PRIVACY POLICY

 

Last Updated on August 8th, 2024

 

1.   NOTICE AT COLLECTION

At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared and how to opt-out of such uses, and how long such information is retained. California residents can find those details by clicking on the above links.

 

2.   SCOPE

This Privacy Policy applies to personal information that is processed by Bugcrowd, Inc. and its subsidiaries (“Bugcrowd,” “we,” “us,” or “our”) in the course of our business, including on Bugcrowd websites (each a “Site”), applications, forums, blogs, and other online or offline offerings (collectively, the “Services”). 

An Important Note: This Privacy Policy does not apply to any of the personal information that we process on behalf of our customers through their use of our Services (“Customer Data”). Our customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our customer.

 

3.   TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT

The types of personal information we may collect and our privacy practices depend on the nature of the relationship you have with Bugcrowd and the requirements of applicable law. Below are the ways we collect personal information and how we use it. 

 

3.1   TYPES OF PERSONAL INFORMATION WE COLLECT

Bugcrowd collects personal information regarding its current, prospective, and former clients, customers, researchers, users, visitors, guests, and applicants (collectively “Individuals”).

• Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as registering for an account with Bugcrowd, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:

• • User & Researcher Information. When you create a user or researcher profile, Bugcrowd may collect certain personal information including your name, contact details, photographs, examples of your work, information on work previously performed via the Service and outside the Service, skills and other information, including your username (“Profile”). The information in your Profile may be visible to all Bugcrowd users and the general public.

• • Identity Verification. If you sign up to be a researcher, we, or our service provider, may collect personal information to verify your identity including, but not limited to:

• • • Your full name, email address, telephone number, and address;
    • Identification documents (which may include your passport, driver’s license, and any other relevant identification documents requested from time to time and any data contained within that identification document (for example, government issued ID numbers, age, gender, place of birth, nationality, and place of residence));
    • A selfie image or video that you take of yourself;
    • Biometric information, including your facial image, that is extracted from both your photos within your identification information and any selfies you submit;
    • The identity verification outcome and related profile that is generated once we, or our service provider, analyze the information you provide.

• • Communications with Us. We may collect personal information from you such as email address, phone number or mailing address when you choose to request information about our Services, register for Bugcrowd’s newsletter, request to receive customer or technical support, or otherwise communicate with us.
  • Surveys. From time to time, we may contact you to participate in online surveys. If you do decide to participate, you may be asked to provide certain information which may include personal information. All information collected from your participation in our surveys is provided by you voluntarily. We may use such information to improve our products, Sites and/or services and in any manner consistent with the policies provided herein.
  • Posting on the Services. Bugcrowd may offer publicly accessible pages, blogs, private messages, or community forums. You should be aware that, when you disclose information about yourself in on Bugcrowd’s pages, blogs, private messages, and community forums, the Services will collect the information you provide in such submissions, including any personal information. If you choose to submit content to any public area of the Services, such content will be considered “public” and will not be subject to the privacy protections set forth herein.
  • Job Applications. We may post job openings and opportunities on our Services and elsewhere. If you respond to one of these postings, we may collect your personal information, such as your application, CV, cover letter, and/or any other information you provide to us.

• Personal Information Collected Automatically. We may collect personal information automatically when you use our Services. 

• • Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.
  • Cookies, Pixel Tags/Web Beacons, and Analytics Information. We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. We use Technologies that are essentially small data files placed on your computer, tablet, mobile phone, or other devices (referred to collectively as a “device”) that allow us to record certain pieces of information whenever you visit or interact with our sites, services, applications, messaging, and tools, and to recognize you across devices.
  • Cookies. Cookies are small text files placed in visitors’ device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
  • Embedded Scripts. We and our marketing partners, affiliates, analytics, and service providers may also employ software technology known as an embedded script. An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your computer or other device and is deactivated or deleted when you disconnect from the Service.
  • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. Some of the analytics providers we use may include: 

• • • Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here. 

• • • LinkedIn Analytics. For more information about how LinkedIn uses your personal information, please visit LinkedIn Analytics’ Privacy Policy. To learn more about how to opt-out of LinkedIn’s use of your information, please click here. 

See Section 5 below to understand your choices regarding these Technologies.

• Information Submitted Via Services. You agree that Bugcrowd is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or Services. Bugcrowd will not release your name or otherwise publicize the fact that you submitted materials or other information to us unless: (a) you grant us permission to do so or it is otherwise necessary as part of the Services, such as to facilitate payment to you as a security researcher; (b) we first send notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with your name on it; or (c) we are required to do so by law.
• Information from Other Sources. We may receive information about you from other sources, including through third-party services and organizations to supplement information provided by you. For example, if you access or use our Services through a third-party application, we may collect information about you from that third-party application that is public via your privacy settings or is otherwise available.

