Privacy Policy

Introduction
  • Purpose of the privacy policy

The purpose of the privacy policy for Capture The Bug (“CTB”) is to inform users about the types of information we collect, how we use and protect that information, and their rights and choices about their data. Our bug bounty platform is based in New Zealand, and our policies follow the privacy laws of New Zealand and other countries where our users are located. We want to build trust and confidence with our users by being open and clear about how we handle their data. We want to ensure we treat their information with care and respect.

  • Scope

The privacy policy for CTB applies to all users of our bug bounty platform. This includes individuals and organizations who may use our platform to report bugs, receive rewards for their discoveries, or access or participate in our community forums or other features. We also collect, use, and protect the information of our business partners and partners who use our platform to receive services from our users. We handle all of this information in accordance with this privacy policy.

However, it is essential to note that the laws governing personal information collection, use, and protection may vary by jurisdiction. As a New Zealand-based company, we are subject to the privacy laws of New Zealand, and we take steps to ensure that we comply with those laws. In some cases, the laws of other countries where our users are located may also apply to our data practices, and we will consider those laws when handling personal information.

Our privacy policy has a consistent and clear set of rules for collecting, using, and protecting our users’ personal information. It doesn’t matter where our users are located

  • Reference to the bug bounty platform’s location in New Zealand

CTB is a bug bounty platform based in New Zealand. Our company is incorporated and operates in New Zealand, and our services are primarily directed to users in that country.

As a New Zealand-based company, we are subject to the privacy laws of New Zealand, which provide certain rights and protections to individuals in relation to their personal information. These laws include the Privacy Act 1993, which sets out the principles that must be followed when collecting, using, and disclosing personal information, as well as the Information Privacy Principles, which provide more detailed guidance on specific data practices.

In accordance with these laws, we are committed to protecting the privacy of our users and handling their personal information in a responsible and transparent manner. This includes taking appropriate measures to ensure the security of their information, and only using it for the purposes that are described in our privacy policy.

By referencing our location in New Zealand, we aim to provide users with information about the legal framework that applies to our data practices, and to demonstrate our commitment to complying with the relevant privacy laws in the country where we operate.

  • Information collected and how it is used
  • Types of information collected (e.g. personal information, IP addresses)

As a New Zealand-based bug bounty platform, CTB collects a range of information from our users in order to provide and improve our services. In our privacy policy, we outline the types of information that we collect and how it is used.

One of the key types of information that we collect is personal information. This may include name, address, phone number, email address, and date of birth. This information is used to create and manage user accounts, as well as to verify the identity of our users. We may also collect other types of personal information, such as information about a user’s experience, skills, and qualifications, in order to evaluate their suitability for participating in bug bounty programs.

In addition to personal information, we also collect IP addresses and other information about online behaviour. This information is used to monitor and analyse user activity on our platform, as well as to prevent and detect fraud or abuse. We may also use this information to improve the user experience on our platform and to provide personalized recommendations and other features.

At CTB, we take the privacy of our users seriously and have implemented measures to protect the information we collect. This includes technical, organizational, and physical safeguards to prevent unauthorized access, disclosure, or misuse of user information. We also regularly review and update our privacy policy to ensure that it accurately reflects our data collection and use practices.

  • How the information is used (e.g. to verify user accounts, to pay rewards for reported bugs)

The information that is collected by a company can be used for a variety of purposes. For example, personal information may be used to verify user accounts and to confirm the identity of users. Information about online behaviour and activity may be used to monitor and analyse user activity on a website or platform, as well as to prevent and detect fraud or abuse.

In the case of a bug bounty platform, the information that is collected may be used to pay rewards for reported bugs and to evaluate the suitability of users for participating in bug bounty programs. This may include information about a user’s experience, skills, and qualifications, as well as information about the bugs that they have reported and the rewards that they have received.

Overall, the information that is collected by a company is used to provide and improve its services, to communicate with users, and to protect the security and integrity of its systems and user data.

  • Data Storage and Security
  • How information is stored

Information is typically stored in a database or other digital storage system. This may be a local storage system that is managed by the company itself, or it may be a cloud-based storage system that is managed by a third-party provider. In either case, the information is typically encrypted and protected by a combination of technical, organizational, and physical safeguards to prevent unauthorized access, disclosure, or misuse.

