Privacy

Privacy for a marketplace that handles security reports.

VibeBounty collects the account, program, report, payment, and security data needed to operate the platform and protect users from abuse.

Information we collect

Account details

Email address, role, profile details, authentication identifiers, GitHub connection status, and account settings.

Program and report content

Product listings, program scope, vulnerability reports, evidence files, comments, triage decisions, and reproduction metadata.

Operational signals

IP-derived request metadata, user-agent strings, rate-limit events, anti-abuse telemetry, form timing, and duplicate detection signals.

Payment references

Stripe customer, subscription, checkout, connected account, and transfer identifiers. Full card details are handled by Stripe, not stored by VibeBounty.

How we use information

We use platform data to authenticate users, publish programs, accept reports, route messages, process payments, prevent abuse, investigate disputes, comply with legal obligations, and improve report quality.

Security report content is shared with the relevant developer program, platform administrators where needed, and service providers that support hosting, storage, email, payment, and abuse prevention.

Retention

Vulnerability reports, evidence, and message history may be retained after closure to preserve dispute records, payment records, and responsible disclosure history. Account owners can request deletion, but some records may be retained where required for legal, security, fraud prevention, or accounting reasons.

Privacy questions or data requests can be sent to privacy@vibebounty.com.