← Back to Home

Privacy Policy

Last updated: February 17, 2026

1. Overview

Bug Bounty Center is a privacy-first application. Your security research data stays on your machine. This Privacy Policy explains the minimal data we process and why.

2. Data We Collect

2.1. Purchase Information

When you purchase a subscription, Paddle (our payment processor) collects your payment details. We receive only your email address and subscription status from Paddle. We do not store your credit card number, billing address, or other payment details.

2.2. License Validation

During license validation, our server receives:

  • License key (transmitted securely, stored as a one-way hash)
  • Machine identifier (a random ID generated locally, not tied to your hardware serial numbers)

This is the only network communication the application makes. No research data, notes, targets, vulnerabilities, or any other content from the application is ever transmitted.

2.3. Your Research Data

All your research data (programs, vulnerabilities, notes, reports, scripts, etc.) is stored locally on your machine in a Docker volume. We have zero access to this data. It never leaves your device.

3. How We Use Your Data

  • Email: To send your license key and important subscription notifications
  • License key hash: To validate your subscription status
  • Machine ID: To prevent unauthorized license sharing

4. Third-Party Services

We use the following third-party services:

  • Paddle.com: Payment processing (Merchant of Record). Paddle has its own Privacy Policy.
  • Vercel: Hosting for this website and the license validation API.

5. Data Retention

We retain your email and license information for the duration of your subscription plus 30 days after cancellation. You may request deletion of your data at any time by contacting us.

6. Data Security

We implement the following security measures:

  • License keys are stored as irreversible SHA-256 hashes
  • API requests are signed with HMAC to prevent tampering
  • All communications use HTTPS encryption
  • Rate limiting protects against abuse

7. Your Rights

You have the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time

To exercise any of these rights, contact us at the email below.

8. Cookies

This website does not use tracking cookies or analytics. The application uses only essential session cookies for authentication that are stored locally on your machine.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email.

10. Contact

For privacy-related questions, contact us at: bugbountycenter@gmail.com