← Back to Home

Privacy Policy

Last updated: January 8, 2026

1. Introduction

This Privacy Policy describes how BugSpot ("we", "us", or "our") collects, uses, and protects your personal information when you use our vulnerability disclosure program platform (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, username (handle), password hash
  • Profile Information: PayPal email, Venmo details (for rewards)
  • Report Submissions: Vulnerability descriptions, steps to reproduce, affected URLs, severity assessments, proof-of-concept files
  • Communications: Messages, comments, and notes within the platform

2.2 Automatically Collected Information

  • Usage Data: IP addresses, browser type, device information, access times
  • Cookies: Session cookies for authentication and functionality
  • Log Data: API requests, errors, and system events

3. How We Use Your Information

We use the collected information for:

  • Processing and managing vulnerability reports
  • Authenticating users and maintaining account security
  • Processing reward payments to researchers
  • Communicating about report status and platform updates
  • Preventing abuse, fraud, and unauthorized access
  • Improving platform functionality and user experience
  • Complying with legal obligations and enforcing our terms

4. Data Sharing and Disclosure

4.1 We Share Information With:

  • Service Providers: AWS (hosting), Upstash (rate limiting), Resend (email), Sentry (error tracking)
  • Payment Processors: PayPal and Venmo for processing rewards
  • Integration Partners: Slack, Jira (if configured by administrators)
  • Legal Authorities: When required by law or to protect rights and safety

4.2 We Do NOT:

  • Sell your personal information to third parties
  • Share vulnerability details publicly without your consent
  • Use your data for marketing purposes without permission

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • Password hashing using bcrypt
  • Role-based access control (RBAC)
  • Rate limiting to prevent abuse
  • Regular security audits and monitoring
  • Secure file storage with access controls

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (typically 7 years for payment records)
  • Resolve disputes and enforce our agreements

You may request deletion of your account and associated data at any time, subject to legal retention requirements.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a structured format
  • Objection: Object to certain data processing activities
  • Withdrawal: Withdraw consent for data processing

To exercise these rights, please contact us at the email address provided in the Contact section.

8. Cookies and Tracking

We use essential cookies for:

  • Session management and authentication
  • Security features (CSRF protection)
  • User preferences and settings

You can disable cookies in your browser settings, but this may limit platform functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Address: 444 Castro Street, Suite 1000, Mountain View, CA 94041, USA

Terms of Service →Back to Home