The specific methods and technologies used to store information can vary depending on the type of information, the purpose for which it is collected, and the company’s data storage and security policies. For example, sensitive personal information may be stored using more advanced security measures and encryption technologies than less sensitive information.

Overall, the goal of information storage is to keep data safe, secure, and accessible only to authorized individuals or systems. This may involve regular backups and disaster recovery planning, as well as ongoing monitoring and maintenance to ensure the integrity and availability of the stored data.

  • Measure taken to protect the information the unauthorized access, disclosure, or destruction

As a bug bounty platform based in New Zealand, CTB takes a number of measures to protect the information we collect from unauthorized access, disclosure, or destruction. These measures may include:

  • Encrypting data: We use encryption to protect data in transit and at rest, making it unreadable to anyone who does not have the proper decryption key. This helps to prevent unauthorized access to sensitive information, such as personal data or financial transactions.
  • Implementing access controls: We use access controls to limit who has access to sensitive information and to ensure that only authorized individuals or systems can access, view, or modify data. This may involve the use of authentication and authorization mechanisms, such as passwords, security tokens, or biometric factors.
  • Regularly backing up data: We regularly back up our data to prevent data loss in the event of a system failure or other unforeseen event. This helps to ensure the availability and integrity of our data and enables us to recover quickly in the event of an incident.
  • Regularly monitoring and reviewing our security measures: We regularly monitor and review our security measures to ensure that they remain effective and up to date. This may involve regular security audits, testing, and training to identify and address potential vulnerabilities or gaps in our security posture.

Overall, our goal is to protect the information that we collect from unauthorized access, disclosure, or destruction, and to maintain the trust and confidence of our users. We take our responsibility to protect user data seriously and are committed to implementing robust and effective security measures to achieve this goal.

  • Sharing Information
  • Situations in which the information may be shared with third parties (e.g. with law enforcement, in response to legal requests)

As a bug bounty platform based in New Zealand, CTB may share information with third parties in certain circumstances. In general, we only share information with third parties when it is necessary to provide or improve our services, to comply with legal requirements, or to protect the rights, property, or safety of our users or third parties.

Some examples of situations in which we may share information with third parties include:

  • With law enforcement: We may be required to disclose information to law enforcement agencies in response to a valid request, such as a subpoena or court order. In these cases, we will only disclose the information that is specifically requested and required by law.
  • With third-party service providers: We may use third-party service providers to assist us with certain aspects of our business, such as hosting, data storage, or payment processing. In these cases, we will only share the information that is necessary for the third party to perform the specific services that we have contracted them to provide.
  • In response to legal requests: We may be required to disclose information in response to legal requests from courts, government agencies, or other third parties. In these cases, we will carefully review the request to ensure that it is valid and that the information being requested is necessary and appropriate.

Overall, we take care to only share information with third parties when it is necessary and appropriate to do so. We will always consider the privacy and security of our users’ information and will only share it in compliance with applicable laws and regulations.

  • Any relevant privacy policies of third parties with whom the information may be shared

If we share information with third parties, we will only do so in compliance with our own privacy policy and the relevant privacy policies of the third parties. This means that we will carefully review the privacy policies of the third parties with whom we share information to ensure that they provide appropriate safeguards for user data.

Some examples of relevant privacy policies of third parties with whom we may share information include:

  • Third-party service providers: If we use third-party service providers to assist us with certain aspects of our business, such as hosting, data storage, or payment processing, we will carefully review their privacy policies to ensure that they provide appropriate protections for user data. This may include requirements for encryption, access controls, and other security measures.
  • Law enforcement agencies: If we are required to disclose information to law enforcement agencies in response to a valid request, we will carefully review their privacy policies to ensure that they comply with applicable laws and regulations. This may include requirements for data minimization, retention, and destruction, as well as oversight and accountability mechanisms.
  • Other third parties: If we share information with other third parties, such as in response to a legal request or for other legitimate business purposes, we will carefully review their privacy policies to ensure that they provide appropriate protections for user data. This may include requirements for consent, notice, and transparency, as well as rights for users to access, rectify, erase, or object to the processing of their data.

Overall, we are committed to protecting the privacy of our users and will only share information with third parties in compliance with our own privacy policy and the relevant privacy policies of the third parties.

User rights and choices
  • How users can access and update their information

As a bug bounty platform, CTB is committed to providing users with control over their personal information and privacy. In our privacy policy, we outline the rights and choices that users have with respect to their information.

