Privacy Policy

Last updated: April 30, 2026

1. Introduction

BountyLens ("we", "us", or "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information when you use the BountyLens platform ("the Service").

2. Data We Collect

We collect the minimum data necessary to operate the Service:

  • Email address — your bug bounty platform email, used for authentication and communication
  • Account identity — name and profile information provided during sign-up via Clerk (our authentication provider)
  • Subscription data — billing and payment information processed by LemonSqueezy (we do not store card details)
  • Usage analytics — anonymous, aggregated usage data via PostHog to improve the Service
  • Notification preferences — your alert settings (Slack, Discord, email, push) and watched programs

3. Data We Do NOT Collect

We are committed to a zero-knowledge approach to your security research:

  • We do not store your security findings, vulnerabilities, or reports
  • We do not track your hunting sessions or testing activity
  • We do not monitor which targets you test or research
  • We do not access or analyze your bug bounty submissions

4. How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your identity and manage your account
  • To send scope change alerts and product notifications you opted into
  • To process payments and manage subscriptions
  • To improve the Service based on aggregated, anonymous usage patterns
  • To communicate important updates about the Service or your account

5. Third-Party Services

We use the following third-party services to operate BountyLens:

  • Clerk — authentication and user management
  • LemonSqueezy — payment processing and subscription billing
  • PostHog — anonymous product analytics
  • Resend — transactional email delivery
  • Railway — infrastructure and hosting

Each service processes data according to their own privacy policies. We only share the minimum data required for each service to function.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We do not share your data with advertisers. We may disclose information only if required by law or to protect the rights and safety of BountyLens, our users, or the public.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it. Anonymous, aggregated analytics data may be retained indefinitely.

8. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), secure authentication via Clerk, and access controls on our infrastructure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, contact us at [email protected].

10. Cookies

BountyLens uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. PostHog analytics uses cookieless tracking by default.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For material changes, we will notify users via email. Continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy-related questions or requests, contact us at [email protected].