Privacy Policy

1. Who We Are

BugNexa is a responsible web security platform that helps website owners and ethical security researchers identify and report potential web security misconfigurations and vulnerabilities. BugNexa currently focuses on clickjacking testing and reporting. In the future, BugNexa may support additional non-destructive website security checks, including but not limited to missing HTTP security headers, SPF/DNS-related checks, information disclosure checks, and other web security misconfiguration checks.

BugNexa is owned and operated by:

SysINet Infosolutions LLP
Thane, Maharashtra, 401107
India

BugNexa acts only as a platform for ethical testing, reporting, communication, and responsible disclosure. BugNexa does not exploit vulnerabilities, bypass authentication, steal data, damage websites, disrupt services, or perform unauthorized attacks.

2. Our Privacy Approach

BugNexa is designed to minimize the collection of user-related data. We aim to collect and retain only the minimum information necessary to:

• Operate the platform
• Authenticate users
• Prevent abuse and misuse
• Enable responsible vulnerability reporting
• Communicate with website owners and security researchers
• Maintain platform security
• Improve service reliability
• Comply with applicable legal obligations

BugNexa does not sell personal information. BugNexa does not use vulnerability reports, scan data, or researcher activity for advertising purposes. BugNexa does not export personal information to advertisers, data brokers, or unrelated third parties.

3. Information We May Collect

Depending on how you use BugNexa, we may collect or process limited information as described below.

a. Account and Authentication Information

When you create or access an account, we may collect or process:

• Name, if provided
• Email address
• Username
• Password authentication data
• OTP verification data
• Account status
• Login-related security information

Authentication information is used only to verify users, protect accounts, prevent misuse, and operate the platform. Passwords should be stored securely using appropriate technical safeguards, such as hashing and other security controls.

b. Website Owner Information

If you are a website owner or authorized representative, we may collect or process:

• Name
• Business email address
• Organization name
• Domain or website information
• Website ownership verification information
• Communication related to vulnerability reports

c. Security Researcher Information

If you are a security researcher, we may collect or process:

• Name or username
• Email address
• Researcher profile information, if provided
• Submitted vulnerability reports
• Communication with website owners through BugNexa
• Hall of Fame or recognition details, if applicable and approved

d. Scan and Report Information

When you scan a website or submit a report, BugNexa may process:

• Submitted URLs or domains
• Scan results
• HTTP response headers
• Redirect information
• Status codes
• Supported security check results
• Clickjacking-related observations
• Missing HTTP security header observations
• SPF/DNS-related observations, if supported
• Information disclosure observations, if supported
• Report title and description
• Technical evidence submitted by the user
• Screenshots or proof details, if voluntarily submitted
• Report status and communication history

You should not submit passwords, API keys, private tokens, confidential business data, personal data of third parties, or any information you are not authorized to share.

e. Technical Information

For security, abuse prevention, authentication, debugging, and platform operation, we may process limited technical information such as:

• IP address
• Browser type
• Device type
• Operating system
• User agent
• Date and time of access
• Security events
• Error logs
• Abuse-prevention signals

BugNexa does not maintain activity logs of website owners or security researchers for advertising, profiling, or commercial tracking. However, limited technical logs may be temporarily processed where necessary for authentication, platform security, debugging, fraud prevention, abuse prevention, legal compliance, or service operation.

4. How We Use Information

We may use information to:

• Provide website security scanning functionality
• Generate scan results for supported non-destructive checks
• Generate clickjacking scan results
• Enable researchers to submit responsible vulnerability reports
• Notify website owners about submitted reports
• Allow website owners to review and respond to reports
• Authenticate users using OTP and password-based login
• Protect accounts and prevent misuse
• Detect spam, fake reports, abuse, harassment, extortion, or unauthorized activity
• Improve platform reliability, security, and performance
• Provide customer support
• Respond to legal, privacy, or security requests
• Enforce our Terms of Service

BugNexa does not use submitted reports or scan data to conduct exploitation, hacking, unauthorized access, or attacks.

5. Authentication and Security

BugNexa uses authentication methods such as OTP and password-based login where applicable. All connections to BugNexa are available through HTTPS only.

We use reasonable technical and organizational safeguards to protect platform access, account information, scan data, submitted reports, and communications. However, no online platform can guarantee absolute security. Users are responsible for keeping their account credentials safe and for avoiding submission of sensitive or unauthorized information.

