Privacy Policy

Effective date: March 18, 2026

This Privacy Policy describes how BugUnstuck ("we," "us," or "our") collects, uses, and protects information when you use our platform. By using BugUnstuck you consent to the practices described here.

1. Information We Collect

Account information: When you register, we collect your email address, chosen username, and a hashed password. We never store passwords in plaintext.

Content you provide: Collaboration requests, interest expressions, flags, and any text you submit through the Platform.

Usage data: We automatically collect basic usage data including page views, request views, timestamps, and IP addresses for rate limiting, abuse prevention, and analytics purposes.

Cookies and local storage: We use essential cookies and local storage tokens for authentication session management. We do not use advertising or tracking cookies.

2. How We Use Your Information

• To provide and operate the Platform.
• To authenticate your identity and manage sessions.
• To enforce rate limiting and prevent abuse.
• To display your public username alongside your posted requests.
• To communicate important service updates or security notices to you.
• To comply with legal obligations.

3. Information We Do NOT Collect

We do not knowingly collect or store: real target names, vulnerability details beyond what users voluntarily post in masked form, credentials, API keys, IP addresses of third-party systems, or any personally identifiable information about third parties. Our content validation system actively rejects submissions containing these patterns.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share information only in the following circumstances:

• Service providers: We use Supabase for authentication and database services, and Vercel for hosting. These providers process data on our behalf under their respective privacy policies and data processing agreements.
• Legal compliance: We may disclose information if required by law, regulation, legal process, or governmental request.
• Safety: We may disclose information if we believe in good faith that disclosure is necessary to prevent harm, fraud, or illegal activity.

5. Data Retention

We retain account data for as long as your account is active. Deleted accounts and their associated content are removed within 30 days. Rate-limiting records are automatically purged after their expiration window. We may retain anonymized, aggregated statistics indefinitely.

6. Data Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, role-based access controls, and input validation. However, no system is 100% secure. We cannot guarantee absolute security and are not liable for breaches beyond our reasonable control.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Object to or restrict certain processing activities.
• Data portability (receive your data in a machine-readable format).

To exercise any of these rights, contact us at @BugUnstuck on Twitter. We will respond within 30 days.

8. International Data Transfers

Our infrastructure is hosted on Vercel and Supabase, which may process data in the United States and other regions. By using the Platform, you consent to the transfer and processing of your data outside your country of residence, subject to appropriate safeguards.

9. Children

BugUnstuck is not intended for individuals under 18 years of age. We do not knowingly collect information from minors. If we learn that we have collected data from a user under 18, we will promptly delete the account and associated data.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be indicated by updating the effective date. Continued use of the Platform after changes constitutes acceptance.

11. Third-Party Services

Our Platform integrates with the following third-party services. Their use of your data is governed by their own privacy policies:

• Supabase — Authentication and database (supabase.com/privacy)
• Vercel — Hosting and deployment (vercel.com/legal/privacy-policy)