patchli.st

Privacy Policy

Last updated: January 2025

1. Information We Collect

We collect the following types of information:

Account Information

  • Name and email address (via OAuth providers)
  • Profile picture (from your OAuth provider)
  • Account type (founder or researcher)

Product Information (Founders)

  • Product name, URL, and description
  • Bounty amounts and program scope
  • Logo images

Report Information (Researchers)

  • Vulnerability report details
  • Proof of concept information
  • Communication with founders

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Connect founders with security researchers
  • Process and display vulnerability reports
  • Send important notifications about your account
  • Improve and optimize the Service
  • Comply with legal obligations

3. Information Sharing

We share your information in the following cases:

  • Between users: Report details are shared between researchers and founders
  • Public profiles: Product listings are publicly visible
  • Service providers: We use Supabase for authentication and data storage
  • Legal requirements: When required by law or to protect rights

We do not sell your personal information to third parties.

4. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, secure authentication via OAuth providers, and regular security audits. However, no method of transmission over the Internet is 100% secure.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You can request deletion of your account and associated data at any time.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt out of marketing communications

7. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

8. Third-Party Services

We use the following third-party services:

  • Supabase: Authentication and database
  • GitHub/Google: OAuth authentication
  • Vercel: Hosting and analytics

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

For questions about this Privacy Policy, please contact us at privacy@patchli.st