The terms “ processing” and " using" information mean and refer to using cookies on a device, subjecting information to analysis, and handling or using information in any way, including without limitation using, collecting, modifying, deleting, evaluating, combining, disclosing and transferring information within our organization or among our affiliates.
When you register a CESPPA Account, choose to post a Program, provide a vulnerability report, or contact another user, we will ask you for information that can be used to contact or identify you (" Identity Information") including without limitation your name, phone number, email address and country of citizenship. To process certain financial transactions, we may also ask for your payment method and billing information (" Billing Information") (Identity Information and Billing Information are collectively, " Personal Information")
Personal Information Collection, Changes and Deletions
We collect Personal Information in connection with your registration of a CESPPA Account. We also collect the other information that you provide during registration and as part of administering and personalizing your Account profile (for example, zip code (on its own), individual preferences and demographic information) (" Non-Identifying Information").
When you create a CESPPA Account, we will set up your Account profile page, including your name and other Personal Information that you decide to publicly display to other users, such as a profile picture, biography, and links to your listings of Programs or vulnerability reports as applicable (together, your " Profile Information"). We will publicly display your Profile Information via the Site and/or Services and, with your prior consent, on third-party sites. Because your Profile Information will be publicly visible to all users, we encourage you to think carefully before disclosing Personal Information, in order to guard your anonymity and sensitive information.
If you are a Customer creating a Program, you may provide us with financial information, including your credit card, debit card or other payment method information, or your banking information, in order to assist us in paying monetary bounty awards, collecting bounty award deposits, or collecting CESPPA fees; and we may also require you to confirm your identity to us.
If you are a Researcher, in addition to your profile information, you may need to provide us with other personally identifying information for background and fraud checking purposes. This may include your date of birth, nationality, current and previous addresses, social security number (or tax identification number), and for bounty award purposes, your banking, crypto wallet address, PayPal or other information, to enable us to pay you monetary bounty awards from Customers. In addition, to award merchandise (swag) as applicable, we may ask you for additional information such as your mailing address, telephone number, and clothing size.
You may review, update or correct your Profile Information at any time by editing the relevant portions of your Account profile via the Site or Services. To cancel your Account, you may contact us at email@example.com. We will attempt to accommodate your cancellation request, provided, that, we do not have a legal obligation or legitimate reason from a Customer Program owner to retain the information in your Account. Please also note that, if you cancel your CESPPA Account, any reviews you have posted on the Site will remain publicly viewable via the Site.
We use Personal Information (sometimes with Non-Identifying Information) mainly to provide the Site and Services, complete your transactions, and administer your inquiries. Certain Non-Identifying Information would be considered Personal Information when combined with other identifiers in a way that enables you to be identified (for example, combining your zip code and your street address), but not when taken alone or combined only with other non-identifying information (for example, demographic information). We may combine your information and aggregate it with other users’ information to improve your user experience and the quality and value of the Site and Services, and to analyze how the Site and Services are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product per your stated preferences
We may share aggregated information that does not include Personal Information and otherwise disclose Non-Identifying Information and Log Data (defined below) with third parties, for purposes including without limitation demographic profiling and industry analysis. Any aggregated information that we share in these contexts will not contain your Personal Information.
We may also use your Personal Information to contact you with marketing or promotional materials and other information of interest. At any time, if you no longer want to receive such communications from us, please unsubscribe per the instructions provided in any of the communications or update your Account preferences (see "Changing or Deleting Information" below). We may also use your Personal Information to contact you with information related to your use of the Site or Services; you may not opt out of such notifications
When you visit the Site or access or use the Services, our servers record information sent by your browser whenever you visit a website (" Log Data"). This Log Data may include your computer's Internet Protocol (" IP") address, browser information, the webpage you were visiting before you came to our Site, the Site pages that you visit, time spent on those pages, information that you search for on the Site or Services, your access times and dates, and other statistics. We use such information to monitor and analyze the use of the Site and Services, for purposes of technical administration, and to improve functionality and your user experience. We also use it to verify that Site visitors meet the criteria required to process their requests. We do not treat Log Data as Personal Information or use it in association with Personal Information, but we may aggregate, analyze and evaluate Log Data for the same purposes as stated above regarding other Non-Identifying Information.
The Site and/or Services may contain small electronic images known as Web beacons (or single-pixel gifs), which are used with cookies to compile aggregated statistics for Site usage analysis. We may also use Web beacons in some emails to indicate which emails and links you have opened, enabling us to understand the effectiveness of our communications and marketing or promotional campaigns.
To protect the privacy of our Customers, Researchers, and staff, you may not solicit nor communicate with any of those parties directly. CESPPA platform provides the only approved method of communication.
