Skip to main content
LeaderboardLearnCompanyBlogContact
Sign In

Privacy Policy

How We Collect, Use, and Protect Your Information

Last updated: November 11, 2025

1. Introduction

NidFul Technologies ("NidFul," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy applies to all users of the NidFul platform, including security researchers, ethical hackers, organizations, and visitors to our website.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

  • Create an account: Name, email address, username, password, profile information, and optional profile picture
  • Submit vulnerability reports: Report details, proof of concept code, screenshots, videos, and related documentation
  • Complete your profile: Professional background, skills, expertise areas, location, and social media links
  • Communicate with us: Messages, support requests, feedback, and any other communications
  • Participate in programs: Information required for program participation, payment processing, and tax reporting
  • Subscribe to our newsletter: Email address and subscription preferences

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Device information: IP address, browser type and version, device type, operating system, and device identifiers
  • Usage data: Pages visited, time spent on pages, clickstream data, search queries, and navigation patterns
  • Log data: Access times, error logs, and system performance data
  • Cookies and tracking technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7 for more details)
  • Location data: Approximate location based on IP address (with your consent where required)

2.3 Information from Third Parties

We may receive information about you from third-party sources:

  • Authentication providers: If you sign in using third-party services (e.g., Google, GitHub), we may receive profile information
  • Payment processors: Payment information and transaction history for reward processing
  • Public databases: Information from publicly available sources to verify identity or prevent fraud
  • Organizations: Information shared by organizations participating in bug bounty programs

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Process and facilitate vulnerability submissions
  • Enable communication between researchers and organizations
  • Process payments and reward distributions
  • Provide customer support and respond to inquiries
  • Send service-related notifications and updates

3.2 Platform Improvement

  • Analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Conduct research and analytics
  • Test and optimize platform performance
  • Prevent fraud, abuse, and security threats

3.3 Communication

  • Send newsletters, marketing communications, and promotional materials (with your consent)
  • Notify you about program updates, new opportunities, and platform changes
  • Respond to your questions and support requests
  • Send important security and policy updates

3.4 Legal and Compliance

  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms of Service and Code of Conduct
  • Protect our rights, property, and safety, as well as that of our users
  • Respond to legal requests and prevent illegal activities
  • Facilitate tax reporting and compliance

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Organizations

When you submit a vulnerability report, we share:

  • Your username and profile information (as displayed on your public profile)
  • The vulnerability report and associated documentation
  • Communication history related to the report

Organizations may use this information solely for the purpose of reviewing, triaging, and remediating vulnerabilities. They are required to maintain confidentiality and not use your information for other purposes.

4.2 Service Providers

We may share information with third-party service providers who perform services on our behalf:

  • Payment processors for reward distribution
  • Cloud hosting and infrastructure providers
  • Analytics and monitoring services
  • Email and communication services
  • Customer support platforms

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Government requests and regulatory investigations
  • Requests from law enforcement agencies
  • Legal obligations to protect rights, property, or safety

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

4.5 Public Information

Certain information may be publicly visible on your profile or in public leaderboards, including:

  • Username and profile picture
  • Public profile information you choose to share
  • Leaderboard rankings and statistics (if you opt-in)
  • Public acknowledgments and recognitions

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS/SSL, and sensitive data at rest is encrypted
  • Access controls: Strict access controls and authentication mechanisms limit access to personal information
  • Security monitoring: Continuous monitoring for security threats and unauthorized access
  • Regular audits: Security audits and vulnerability assessments to identify and address risks
  • Incident response: Procedures in place to respond to security incidents and data breaches
  • Employee training: Regular security training for employees with access to personal information

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account information: Retained while your account is active and for a reasonable period after account closure
  • Vulnerability reports: Retained for legal and security purposes, typically for a minimum of 7 years
  • Payment records: Retained for tax and accounting purposes as required by law
  • Communication records: Retained for customer support and legal compliance purposes
  • Analytics data: Retained in aggregated and anonymized form for platform improvement

You may request deletion of your personal information, subject to legal and contractual obligations that require us to retain certain data.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our Service:

7.1 Types of Cookies

  • Essential cookies: Required for the Service to function properly (e.g., authentication, security)
  • Functional cookies: Enhance functionality and personalization (e.g., preferences, settings)
  • Analytics cookies: Help us understand how users interact with our Service
  • Advertising cookies: Used to deliver relevant advertisements (if applicable)

7.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service. For more information about our cookie practices, please contact us.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to access and receive a copy of your personal information in a portable format.

8.2 Correction and Update

You can update or correct your personal information through your account settings or by contacting us.

8.3 Deletion

You may request deletion of your personal information, subject to legal and contractual obligations.

8.4 Objection and Restriction

You may object to certain processing activities or request restrictions on how we process your information.

8.5 Opt-Out

You can opt-out of marketing communications by clicking the unsubscribe link in our emails or updating your preferences in your account settings.

8.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@nidful.com. We will respond to your request within 30 days, subject to applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We take appropriate safeguards to ensure your information is protected in accordance with this Privacy Policy, including:

  • Using standard contractual clauses approved by data protection authorities
  • Implementing appropriate technical and organizational security measures
  • Complying with applicable data protection laws and regulations

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification (for significant changes)
  • Displaying a notice on our Service

Your continued use of our Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NidFul Technologies

Email: privacy@nidful.com

General inquiries: hello@nidful.com

13. Data Protection Officer

For users in the European Economic Area (EEA), you may contact our Data Protection Officer at dpo@nidful.com for any questions or concerns regarding data protection.

Your Privacy Matters

At NidFul, we are committed to protecting your privacy and being transparent about how we collect, use, and protect your information. We value your trust and work hard to maintain the highest standards of data protection.

If you have any questions or concerns about this Privacy Policy or our data practices, please do not hesitate to contact us. We are here to help.

Partner with NidFul

Secure your products with researchers who understand Africa's threat landscape.

Book a strategy session to see how NidFul can launch or scale your vulnerability disclosure program in days, not months.

Prefer email? Contact us

NidFul connects forward-looking teams with elite African researchers to uncover critical vulnerabilities, deliver verified fixes, and keep trust with customers.

Monthly briefings on emerging threats, research drops, and NidFul platform updates.

Platform
  • Launch a Program
  • Researcher Leaderboard
  • Organization Dashboard
Solutions
  • Fintech
  • Telecom
  • Cloud & SaaS
  • PhishDetect
Resources
  • Learn to Hack
  • Security Insights
  • Researcher Guidelines
  • Privacy & Data
  • VDP Policy Map
Company
  • About NidFul
  • Contact Us
  • Partner with NidFul
Social

© 2025 NidFul Technologies. All rights reserved.

PrivacyCode of Conducthello@nidful.com