 

3.2   HOW BUGCROWD USES YOUR PERSONAL INFORMATION

We acquire, hold, use, and process personal information about Individuals for a variety of business purposes, including:

• To Provide Products, Services, or Information Requested. Bugcrowd may use information about you to provide the Services and fulfill requests for products or information, including to:

• • Generally manage Individual information and accounts;
  • Respond to questions, comments, and other requests;
  • To assess vulnerabilities and other bugs you discover in the course of your use of the Services;
  • Provide access to certain areas, functionalities, and features of Bugcrowd’s Services;
  • Contact you to answer requests for customer support or technical support;
  • Authenticate the unique biometric information extracted from a researcher’s identity document(s) against the biometric information extracted from a researcher’s selfie image(s) for identity verification;
  • Process applications and carrying out related activities if you apply for a job we post;
  • Allow you to register for events.

• Administrative Purposes. Bugcrowd may use personal information about you for its administrative purposes, including to:

• • Measure interest in Bugcrowd’s Services;
  • Develop new products and Services;
  • Ensure internal quality control;
  • Verify Individual identity;
  • Communicate about Individual accounts and activities on Bugcrowd’s Services and systems, and, in Bugcrowd’s discretion, changes to any Bugcrowd policy;
  • Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as Account management, customer service, or system maintenance;
  • Process payment for products or services purchased;
  • Process applications and transactions;
  • Prevent potentially prohibited or illegal activities;
  • Enforce our Terms.

• Marketing Bugcrowd Products and Services. Bugcrowd may use personal information to provide you with materials about offers, products, and Services that may be of interest, including new content or Services. Bugcrowd may provide you with these materials by phone, postal mail, facsimile, or email, as permitted by applicable law. Such uses include:

• • To tailor content, advertisements, and offers;
  • To notify you about offers, products, and services that may be of interest to you;
  • To provide Services to you and our sponsors;
  • For other purposes disclosed at the time that Individuals provide personal information; or
  • Otherwise with your consent.

You may contact us at any time to opt-out of the use of your personal information for marketing purposes, as further described in Section 5 below.

• Research and Development. Bugcrowd may use personal information alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services.
• Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with personal information, or whose personal information we obtain from third parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on Bugcrowd’s or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the Individual by following the instructions in Section 5 below.
• De-Identified and Aggregated Information Use. Bugcrowd may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Bugcrowd’s Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. De-identified and/or aggregated information is not personal information, and Bugcrowd may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Bugcrowd and with third parties for our or their purposes in an de-identified and/or aggregated form that is designed to prevent anyone from identifying you.
• Sharing Content with Friends or Colleagues. Bugcrowd’s Services may offer various tools and functionalities to share content. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Bugcrowd or any other third parties for any other purpose.
• Other Uses. Bugcrowd may use personal information for which we have a legitimate interest, such as network and information security, direct marketing, disclosure to affiliated organizations, research (including marketing research), fraud prevention, or any other purpose disclosed to you at the time you provide personal information or with your consent.
• Uses of Automatic Collection Technologies. Our use of the Technologies fall into the following general categories:

• • Operationally Necessary. We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our sites, services, applications, and tools. This includes technologies that allow you access to our sites, services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions;
  • Performance Related. We may use cookies, web beacons, or other similar technologies to assess the performance of our websites, applications, services, and tools, including as part of our analytic practices to help us understand how our visitors use our websites, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services, or tools;
  • Functionality Related. We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our sites, services, applications, or tools. This may include identifying you when you sign into our sites or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our sites;
  • Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.

If you would like to opt-out of the Technologies we employ on our Services, you may do so by blocking, deleting, or disabling them as your browser or device permits.

 

3.3   THIRD-PARTY WEBSITES AND SOCIAL MEDIA PLATFORMS

The Services may contain links to other websites and other websites may reference or link to our Services. These other domains and websites are not controlled by us, and Bugcrowd does not endorse or make any representations about third-party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

Bugcrowd’s Services may include publicly accessible blogs, community forums, or private messaging features. The Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Site or other Services. You should be aware that personal information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes.

 

3.4   THIRD-PARTY PAYMENT PROCESSING

If you use the Services to make, receive or facilitate payments in connection with the Services, we and Third-Party applications may collect certain financial information from you to process transactions, including your name, email address, address, financial account information and other billing information.

 

4.   HOW BUGCROWD MAY DISCLOSE YOUR PERSONAL INFORMATION

 

4.1   PERSONAL INFORMATION WE SHARE

We may share your information as described in this Privacy Policy (e.g., with our third-party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission.

