Last Updated: July 8, 2025
ZoeBug Private Ltd. (“ZoeBug,” “we,” “us,” or “our”) operates a crowdsourced bug bounty platform at [https://zoebug.com] (the “Platform”), connecting Security Researchers with private and public programs, including Vulnerability Disclosure Programs (VDP) and Bug Bounty Programs (BBP). We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our Platform. By using our Platform, you agree to the terms of this Privacy Policy.
1. Information We Collect
We collect various types of information from you when you use our Platform to provide our services and enhance your experience. The information is categorized as follows:
Personal Information
| Category | Examples |
|---|---|
| Identifiers | Name, email address, username |
| Contact Information | Mailing address, telephone number (if provided) |
| Financial Information | Payment card details (if you make payments through our Platform) |
| Professional Information | Skills, experience, education (for researchers) |
| Communication Data | Content of reports, messages, chats on our Platform |
| Other Information | Profile picture, time zone, language preferences |
Device and Usage Information
| Category | Examples |
|---|---|
| Technical Data | IP address, browser type and version, operating system, device type |
| Usage Data | Referring website or search terms, pages visited, clickstream data |
| Tracking Technologies | Cookies and similar technologies |
2. How We Collect Information
We collect information through:
- Direct Interactions: When you register, submit reports, or communicate with us.
- Automated Technologies: Via cookies, server logs, and analytics tools.
- Third Parties: From service providers (e.g., payment processors) or publicly available sources.
3. How We Use Your Information
We use your information for the following purposes:
- Service Delivery: To provide, maintain, and improve our Platform, including processing transactions and managing programs.
- Communication: To send notifications, updates, or respond to inquiries.
- Personalization: To tailor your experience based on your preferences.
- Analytics: To analyze usage patterns and improve our services.
- Security: To detect and prevent fraud or unauthorized access.
- Legal Compliance: To meet regulatory requirements.
For users in the European Economic Area (EEA), our legal bases for processing include:
| Purpose | Legal Basis |
|---|---|
| Service Delivery | Performance of a contract |
| Personalization, Analytics, Security | Legitimate interests |
| Marketing | Consent (where required) |
4. Data Sharing and Disclosure
We may share your personal information with:
- Service Providers: For hosting, payment processing, or analytics, under strict confidentiality agreements.
- Legal Authorities: To comply with legal obligations or respond to lawful requests.
- Business Transfers: In connection with mergers, acquisitions, or similar transactions.
We do not sell your personal information to third parties for their marketing purposes, as defined under CCPA.
5. Data Security
We implement robust technical and organizational measures to protect your data, as evidenced by our ISO 27001 certification. These include encryption, access controls, and regular security assessments. However, no internet transmission or storage system is 100% secure, and we cannot guarantee absolute protection against unauthorized access, such as hacks or other unforeseen events.
6. Data Retention
We retain personal information only as long as necessary for the purposes outlined above, or as required by law. For example:
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion or as needed for legal obligations |
| Communication Data | As long as required for service delivery or dispute resolution |
| Device Data | Typically up to 12 months for analytics |
Data no longer needed is deleted or anonymized.
7. Your Rights
Depending on your location, you have the following rights:
- Access: Request details of your personal data we hold.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your data (right to be forgotten).
- Restriction: Limit how we process your data.
- Portability: Receive your data in a structured format.
- Objection: Object to processing based on legitimate interests.
- Automated Decisions: Rights regarding automated decision-making (not currently applicable).
For California residents under CCPA:
- Right to Know: Request categories and specific pieces of personal information collected in the past 12 months.
- Right to Delete: Request deletion of your data.
- Right to Opt-Out: Opt out of data sales (not applicable, as we do not sell data).
- Non-Discrimination: No discrimination for exercising your rights.
To exercise these rights, contact us at security@zoebug.com. You may also lodge a complaint with a supervisory authority in your EEA member state or contact the California Attorney General’s office.
8. International Data Transfers
Our Platform is hosted in the United States, and data may be transferred to and processed there. For EEA users, we use safeguards like standard contractual clauses to ensure compliance with GDPR when transferring data outside the EEA. For more information, see European Commission: Standard Contractual Clauses.
9. Cookies and Similar Technologies
We use cookies to enhance functionality, security, and analytics. For details, refer to our Cookie Policy.
10. Children’s Privacy
Our Platform is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided data, contact us to have it removed.
11. Changes to This Privacy Policy
We may update this policy to reflect changes in practices or laws. Updates will be posted on this page with a revised “Last Updated” date. Significant changes will be communicated via email or Platform notifications.
12. Contact Us
For questions or to exercise your rights, contact us at:
ZoeBug Private Ltd.
44 Montgomery St, San Francisco, CA 94104, United States
Email: security@zoebug.com
13. Limitation of Liability
To the extent permitted by law, ZoeBug Private Ltd. shall not be liable for damages or losses resulting from unauthorized access or disclosure of your personal information due to circumstances beyond our reasonable control, such as hacks or force majeure events. This does not affect your statutory rights.
Compliance Notes
| Regulation | Key Features Addressed |
|---|---|
| GDPR | Data controller identity, processing purposes, legal bases, user rights, international transfers, complaint rights |
| CCPA | Categories of personal information, purposes, third-party sharing, consumer rights, non-discrimination |
| ISO 27001 | Security measures highlighted, reinforcing trust in data protection |