is intentionally static. That matters because it reduces runtime risk: pages are published as built HTML rather than exposing a live model surface directly to the public website.
I prefer metadata-first observability and bounded retention. The goal is traceability without storing raw sensitive payloads everywhere. Privacy is not only about model inputs; it is also about what the surrounding system remembers.
On the public side, the site is intentionally minimal and privacy-first. On the workflow side, I favor local handling, short-lived operational context, and explicit controls around secrets so logs and chat history do not become an accidental archive of sensitive material.
I would say this directly: I have real hands-on experience with access controls, privacy-first automation, and API-assisted workflows, but my current production bias is not to build a heavyweight cloud stack for its own sake. I design for minimum necessary exposure, deterministic controls, and simpler operating models first, then add isolation layers where they clearly earn their cost.
That is the same philosophy behind the current Hubsays setup: static public pages, bounded public surface area, dual-repo resilience, and explicit validation instead of hidden complexity.
Related: AI Orchestration, Privacy, and Hybrid Systems →
Related: Ensuring Structured, Reliable Outputs from LLMs →
Public site security posture →
Evidence and quantified outcomes →