One of the key rights that users have is the right to access and update their information. This means that users have the right to request a copy of the information that we have collected about them, as well as to request that we update, correct, or delete their information.

Users can access and update their information in a number of ways, depending on their preferences and the specific services that they use. Some examples of how users can access and update their information include:

  • Using online tools: Many of our services include online tools that allow users to view, update, or delete their information. For example, users may be able to log in to their account and access a personal profile or settings page where they can view and update their information.
  • Contacting customer support: Users can also contact our customer support team to request access to or updates to their information. Our team will assist users with their requests and will help to ensure that their information is accurate and up to date.
  • Exercising their rights: Users also have the right to exercise their rights under applicable laws, such as the right to access, rectify, erase, or object to the processing of their data. If a user wishes to exercise any of these rights, they can contact us and we will assist them in accordance with applicable laws and regulations.

Overall, we are committed to providing users with control over their personal information and privacy. We will always respect and uphold their rights and will provide them with the means to access and update their information as needed.

  • How users can opt out of certain uses of their information

In addition to the right to access and update their information, users also have the right to opt out of certain uses of their information. This means that users can choose not to allow us to use their information for certain purposes, such as for marketing or advertising.

Users can exercise their right to opt out in a number of ways, depending on the specific services that they use and the preferences that they have. Some examples of how users can opt out of certain uses of their information include:

  • Using online tools: Many of our services include online tools that allow users to manage their preferences and opt out of certain uses of their information. For example, users may be able to log in to their account and access a personal profile or settings page where they can adjust their preferences and opt out of certain uses of their information.
  • Contacting customer support: Users can also contact our customer support team to request that we stop using their information for certain purposes. Our team will assist users with their requests and will help to ensure that their preferences are respected.
  • Exercising their rights: Users also have the right to exercise their rights under applicable laws, such as the right to object to the processing of their data. If a user wishes to exercise this right, they can contact us and we will assist them in accordance with applicable laws and regulations.

Overall, we are committed to respecting the preferences of our users and will always provide them with the means to opt out of certain uses of their information. We will never use their information in a way that is contrary to their preferences or without their consent, unless required by law.

Changes to the privacy policy
  • How the privacy policy may be updated in the future

The privacy policy of a company may be updated from time to time to reflect changes in the way the company collects, uses, or shares information. These updates may be necessary to comply with new laws or regulations, to reflect changes in the company’s business or practices, or to improve the clarity or comprehensiveness of the policy.

At CTB, we regularly review and update our privacy policy to ensure that it accurately reflects our data collection and use practices. We will update our privacy policy as needed to comply with new laws or regulations, to reflect changes in our business or practices, or to improve the clarity or comprehensiveness of the policy.

When we update our privacy policy, we will post the updated policy on our website and will notify our users of the changes through email or other means. Users are encouraged to review our privacy policy regularly to stay informed of any changes. If a user has any questions or concerns about our privacy policy or the way we handle their information, they can contact us and we will be happy to assist them.

  • How users will be notified of any changes to the policy

At CTB, we are committed to keeping our users informed about changes to our privacy policy. When we update our privacy policy, we will notify our users of the changes through email or other means.

For example, if we update our privacy policy, we may send an email to all of our users to inform them of the changes and to provide them with a summary of the most important updates. This email will include a link to our website where users can read the updated privacy policy in full.

In addition to email notifications, we may also provide information about changes to our privacy policy through other channels, such as through our website, social media, or customer support channels. We will use whatever means are appropriate and available to ensure that our users are notified of any changes to our privacy policy in a timely and effective manner.

Overall, our goal is to keep our users informed about changes to our privacy policy and to provide them with the information they need to understand and exercise their rights. We are committed to transparency and will always provide our users with clear and concise information about any changes to our privacy policy.

Contact information
  • How users can contact the bug bounty platform with questions or concerns about the privacy policy or their information.

At CTB, we are committed to protecting the privacy of our users and want to hear from them if they have any questions or concerns about our privacy policy or their information. If a user has any questions or concerns, they can contact us by email at [email protected].

Our customer support team is available to assist users with their questions or concerns and will do their best to provide prompt and helpful responses. We will always take user questions and concerns seriously and will do our best to resolve any issues or concerns that they may have.

In addition to email, users can also contact us through other channels, such as through our website, social media, or by phone. We will provide users with the appropriate contact information and will always be available to assist them with their questions or concerns.