• We Use Vendors and Service Providers. We may share any information we receive, including biometric information, with vendors and service providers. The types of service providers (processors) to whom we entrust personal information include service providers for: (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Services.We use Jumio to assist us with biometric verifications. Biometric information may be provided to and processed by Jumio and its service providers in connection with these activities. Jumio, and its service providers, may use any information collected to verify your identity, to develop, provide and improve Jumio’s services, including through machine learning techniques, and to protect against fraudulent or illegal activity.

• Business Partners. Bugcrowd may share personal information with our business partners, and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. Bugcrowd may also provide personal information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with Bugcrowd. Bugcrowd requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of personal information they maintain on our behalf and not to use it for any purpose other than the purpose for which Bugcrowd provided them.
• Content Visible to Others. When you create a Profile or post content to the Services, this information may be displayed to others. For example, if you are a security researcher make submission to the Services about a Bugcrowd customer, the submission along with your personal information may be shared with the Bugcrowd customer. We are not responsible for privacy practices of the other users who will view and use the posted information.
• Advertising Partners. Through our Services, Bugcrowd may allow third-party advertising partners to set Technologies (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected personal information (such as demographic information and past purchase history) we have collected with third-party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-Bugcrowd related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” We may allow access to other data collected by the Services to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer that we do not share your personal information with third-party advertising partners, you may opt-out of such sharing at no cost by following the instructions in Section 5 below. 

Some of the advertising Technologies we use may include:

• Facebook Connect. For more information about Facebook’s use of your personal information, please visit Facebook’s Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
• Disclosures to Protect Us or Others (e.g., as Required by Law and Similar Disclosures). We may access, preserve, and disclose your personal information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Bugcrowd policies or contracts; (v) to collect amounts owed to Bugcrowd; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
• Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. In such event, Bugcrowd will endeavor to direct the transferee to use personal information in a manner that is consistent with the Privacy Policy in effect at the time such personal information was collected.

 

4.2   INTERNATIONAL DATA TRANSFERS

All personal information collected via or by Bugcrowd may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers in order to provide the Services. Your personal information may be accessible to law enforcement or other authorities pursuant to a lawful request. Where required by law, international transfers of personal information will be supported by an adequacy mechanism. In the case of transfers of data out of Europe, we rely on Standard Contractual Clauses under the EU General Data Protection Regulation (“GDPR”) and endeavor to utilize third-party service providers that provide adequate protections that are compliant with the GDPR such as implementing Standard Contractual Clauses or Binding Corporate Rules. A copy of our standard data processing addendum incorporating the Standard Contractual Clauses is available at https://www.bugcrowd.com/legal/dpa.

 

5.   YOUR CHOICES

 

5.1   GENERAL

The privacy choices you may have about your personal information are determined by applicable law and are described below.

 

5.2   EMAIL COMMUNICATIONS

If you receive an unwanted marketing email from us, you can use the unsubscribe link found at the bottom of the email to opt-out of receiving future emails. We will process your request in accordance with applicable laws. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Bugcrowd and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).

 

5.3   “DO NOT TRACK”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

 

5.4   COOKIES AND INTEREST-BASED ADVERTISING

You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions here.  

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from organizations that participate in self-regulatory programs. You can access these websites and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

 

6.   YOUR PRIVACY RIGHTS

In accordance with applicable law, you may have the following rights:

Right to Know – You may have the right to know whether we are processing personal information about you.

Right to Access – You may have the right to obtain access to the personal information we process about you, including obtaining a copy of your personal information.

Right to Rectification – You may have the right to correct any inaccurate or incomplete personal information concerning you.

Right to Erasure –You may have the right to request deletion of your personal information held about you by Bugcrowd.

Right to Restrict Processing or Object to Processing – You may have the right to restrict, or object to, the processing of your personal information .

Right to Portability – You may have the right to receive requested personal information in a commonly used and machine-readable format.

Right to Withdraw Consent – You may have the right to withdraw your consent to our processing of your personal information. 

Where permitted by applicable law, you may send an e-mail to privacy@bugcrowd.com  or use any of the methods set out in this Privacy Policy to exercise your rights in personal information. Please include your full name, email address associated with your Account, and a detailed description of your data request. Such requests will be processed in line with applicable laws.

To protect your privacy, Bugcrowd will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

 

7.   RETENTION OF PERSONAL INFORMATION

Bugcrowd retains the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

Where required by applicable law, your biometric information will be stored for no more than one year.

