Our
Policies
Our Bug Bounty program encourages security researchers and ethical hackers to responsibly report potential vulnerabilities in our systems, applications, and infrastructure. By participating, you agree to adhere to the policies and guidelines outlined on this page.
Code of Conduct
By engaging in programs on JAMA Security, all Discoverers commit to supporting our community by adhering to the JAMA Security Code of Conduct (CoC). The CoC supplements the General Terms and Conditions, which all Discoverers must accept upon registration.
Compliance and trust
Our clients rely on us to assist them in safeguarding their most crucial assets by collaborating with a vast network of meticulously screened cybersecurity experts. These experts, in turn, place their trust in us to furnish a just, secure, and gratifying platform for them to disclose potential security vulnerabilities. At JAMA Security, and within the realm of hacker-powered security itself, trust is paramount. This trust is cultivated through practices grounded in transparency, security, privacy, compliance, and other essential principles. We operate under the premise that no organization can claim absolute security. Therefore, we dedicate ourselves to fortifying both your organization and ours to the highest attainable level of security.
Employee Participation Policy
Numerous JAMA Security team members possess adept hacking skills. Consequently, they might express an interest in engaging as Discoverers in customer programs. To safeguard against the potential for unfair advantages or conflicts of interest arising from their confidential access to customer programs, we've instituted a comprehensive Employee Participation Policy.
Global Environmental Policy
At JAMA Security, our primary goal is to foster a more secure online environment. However, we acknowledge that as a prominent figure in our field, we possess both an opportunity and an obligation to contribute to a safer and more sustainable future globally. As a corporation, we are mindful of the existential threats posed by climate change and environmental decline, recognizing the urgency for bold, forward-thinking initiatives. JAMA Security is dedicated to implementing a science-driven approach aimed at mitigating emissions, preserving our natural surroundings, and instigating impactful transformations towards enhanced sustainability.
Privacy Policy
This document outlines how we collect, use, and protect your personal information when you interact with our website and services. Your privacy is of utmost importance to us, and we are committed to ensuring the confidentiality and security of your data. By using our website and services, you consent to the practices described in this Privacy Policy. We encourage you to read this document carefully to understand how we handle your personal information.
1. Introduction
What’s this policy about?
As a leader in hacker-powered security, JAMA Security collaborates with the global security researcher community, often referred to as Hackers, to offer businesses access to highly skilled Hackers who uncover and report relevant security vulnerabilities in their products or services. JAMA Security operates a bug bounty & vulnerability disclosure software-as-a-service platform known as the JAMA Security Platform, encompassing the website located at jama-security.com and associated domains and subdomains, as well as related services such as live hacking events, marketing, and customer service, along with ancillary support services (collectively referred to as "Services"). This policy elucidates how we manage your personal data as a data controller when you utilize our Services or communicate with us regarding them.
How do you contact us?
You can contact us by clicking here.
What are your rights?
You have the following rights in respect of personal data, although these rights may be limited in some circumstances:
- Ask us to send a copy of your data to you or someone else.
- Ask us to restrict, stop processing, or delete your data.
- Object to our processing of your data.
- Object to use of your personal data for direct marketing.
- Ask us to correct inaccuracies.
2. Personal Information and how we use it
Enquiry data
Including:
- Name
- Contact details
- Other personal data you send us.
How long
5 years from our relationship ends.
How we use it
We collect and process this information to effectively address your support and other inquiries.
How we use it
We may handle this data in line with the terms outlined in our contract with you (where necessary to deliver Services to you) or to undertake actions at your request before entering into a contract. Furthermore, we utilize this information to pursue our legitimate interests, which include: (a) Our interest in promptly addressing inquiries to maintain the efficient operation of our business and services; and (b) Enhancing our Services by gaining insights into Hackers and customers, incorporating your feedback to make improvements.
More information
You may be obligated to furnish us with specific information to enable us to address your inquiries effectively.
Sources
We gather this information from you with your explicit consent when you provide it to us.
