Privacy Policy
How BugRakshak collects, uses, and protects your personal data. Last updated: April 1, 2026.
1. Information We Collect
1.1 Account Information
When you register on BugRakshak, we collect your name, email address, username, phone number, and payment details (bank account or UPI ID for researchers, or billing details for companies). For identity verification, we may collect government-issued ID documents.
1.2 Program & Report Data
For companies, we collect program scope definitions, policy documents, and vulnerability reports. For researchers, we collect submitted vulnerability reports, proof-of-concept materials, CVSS assessments, and communication threads with the company.
1.3 Usage & Technical Data
We collect IP addresses, browser type, operating system, pages visited, session duration, and interaction events within the platform. This data is used solely for improving platform performance and detecting fraud.
2. How We Use Your Information
2.1 Platform Operation
Your information is used to provide and improve the BugRakshak service, process vulnerability reports, facilitate researcher-company communication, and process reward payments.
2.2 Legal Obligations
We may process data to comply with applicable law, including India's Digital Personal Data Protection (DPDP) Act 2023, GDPR (for EU users), tax reporting obligations, and legally required disclosures to law enforcement.
2.3 Communications
We send platform notifications (report status, payment confirmations), security alerts, and product updates. You may opt out of marketing communications at any time from your account settings.
3. Data Sharing
3.1 Between Companies and Researchers
When a researcher submits a vulnerability report, their username, report content, and communication are shared with the relevant company. Researcher real names and payment details are never shared with companies.
3.2 Third-Party Service Providers
We share data with payment processors (Razorpay, PayPal), cloud infrastructure (AWS Mumbai), error tracking (Sentry), and analytics (privacy-compliant tools). All processors are bound by data processing agreements.
3.3 No Data Sales
We will never sell, rent, or share your personal data with third parties for marketing or advertising purposes.
4. Data Retention
4.1 Account Data
Account data is retained for the duration of your account plus 7 years for financial/legal compliance. You may request earlier deletion subject to statutory obligations.
4.2 Vulnerability Reports
Vulnerability reports are retained for 5 years to support audit, legal, and CVE reference requirements. Reports may be anonymized after account deletion upon request.
5. Your Rights
5.1 Access & Portability
You have the right to access all personal data we hold about you. Submit a data access request to privacy@bugrakshak.com. We respond within 72 hours.
5.2 Erasure
You may request deletion of your personal data. We will honor this request within 30 days, subject to legal retention obligations.
5.3 Correction
You may correct inaccurate personal data at any time via your account settings or by contacting our privacy team.
6. Security
6.1 Data Protection
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Our platform infrastructure is hosted in India (AWS Mumbai) and audited annually by third-party security firms.
6.2 Breach Notification
In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR Article 33 and the DPDP Act.
Contact Our Privacy Team
For privacy questions, data requests, or concerns, contact us at privacy@bugrakshak.com or write to: BugRakshak Technologies Pvt. Ltd., 4th Floor, Prestige Platina, Koramangala, Bangalore 560034, India.