 

8.   CHILDREN’S PRIVACY

The Services are not directed to children under 13 (and in certain jurisdictions under the age of 16) years of age, and Bugcrowd does not knowingly collect personal information from children under 13 (and in certain jurisdictions under the age of 16) years of age. If you learn that your child has provided us with personal information without your consent, you may alert us at privacy@bugcrowd.com . If we learn that we have collected any personal information from children under 13 (and in certain jurisdictions under the age of 16), we will promptly take steps to delete such information.

 

9.   SUPERVISORY AUTHORITY

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

• EEA Data Protection Authorities (DPAs)
• Swiss Federal Data Protection and Information Commissioner (FDPIC)
• UK Information Commissioner’s Office (ICO)

 

10.   CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, please contact Bugcrowd by email at privacy@bugcrowd.com.

Attention: General Counsel

Bugcrowd Inc. 

300 California Street, Suite 220
San Francisco, CA 94104

1 (888) 361-9734 

 

11.   CHANGES TO OUR PRIVACY POLICY

We may update this Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Policy on our Site, and/or we may also send other communications. If at any point you do not agree to any portion of the Privacy Policy then in effect, you must immediately stop using the Services.

 

12.   SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

This Supplemental Notice for California Residents supplements our Privacy Policy and only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (as amended from time to time) (“CCPA”). 

The CCPA provides California residents with the right to know what categories of personal information Bugcrowd has collected about them, whether Bugcrowd disclosed that personal information for a business purpose (e.g., to a service provider), whether Bugcrowd “sold” that personal information, and whether Bugcrowd “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:

Category of Personal Information Collected by Bugcrowd	Category of Third Parties To Whom Personal Information is Disclosed to for a Business Purpose	Category of Third Parties To Whom Personal Information is Sold and/or Shared
Identifiers	Service providers Content Visible to Others	Advertising Partners
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Service Providers Content Visible to Others	N/A
Protected classification characteristics under California or federal law	Service Providers	N/A
Commercial information	Service Providers	Advertising Partners
Biometric information	Service Providers	N/A
Internet or other electronic network activity	Service Providers	Advertising Partners
Professional or employment-related information	Service Providers Content Visible to Others	N/A
Inferences drawn from other personal information to create a profile about a consumer	Service Providers	Advertising Partners
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number	Service Providers	N/A
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account	Service Providers	N/A
Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Bugcrowd is the intended recipient of the communication	Service Providers Content Visible to Others	N/A
Biometric information that is processed for the purpose of uniquely identifying a consumer	Service Providers	N/A

 

The categories of sources from which we collect personal information and our business and commercial purposes for using and disclosing personal information are set forth in “Types of Personal Information We Collect” , “How Bugcrowd Uses Your Personal Information” , and “How Bugcrowd May Disclose Your Personal Information” above, respectively. We will retain personal information in accordance with the time periods set forth in “Retention of Personal Information”.

We “sell” and “share” your personal information to provide you with “cross-context behavioral advertising” about Bugcrowd’s products and services.

 

Additional Privacy Rights for California Residents

Opting Out of “Sales” of Personal Information and/or “Sharing” for Cross-Context Behavioral Advertising under the CCPA. California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise these rights by clicking on Do Not Sell or Share My Information” and following the instructions on that prompt.

Disclosure Regarding Individuals Under the Age of 16. Bugcrowd does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. Bugcrowd does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”

Disclosure Regarding Opt-Out Preference Signals. California residents may opt out of “sales” of personal information and “sharing” of personal information for “cross-context behavioral advertising” that are carried out on https://www.bugcrowd.com/ by broadcasting the opt-out preference signal known as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, visit the Global Privacy Control website. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use to visit https://www.bugcrowd.com/.

Disclosure Regarding Sensitive Personal Information. Bugcrowd only uses and discloses sensitive personal information for the following purposes: 

• To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services
• To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
• To resist malicious, deceptive, fraudulent, or illegal actions directed at Bugcrowd and to prosecute those responsible for those actions. 
• To ensure the physical safety of natural persons. 
• To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Bugcrowd, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Bugcrowd. 
• For purposes that do not infer characteristics about individuals. 

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA. 

Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling requests submitted under the CCPA. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to provide the email address or phone number we have associated with you, opening a link sent to the contact information provided, and following the instructions on the website you are taken to.

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent using the information found in “Contact Us” above and ask us for additional instructions.

 

13.   REVISION HISTORY

• Bugcrowd Privacy Policy (effective 06/15/17)
• Updated Bugcrowd Privacy Policy (effective 05/25/18)
• Updated Bugcrowd Privacy Policy (effective 12/17/20)
• Updated Bugcrowd Privacy Policy (effective 08/08/24)