Account Data
We handle the following personal data concerning Hackers or customers:
- Your username, password, email address.
- Your profile name.
- Language and location.
- The use you make of our Services and the content you provide while doing so.
How long
5 years from our relationship ends.
How we use it
We process this information to facilitate your registration for, log into, access, utilize, and pay for our Services, as well as to enforce our terms.
Legal basis
We process this personal data in accordance with the terms stipulated in our contract with you (where this information is necessary for providing Services to you) or to take actions at your request before entering into a contract. Additionally, we process your profile data (excluding details marked as non-public) by making it accessible through our Services to third parties, enabling them to discover and review your profile. Your profile will also be associated with any reports and other content you submit publicly through the Services, or privately through our program. We do so to serve the legitimate interests of us, Hackers, and customers, facilitating easy discovery and connection with relevant Hackers and other users through our Services.
Payment Data
We handle this data for payments to Hackers or to receive customers payments:
- Payment (such as account or card information, address, and other information necessary to transfer funds, for example PayPal account information) information.
- Your profile name.
- Amounts due or paid, and associated transaction details.
How long
5 years from our relationship ends.
How we use it
We process this information to collect, facilitate, execute, and record payments.
Legal basis
We process this personal data in accordance with the terms specified in our contract with you or to undertake actions at your request prior to entering into a contract with you. Moreover, we process this personal data to adhere to applicable laws, including anti-money laundering regulations, sanctions, and export control measures. Furthermore, we process this personal data to fulfill our legitimate interests in adhering to regulations imposed by payment services providers.
Vetting Data
Where applicable, we process the following personal data relating to Hackers:
- Your Account Data.
- Nationality, current and previous addresses.
How long
5 years from our relationship ends.
How we use it
We process this information to undertake fraud, background, and similar checks.
Legal basis
We process this data in accordance with the terms stipulated in our contracts with Hackers and customers. Additionally, we process this personal data to pursue legitimate interests, which include our interests, those of our customers, and the public, particularly in detecting and preventing fraud or money laundering. With your consent, we may also process this personal data to provide Services to our customers, such as JAMA Security Clear. Specifically, upon your consent, we may engage third-party service providers to verify that your image matches the one on the identification documents you provide and to conduct background checks. We will inform our customers that you have successfully undergone these checks, without disclosing the personal data used for the verification process; only the fact that checks were carried out to a certain standard will be shared. Furthermore, we conduct sanction screenings and report to tax authorities, law enforcement agencies, regulatory bodies, and supervisory authorities, where not mandated by EU and Member State law but where we have a sincere belief that sharing the information is necessary to comply with applicable laws, such as OFAC checks. This processing is conducted to pursue our legitimate interests in complying with applicable law, detecting and preventing suspected criminal activity, and adhering to sanction and similar controls.
Analytics
(data about how you interact with our Services):
- Browser type and version, IP and MAC address, approximate location and time zone, access logs, device type, operating system, & other information provided by browser or device.
- Your user ID and the use you make of our Services, including URLs and content you visit, language preferences, clickstream to, through and from our website, date and time, page response times, errors, length of visits to pages, interaction (such as scrolling, clicks and mouse-overs) data, and methods used to leave our site.
- Error reports generated if there are problems with our Services.
How long
After 26 months, we delete the underlying data. However, we reserve the right to retain aggregated statistics derived from that data, which are anonymized and cannot be linked back to individual users.
How we use it
We utilize software to gather analytics data concerning users of our Services, aiming to comprehend their usage patterns, geographic origins, device preferences, operating systems, and interactions with our Services. This data aids in enhancing and upholding our Services. Additionally, we may employ this data to: (a) Ascertain the advertisements and Services most likely to be pertinent to you, facilitating the delivery of ads for JAMA Security services by third parties on websites and platforms. (b) Monitor ad performance, including click-through rates and their impact on establishing successful relationships.
Legal basis
We process analytics data only if you have provided your explicit consent. Similarly, we handle advertising data solely if you have granted your explicit consent.
More information
You can find out more about how Google processes analytics data by clicking here.