6. Information Sharing

BugNexa does not sell personal information. We may share information only in the situations described below.

a. Between Researchers and Website Owners

If a security researcher submits a vulnerability report through BugNexa, relevant report information may be shared with the website owner or authorized representative. This may include:

• Reported URL or domain
• Vulnerability or misconfiguration description
• Technical evidence
• Researcher name or username, if provided
• Researcher contact information, if needed for disclosure
• Report communication and status

b. With Service Providers

We may use trusted service providers to help operate BugNexa, such as:

• Hosting providers
• Email providers
• Authentication providers
• Security tools
• Database providers
• Analytics or performance tools
• Customer support tools

These providers may process limited information only as needed to provide services to BugNexa.

c. Legal, Safety, and Abuse Prevention

We may disclose information if necessary to:

• Comply with applicable law
• Respond to lawful requests
• Investigate misuse of BugNexa
• Prevent fraud, spam, extortion, harassment, or abuse
• Protect BugNexa, SysINet Infosolutions LLP, users, website owners, or third parties
• Enforce our Terms of Service

7. What We Do Not Intentionally Collect

BugNexa is not designed to collect sensitive personal, confidential, or private information. Please do not submit:

• Passwords for third-party websites
• API keys
• Access tokens
• Private keys
• Payment card information
• Government identity numbers
• Medical information
• Personal data of third parties
• Confidential business data
• Data obtained through unauthorized access
• Malware, exploit payloads, or harmful code

If evidence is required for a report, users should redact or mask sensitive information before submitting it.

8. Cookies and Similar Technologies

BugNexa may use cookies or similar technologies to:

• Keep users signed in
• Support OTP and password-based authentication
• Remember basic preferences
• Improve website performance
• Protect against abuse
• Maintain platform security

You can control cookies through your browser settings. Some features may not work correctly if cookies are disabled.

9. Data Retention

BugNexa retains information only for as long as necessary to operate the platform, provide services, prevent abuse, resolve disputes, comply with legal obligations, and maintain security.

Retention may vary depending on the type of information:

• Account information may be retained while the account is active.
• Vulnerability reports may be retained as needed for responsible disclosure and website owner review.
• Security logs may be retained temporarily for abuse prevention, debugging, and platform protection.
• Support messages may be retained as needed to resolve user requests.

Users may request deletion of their personal information, subject to legal, security, anti-abuse, and operational requirements.

10. Researcher and Website Owner Activity

BugNexa does not maintain activity logs of website owners or security researchers for advertising, profiling, or commercial tracking. BugNexa may temporarily process limited technical information where necessary for:

• Account authentication
• Platform security
• Abuse prevention
• Spam prevention
• Debugging
• Legal compliance
• Service operation

11. Responsible Disclosure Data

BugNexa may process vulnerability report data to enable responsible disclosure between security researchers and website owners. Website owners are responsible for reviewing, validating, accepting, rejecting, prioritizing, and fixing reports. Security researchers are responsible for ensuring that their testing and reporting activities are lawful, ethical, non-destructive, and authorized where required.

BugNexa does not guarantee that any report is accurate, complete, valid, exploitable, accepted, rewarded, or fixed.

12. International Processing

BugNexa may use infrastructure or service providers located in India or other countries. By using BugNexa, you understand that information may be processed and stored in locations where privacy laws may differ from those in your location. Where required, we take reasonable steps to protect such information in accordance with applicable law.

13. Your Rights

Depending on applicable law, you may have the right to:

• Access information we hold about you
• Correct inaccurate information
• Request deletion of your personal information
• Withdraw consent where processing is based on consent
• Raise a privacy complaint or grievance
• Request information about how your data is processed

To exercise these rights, contact us at: privacy@bugnexa.com

We may need to verify your identity before processing your request.

14. Children's Privacy

BugNexa is not intended for children. Users under 18 should not use BugNexa without appropriate consent and supervision from a parent or legal guardian. If you believe a child has provided information to BugNexa, contact us at: privacy@bugnexa.com

15. Third-Party Websites

BugNexa may scan, reference, or link to third-party websites. We are not responsible for the privacy practices, security, content, or policies of third-party websites. Your use of third-party websites is governed by their own terms and privacy policies.

16. Abuse Prevention

To protect BugNexa and others, we may monitor for misuse, including:

• Fake vulnerability reports
• Spam
• Harassment
• Extortion
• Blackmail
• Excessive scanning
• Unauthorized testing
• Malware submission
• Attempts to exploit BugNexa or third-party websites

We may block, limit, suspend, or terminate access if we believe the platform is being misused.

17. Data Security Incidents

If we become aware of a security incident affecting user information, we will take reasonable steps to investigate, contain, and address the incident. Where required by applicable law, we may notify affected users, authorities, or other relevant parties.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we update it, we will change the "Last updated" date above. Your continued use of BugNexa after changes are posted means you accept the updated Privacy Policy.

19. Contact Us

For privacy questions, requests, or complaints, contact:

SysINet Infosolutions LLP
Thane, Maharashtra, 401107
India

Privacy: privacy@bugnexa.com

Security: security@bugnexa.com