Overall, we are committed to providing our users with the information and support they need to understand and exercise their rights with respect to their privacy and information. We are always happy to hear from our users and will do our best to address any questions or concerns that they may have.

Miscellaneous
  • Applicable laws and jurisdiction

The privacy policy of CTB is governed by the laws of New Zealand, where our company is based. However, as we have users from around the globe, we also strive to comply with other applicable laws and regulations that may apply to our users.

For example, we may be subject to the laws and regulations of other countries if we have users in those countries, or if we collect or process information about individuals in those countries. We will always take these laws and regulations into account when handling user information and will strive to provide our users with the same level of protection and control regardless of where they are located.

At CTB, we are committed to complying with the laws and regulations that apply to our business and to upholding the rights and interests of our users. We will always handle user information in accordance with applicable laws and regulations and will strive to protect their personal information and privacy.

  • Dispute resolution

In the event of any dispute or disagreement regarding the privacy policy of CTB, we encourage our users to contact us directly to resolve the issue. Our customer support team is available to assist users with their questions or concerns and will do their best to provide prompt and helpful responses.

If a user is not satisfied with our response or if the dispute cannot be resolved through direct communication with us, the user may have the option to seek resolution through other means, such as through mediation or arbitration.

In some cases, the user may also have the option to file a complaint with the relevant regulatory authorities, such as the Privacy Commissioner of New Zealand. The Privacy Commissioner is responsible for enforcing the Privacy Act 2020 and other privacy-related laws and regulations in New Zealand, and can provide guidance and assistance to individuals who have concerns or complaints about the handling of their personal information.

Overall, we are committed to resolving any disputes or disagreements regarding our privacy policy in a fair and transparent manner. We will always strive to address the concerns and needs of our users and to provide them with the information and support they need to understand and exercise their rights with respect to their privacy and information.

  • Other relevant information or provisions

In addition to the information outlined above, there may be other relevant provisions or information that are included in the privacy policy of CTB. These may include, but are not limited to:

  • Information about the specific types of information that we collect, such as personal data, location data, or financial data.
  • Information about the purposes for which we collect, use, or disclose information, such as to provide or improve our services, to comply with legal requirements, or to protect the rights, property, or safety of our users or third parties.
  • Information about the legal bases that we rely on to collect, use, or disclose information, such as consent, contract, legal obligation, or legitimate interests.
  • Information about the rights and choices that users have with respect to their information, such as the right to access, rectify, erase, or object to the processing of their data.
  • Information about the safeguards that we have in place to protect the security and integrity of user information, such as encryption, access controls, and regular backups.
  • Information about the retention periods for user information, such as how long we keep information for and the criteria that we use to determine when to delete or destroy it.
  • Information about the third parties with whom we may share information, such as service providers, law enforcement agencies, or other third parties.
  • Information about how users can contact us with questions or concerns about our
Conclusion
  • Recap of the key points of the privacy policy

The privacy policy for CTB is a document that outlines the types of information we collect from our users, how we use and protect that information, and the rights and choices that users have in relation to their information. As a New Zealand-based bug bounty platform, our policy is designed to comply with the relevant privacy laws of New Zealand and other countries where our users may be located. We collect personal information, such as names, addresses, and email addresses, to create and manage user accounts and to verify the identity of our users. We may also collect information about user activity on our platform, such as the bugs that are reported and the rewards that are paid. We use this information to provide and improve our services, to comply with legal requirements, and to protect the rights, property, and safety of our users and third parties. Users have the right to access, rectify, erase, or object to the processing of their data, and can contact us with any questions or concerns about our privacy policy or the way we handle their information

  • Reiteration of the bug bounty platform’s commitment to protecting user information.

In the privacy policy for CTB, we reiterate our commitment to protecting the personal information of our users. As a New Zealand-based bug bounty platform, we are subject to the privacy laws of New Zealand, and we take steps to ensure that we comply with those laws. We collect personal information, such as names, addresses, and email addresses, to create and manage user accounts and to verify the identity of our users. We may also collect information about user activity on our platform, such as the bugs that are reported and the rewards that are paid. We use this information to provide and improve our services, to comply with legal requirements, and to protect the rights, property, and safety of our users and third parties. We have implemented appropriate technical and organizational measures to protect the security and integrity of user information, and we only retain it for as long as is necessary for the purposes that are described in our privacy policy. Overall, we are committed to protecting the privacy of our users and to handling their personal information in a responsible and transparent manner.