Marketing/Messaging
We process the following information about you to send you emails to let you know about news, content and updates about to JAMA Security and the Services:
- Name.
- Company name, job title.
- Language and location.
- Contact information (such as email address).
How long
5 years from our relationship ends.
How we use it
We process this information to send you promotional and non-promotional material about us and our Services (or to call you about our Services).
Legal basis
Unless we are contacting you as staff of a corporate entity, or where the "soft-opt-in" applies, we process your personal data for marketing with your consent. If you are staff of a corporate entity, or if we have requested your consent to send marketing material during negotiations for services, we may process this data to pursue legitimate interests in keeping you informed about our Services through marketing emails, text messages, or calls. We may send messages to inform you about the status of the JAMA Security Platform, alterations to our supply chain, privacy policies, or other terms, either: (a) where necessary for us to fulfill contractual obligations to you; or (b) to pursue our respective legitimate interests in ensuring you receive timely notice of significant changes.
3. More Information
Learning
Beyond the uses of personal data described above, we also utilize information received from and about Hackers and customers (excluding instances where we rely on consent) and their interactions with our Services to gain insights into their behaviors and preferences. This enables us to enhance our business operations and Services. We achieve this by monitoring the usage patterns of our Services, analyzing the content submitted through our platform, and considering any feedback provided by or about Hackers and customers. The knowledge we acquire informs our marketing strategies, product development initiatives, recruitment efforts, and overall business strategy. We leverage this information to pursue our legitimate interests, as well as those of our current or potential Hackers and customers, in:
- Understanding skills and experience offered by Hackers and desired by customers so we can refine our marketing, development and recruitment strategies to better meet the demands of the market.
- Devising new products and improving our Services (by making changes to interfaces, fixing bugs and developing new functionality).
- Producing and distributing the insights we uncover, such as in reports describing what we learn from statistical and other analysis.
- Pointing users to resources which may allow them to make the most out of our Service (for example, if a customer often uses certain features, or a Finder often accepts certain types of project, then we may be able to flag similar features or jobs which may be of interest).
Enforcement
We may also process the information mentioned in this policy when necessary to monitor compliance with, and enforce, the terms and conditions governing the use of our website and services. We do this to pursue our legitimate interests in ensuring that users adhere to the agreed-upon terms. For instance, we may review material submitted through our website or services to ensure compliance with the applicable terms, conditions, and policies.
Retention
Where explicit retention periods are not specified, JAMA Security retains personal data for a reasonable duration to fulfill the processing purposes outlined herein. Subsequently, the data is archived for periods necessary due to legal or regulatory obligations. Upon completion of the archival period, personal data is securely deleted. You have the option to disable your JAMA Security account at any time. This action renders your user profile invisible within the Services. However, for the purposes described herein, certain information may need to be retained within our internal systems. Furthermore, public vulnerability reports and associated information that you have submitted will remain accessible on the Services.
Security
JAMA Security implements technical and organizational measures to safeguard the personal data we store, transmit, or otherwise process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We continually assess new security technology and methods to ensure the ongoing protection of our software and systems. However, it's essential to acknowledge that the Services operate on software, hardware, and networks, each of which may require maintenance or encounter issues or security breaches beyond our control. Additionally, despite our diligent efforts to secure your data, we cannot guarantee that your information will be completely immune to breaches. It's important to recognize that protecting your personal data is a shared responsibility. We strongly encourage you to take precautions to safeguard your information while using the Internet, such as using a robust password, keeping it confidential, and enabling two-factor authentication. If you suspect any compromise of your account's security (e.g., unauthorized access or password leak), please notify us immediately.
Cookies
We (and the third-party service providers working on our behalf) use various technologies to collect personal information. This may include saving cookies to your device, using pixels and similar technologies.
Around-the-Clock Assistance
Comprehensive Support
We take pride in offering responsive and knowledgeable support to address your inquiries and provide solutions promptly. Your security and peace of mind are our top priorities, and our support team is committed to delivering the assistance you need, no matter the time or day.