My wife needed a cycle tracker. Everything out there was either Flo (which got sued twice for sharing health data) or an abandoned GitHub project. So I built Ovumcy. Single Go binary, SQLite, Docker-ready. No analytics, no third-party APIs, no cloud. Your data stays on your server. Features: period tracking, symptom logging, predictions (ovulation, fertile window), statistics, CSV/JSON export, dark mode, Russian and English. Just pushed v0.2.5. Looking for feedback from real users.
Your releasing a health data app without doing security hardening?
So much for you saying you take security seriously
What a douchebag
Worth to say, that this is an ongoing development, this is not even version 1, v 0.3.1
No, we didn’t ship it without security hardening.
We already hardened the main sensitive parts:
sealed auth/recovery/reset/flash cookies no auth or recovery secrets in URLs or JSON POST + CSRF logout basic browser security headers CodeQL, gosec, Trivy, and SBOM in CI What’s still missing is a strict CSP. That’s not a one-line switch here because the current frontend still needs some refactoring first.
CSP is released.