Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Username and display name
• Email address
• Profile information (bio, location, social handles)
• Authentication credentials

1.2 Identity Verification (KYC)

For security researchers participating in bug bounty programs, we may collect:

• Government-issued identification documents
• Proof of address
• Tax identification information
• Background check results (where applicable)

1.3 Payment Information

To process reward payments, we collect:

• Cryptocurrency wallet addresses
• Bank account details (for fiat payments)
• Payment processor information
• Tax documentation (W-9, W-8BEN, etc.)

1.4 Usage Data

We automatically collect certain information when you use our platform:

• IP address and device information
• Browser type and version
• Pages visited and features used
• Timestamps and session duration

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform
• Process bug bounty submissions and reward payments
• Verify researcher identity and prevent fraud
• Communicate with you about submissions, rewards, and platform updates
• Comply with legal obligations and tax requirements
• Analyze platform usage and improve user experience
• Enforce our Terms of Service and policies

3. Information Sharing

We may share your information with:

3.1 Program Owners

When you submit a vulnerability report, the program owner receives your username and submission details. Additional information may be shared for payment processing.

3.2 Service Providers

We work with third-party providers for:

• Payment processing
• Identity verification
• Cloud hosting and infrastructure
• Analytics (Google Analytics)

3.3 Legal Requirements

We may disclose information when required by law, legal process, or government request, or to protect the rights, property, or safety of OOOSEC, our users, or others.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit and at rest
• Multi-factor authentication options
• Regular security audits and penetration testing
• Access controls and employee training

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain certain information as required by law or for legitimate business purposes, such as tax compliance (typically 7 years for financial records).

6. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Object to or restrict certain processing
• Data portability
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@ooosec.com.

7. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze platform usage (via Google Analytics)
• Improve platform performance

You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

8. International Data Transfers

OOOSEC is based in Singapore. If you access our platform from outside Singapore, your information may be transferred to, stored, and processed in Singapore or other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our platform and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.