Last Updated on August 8th, 2024
At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared and how to opt-out of such uses, and how long such information is retained. California residents can find those details by clicking on the above links.
This Privacy Policy applies to personal information that is processed by Bugcrowd, Inc. and its subsidiaries (“Bugcrowd,” “we,” “us,” or “our”) in the course of our business, including on Bugcrowd websites (each a “Site”), applications, forums, blogs, and other online or offline offerings (collectively, the “Services”).
An Important Note: This Privacy Policy does not apply to any of the personal information that we process on behalf of our customers through their use of our Services (“Customer Data”). Our customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our customer.
The types of personal information we may collect and our privacy practices depend on the nature of the relationship you have with Bugcrowd and the requirements of applicable law. Below are the ways we collect personal information and how we use it.
Bugcrowd collects personal information regarding its current, prospective, and former clients, customers, researchers, users, visitors, guests, and applicants (collectively “Individuals”).
See Section 5 below to understand your choices regarding these Technologies.
We acquire, hold, use, and process personal information about Individuals for a variety of business purposes, including:
You may contact us at any time to opt-out of the use of your personal information for marketing purposes, as further described in Section 5 below.
If you would like to opt-out of the Technologies we employ on our Services, you may do so by blocking, deleting, or disabling them as your browser or device permits.
The Services may contain links to other websites and other websites may reference or link to our Services. These other domains and websites are not controlled by us, and Bugcrowd does not endorse or make any representations about third-party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
Bugcrowd’s Services may include publicly accessible blogs, community forums, or private messaging features. The Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Site or other Services. You should be aware that personal information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes.
If you use the Services to make, receive or facilitate payments in connection with the Services, we and Third-Party applications may collect certain financial information from you to process transactions, including your name, email address, address, financial account information and other billing information.
We may share your information as described in this Privacy Policy (e.g., with our third-party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission.
Some of the advertising Technologies we use may include:
All personal information collected via or by Bugcrowd may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers in order to provide the Services. Your personal information may be accessible to law enforcement or other authorities pursuant to a lawful request. Where required by law, international transfers of personal information will be supported by an adequacy mechanism. In the case of transfers of data out of Europe, we rely on Standard Contractual Clauses under the EU General Data Protection Regulation (“GDPR”) and endeavor to utilize third-party service providers that provide adequate protections that are compliant with the GDPR such as implementing Standard Contractual Clauses or Binding Corporate Rules. A copy of our standard data processing addendum incorporating the Standard Contractual Clauses is available at https://www.bugcrowd.com/legal/dpa.
The privacy choices you may have about your personal information are determined by applicable law and are described below.
If you receive an unwanted marketing email from us, you can use the unsubscribe link found at the bottom of the email to opt-out of receiving future emails. We will process your request in accordance with applicable laws. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Bugcrowd and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions here.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from organizations that participate in self-regulatory programs. You can access these websites and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Please note you must separately opt out in each browser and on each device.
In accordance with applicable law, you may have the following rights:
Right to Know – You may have the right to know whether we are processing personal information about you.
Right to Access – You may have the right to obtain access to the personal information we process about you, including obtaining a copy of your personal information.
Right to Rectification – You may have the right to correct any inaccurate or incomplete personal information concerning you.
Right to Erasure –You may have the right to request deletion of your personal information held about you by Bugcrowd.
Right to Restrict Processing or Object to Processing – You may have the right to restrict, or object to, the processing of your personal information .
Right to Portability – You may have the right to receive requested personal information in a commonly used and machine-readable format.
Right to Withdraw Consent – You may have the right to withdraw your consent to our processing of your personal information.
Where permitted by applicable law, you may send an e-mail to privacy@bugcrowd.com or use any of the methods set out in this Privacy Policy to exercise your rights in personal information. Please include your full name, email address associated with your Account, and a detailed description of your data request. Such requests will be processed in line with applicable laws.
To protect your privacy, Bugcrowd will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.
Bugcrowd retains the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
Where required by applicable law, your biometric information will be stored for no more than one year.
The Services are not directed to children under 13 (and in certain jurisdictions under the age of 16) years of age, and Bugcrowd does not knowingly collect personal information from children under 13 (and in certain jurisdictions under the age of 16) years of age. If you learn that your child has provided us with personal information without your consent, you may alert us at privacy@bugcrowd.com . If we learn that we have collected any personal information from children under 13 (and in certain jurisdictions under the age of 16), we will promptly take steps to delete such information.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
If you have any questions about our privacy practices or this Privacy Policy, please contact Bugcrowd by email at privacy@bugcrowd.com.
Attention: General Counsel
Bugcrowd Inc.
300 California Street, Suite 220 San Francisco, CA 94104
1 (888) 361-9734
We may update this Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Policy on our Site, and/or we may also send other communications. If at any point you do not agree to any portion of the Privacy Policy then in effect, you must immediately stop using the Services.
This Supplemental Notice for California Residents supplements our Privacy Policy and only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (as amended from time to time) (“CCPA”).
The CCPA provides California residents with the right to know what categories of personal information Bugcrowd has collected about them, whether Bugcrowd disclosed that personal information for a business purpose (e.g., to a service provider), whether Bugcrowd “sold” that personal information, and whether Bugcrowd “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:
Content Visible to Others
The categories of sources from which we collect personal information and our business and commercial purposes for using and disclosing personal information are set forth in “Types of Personal Information We Collect” , “How Bugcrowd Uses Your Personal Information” , and “How Bugcrowd May Disclose Your Personal Information” above, respectively. We will retain personal information in accordance with the time periods set forth in “Retention of Personal Information”.
We “sell” and “share” your personal information to provide you with “cross-context behavioral advertising” about Bugcrowd’s products and services.
Additional Privacy Rights for California Residents
Opting Out of “Sales” of Personal Information and/or “Sharing” for Cross-Context Behavioral Advertising under the CCPA. California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise these rights by clicking on Do Not Sell or Share My Information” and following the instructions on that prompt.
Disclosure Regarding Individuals Under the Age of 16. Bugcrowd does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. Bugcrowd does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”
Disclosure Regarding Opt-Out Preference Signals. California residents may opt out of “sales” of personal information and “sharing” of personal information for “cross-context behavioral advertising” that are carried out on https://www.bugcrowd.com/ by broadcasting the opt-out preference signal known as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, visit the Global Privacy Control website. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use to visit https://www.bugcrowd.com/.
Disclosure Regarding Sensitive Personal Information. Bugcrowd only uses and discloses sensitive personal information for the following purposes:
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling requests submitted under the CCPA. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to provide the email address or phone number we have associated with you, opening a link sent to the contact information provided, and following the instructions on the website you are taken to.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent using the information found in “Contact Us” above and ask us for additional instructions.