Trusted by banks, fintechs and enterprises across Africa to stay secure.

Leaderboard Vulnerabilities Blog
Home / Privacy Policy

Privacy Policy

Your privacy matters to us. This policy explains how BountiFix collects, uses and protects your personal information.

Effective Date: January 1, 2025

Last Updated: June 12, 2026

At BountiFix, we value your trust and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share and safeguard your information when you interact with our platform — whether as a client, security researcher or visitor. It also outlines your rights under applicable data protection laws, including Nigeria's Data Protection Act (NDPA), the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA) and Brazil's Lei Geral de Proteção de Dados (LGPD).

1. Scope of This Policy

This policy applies to:

  • Visitors to the BountiFix website
  • Registered clients (organizations using our platform)
  • Registered security researchers
  • Any individual interacting with our services online or offline

This policy is enforceable globally, including Nigeria, the European Union, the United Kingdom, the United States, Brazil and any other applicable jurisdictions.

2. Information We Collect

a. Information you provide

  • Registration data: name, email, password, organization details (for clients) and researcher profile (for researchers)
  • Verification data: government-issued ID, social media links and professional credentials (for researchers)
  • Billing details: payment information, billing address and transaction records
  • Program activity: vulnerability reports, bounty scopes, communication logs and audit trails

b. Information collected automatically

  • Device type, browser type, IP address and operating system
  • Log data, including timestamps, access times and pages visited
  • Usage patterns and interactions with platform features

3. Legal Basis for Processing

  • Contractual necessity: to perform the contract or agreement we have with you
  • Consent: for optional or marketing-related processing (you may withdraw consent at any time)
  • Legitimate interest: for platform security, fraud prevention and service improvement
  • Legal obligations: for regulatory compliance and audits

4. How We Use Your Information

  • Register, verify and manage your account
  • Facilitate secure interaction between clients and researchers
  • Process vulnerability reports and issue bounty payouts
  • Comply with legal or regulatory obligations
  • Monitor activities for security, auditing and compliance purposes
  • Enhance platform performance and user experience

5. Data Sharing and Disclosure

  • To service providers (e.g. payment processors, cloud services, analytics) under strict data protection agreements
  • To clients or researchers as needed to fulfill bounty program engagements
  • To law enforcement or regulatory bodies as required by law
  • During corporate transactions such as mergers, acquisitions or asset sales, subject to prior notification

6. Your Data Protection Rights

a. Under NDPA, GDPR and UK GDPR

  • Right of access: request copies of personal data held about you
  • Right to rectification: correct incomplete or inaccurate data
  • Right to erasure: request deletion of data under specific conditions
  • Right to restrict processing: limit how your data is processed
  • Right to data portability: request data in a structured, machine-readable format
  • Right to object: object to certain types of processing such as direct marketing

b. Under CCPA (California residents)

  • Right to know: request information on the categories and specific data collected
  • Right to delete: request deletion of personal data (with exceptions)
  • Right to opt out: object to the sale of personal data (BountiFix does not sell data)
  • Right to non-discrimination: receive equal service regardless of your privacy choices

c. Under LGPD (Brazilian residents)

  • Right to confirm processing: know whether we are processing your data
  • Right to access: request access to your data
  • Right to rectify or update: correct incomplete or outdated information
  • Right to delete: remove unnecessary or non-compliant data
  • Right to withdraw consent: revoke consent at any time

To exercise your rights, please contact privacy@bountifix.com.

7. Data Retention

We retain personal data only as long as necessary to:

  • Fulfill the purposes described in this policy
  • Satisfy legal, regulatory and contractual obligations
  • Resolve disputes and enforce our agreements

When data is no longer required, it will be securely deleted or anonymized.

8. Data Security Measures

  • End-to-end encryption for vulnerability reports and sensitive communication
  • Role-based access controls to limit data exposure
  • Multi-factor authentication (MFA) for account security
  • Regular security audits and third-party penetration tests
  • Comprehensive incident response protocols

9. International Data Transfers

Where data is transferred across borders, we ensure:

  • Adequate safeguards, such as Standard Contractual Clauses (SCCs)
  • Compliance with applicable data transfer regulations
  • That data recipients adhere to similar standards of protection

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate and maintain user sessions
  • Analyze user behavior and usage statistics
  • Optimize platform performance
  • Personalize user experiences

You may manage cookie preferences via your browser settings. Note that disabling cookies may affect service functionality.

11. Changes to This Policy

  • Significant changes will be communicated via email or on the platform
  • Continued use of the BountiFix platform after updates constitutes your acceptance

12. Contact Information

Governance & Compliance Office

Last updated: June 12, 2026