CESPPA is highly concerned with safeguarding your information. A top priority for us is to help protect you from identity theft and “phishing” practices. We do not, and we never will, contact you via a non-secure or unsolicited e-mail or telephone communication in order to request your credit card or other payment method information, CESPPA Account login credentials, national identification numbers or other sensitive information.
In addition, when you enter sensitive information (such as vulnerabilities, payment method information and/or social security number) on our registration or order forms, we encrypt the information using secure socket layer technology (SSL). We follow generally accepted industry standards to protect Personal Information that you submit to us, both during transmission and once we receive it. However, because no method of transmission over the Internet, or method of electronic storage, is fully secure, we cannot guarantee absolute security of this information. If you have any questions about security on our Site or Services, you may contact us.
We will make legally-required disclosures to you via e-mail or conspicuous posting on the Site or Services, in the event of a breach of the security, confidentiality or integrity of your unencrypted, electronically stored "personal data" (as defined in applicable state statutes on security breach notification). We will make such disclosures expeditiously and without unreasonable delay, insofar as consistent with (A) legitimate needs of law enforcement or (B) any measures necessary to determine the scope of the breach and restore the data system’s reasonable integrity.
Information Sharing and Disclosure
Customers may use the Site and Services to post vulnerability testing or “bug bounty” Programs. Such Programs, as well as Customer and Researcher ratings, reviews and Profile Information (defined below), are visible to any user unless otherwise requested. A Researcher vulnerability report related to a Program is only visible to the Customer owning the Program, any collaborating user whom the Customer has invited to help manage the Program, the Researcher who submitted the vulnerability report, and authorized CESPPA personnel. Vulnerability report details will only be publicly disclosed by CESPPA with the consent of the owning Customer or authorized collaborating user. The same rule applies to the Researcher who submitted the vulnerability report, but you understand and acknowledge that this does not constitute a guarantee that the Researcher will not disclose it.
If you, as a Researcher, submit a vulnerability report via the Site and/or Services, we will share with the applicable Customer certain information about you to help the Customer decide whether to confirm or reject your vulnerability report, including: (A) your first and last name, and (B) a link to your CESPPA Account profile.
CESPPA cooperates with law enforcement and government officials, as well as private parties, in order to enforce and comply with applicable laws, rules and regulations. We will disclose to such parties, and to our insurance services providers, any information about you that we, in our sole discretion, believe is appropriate or necessary (A) to respond to claims and legal process (such as subpoenas), (B) to protect the property and rights of CESPPA or a third party, (C) to protect the safety of any person, or (D) to prevent or stop activity that we may consider to be, or to pose a risk of being, unlawful, unethical or legally actionable.
CESPPA may transfer, sell or otherwise share or provide your Personal Information to a third party in connection with a sale, transfer, divestment, or disclosure of all or part of our business or assets to another company in connection with or during negotiation of a merger, acquisition, financing, asset sale, reorganization, bankruptcy, dissolution, transaction or proceeding.
The Site and/or Services may contain links to third-party websites or resources. If you choose to visit an advertiser by clicking a banner or other ad, or clicking another third-party link, you will be directed to that third party's website or resource. The presence of such advertisement or link is not an endorsement, authorization or representation of CESPPA’s affiliation with that third party, or their privacy or information security policies or practices. We do not exercise control over third-party websites or resources. They may place their own cookies or other files on your computer or device, to collect data or solicit personal information from you. They may also follow different rules regarding the use or disclosure of personal information that you submit to them. Therefore, we encourage you to read the privacy policies or statements of any third-party websites or resources that you visit.
If you are interested in more information about personalized user ads and how to prevent third parties from delivering them, you may visit the following third-party websites: the Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance's Consumer Opt-Out Page. If You are using an iOS device and do not want to receive in-application ads tailored to Your interests, You may opt-out by accessing the following link on your device: https://support.apple.com/en-us/HT202074. If You are using an Android device, You may visit Google's Ads Preferences page from a browser on your device and make Your choices there. Please note that to the extent ad technology is integrated into the Site and/or Services, even if you opt out of tailored ads, you may still receive some other ads; they just will not be tailored to your interests.
Your Information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside of the U.S. and you choose to provide your Information to us, we may collect and process your information in the U.S. or transfer it to the U.S. and process it there. Where we transfer your Information, we will take all reasonable steps to ensure that your privacy rights continue to be protected.
We welcome submission of vulnerability reports by children, but please note that any applicable bounty award payments are only issued to an adult.
The CESPPA Site and Services are not directed to persons under the age of 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, the parent or guardian should contact us. If we become aware that a child under 13 has provided us with personally identifiable information, we will take steps to delete the information as soon as practicable.