0xHunter0xHunter

Privacy Policy

Last updated: February 13, 2026

1. Introduction

This Privacy Policy describes how OliveX Security LLC ("0xHunter," "we," "us," or "our") collects, uses, stores, and protects personal information through the OpenHunt ("Platform").

Important distinction: This policy governs how 0xHunter, as the Platform operator, handles your data. Each organization that hosts a program on the Platform ("Program Owner") is an independent data controller with respect to the vulnerability reports and researcher information they receive through their program. Program Owners are solely responsible for their own data handling practices. We encourage you to review each Program Owner's privacy practices before submitting reports to their program.

2. Data Controller

For the purposes of applicable data protection laws, including but not limited to the Argentine Personal Data Protection Act (Ley 25.326) and the European General Data Protection Regulation (GDPR) where applicable:

  • 0xHunter is the data controller for account data, platform usage data, and data necessary to operate the Platform.
  • Each Program Owner is an independent data controller for vulnerability reports, researcher communications, and any other data submitted to or generated within their program. 0xHunter acts as a data processor on behalf of Program Owners with respect to this data.

3. Information We Collect

3.1 Account Information (provided by you)

  • Name, email address, username, and password.
  • Optional profile information: social media handles, website, biography.
  • Two-factor authentication setup data.

3.2 Vulnerability Reports (provided by you, controlled by Program Owner)

  • Technical descriptions, steps to reproduce, proof-of-concept materials, and supporting files.
  • This data is submitted to and controlled by the relevant Program Owner. 0xHunter processes it on their behalf to operate the Platform.

3.3 Communications

  • Messages exchanged through the Platform between Researchers and Program Owners.
  • Support requests and correspondence with 0xHunter.

3.4 Automatically Collected Data

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, timestamps.
  • Device information: Device type, screen resolution, language preferences.
  • Usage data: Features used, actions taken, interaction patterns.

3.5 Cookies

We use strictly necessary cookies to maintain your session and authentication state. We do not use advertising, analytics, or tracking cookies. No third-party cookies are set by the Platform.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Platform services (account management, report submission, communications).
  • Legitimate interests: Security monitoring, fraud prevention, Platform improvement, and enforcement of our Terms of Service.
  • Legal obligations: Compliance with applicable laws and regulations.
  • Consent: Where required by applicable law, such as for optional profile information or marketing communications. Where consent is the legal basis, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. How We Use Your Information

0xHunter uses the information it controls to:

  • Provide, operate, and maintain the Platform.
  • Authenticate users and secure accounts.
  • Transmit vulnerability reports and communications between Researchers and Program Owners.
  • Detect, investigate, and prevent fraudulent or unauthorized activity on the Platform.
  • Comply with legal obligations.
  • Improve Platform features and user experience.
  • Send transactional notifications (account activity, report status updates).

We do not use vulnerability report content for any purpose other than transmitting it to the relevant Program Owner and operating the Platform.

6. How We Share Your Information

We do not sell your personal information under any circumstances.

6.1 With Program Owners

When you submit a vulnerability report, the Program Owner receives: the report content, your researcher profile (username and any information you choose to make public). Your email address is not shared with Program Owners unless you explicitly authorize it. How Program Owners use this data is governed by their own privacy practices, for which 0xHunter bears no responsibility.

6.2 With Service Providers

We use third-party service providers to operate the Platform. An up-to-date list of our sub-processors is available at 0xhunter.io/sub-processors. As of the date of this policy, our primary sub-processors include:

ProviderPurposeLocation
Amazon Web Services (AWS)Hosting, storage, databaseUS
SendGrid (Twilio)Transactional email deliveryUS
VercelFrontend hostingUS
CloudflareDNS and securityGlobal

These providers act as data processors on our behalf and are bound by data processing agreements. They may not use your data for their own purposes.

6.3 For Legal Compliance

We may disclose information if required by law, regulation, judicial proceeding, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

7. Data Security

We implement technical and organizational security measures including:

  • TLS/SSL encryption for all data in transit.
  • Encryption of sensitive data at rest (database, backups).
  • Access controls and role-based authentication.
  • Secure password hashing (bcrypt).
  • Two-factor authentication support.
  • Regular security monitoring and logging.
  • Infrastructure hardening and network segmentation.

No system is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

8. Data Breach Notification

In the event of a security breach affecting personal data controlled by 0xHunter:

  • Notification to authorities: We will notify the relevant data protection authority within seventy-two (72) hours of becoming aware of the breach, where required by applicable law.
  • Notification to affected users: We will notify affected users without undue delay via email and/or a prominent notice on the Platform. The notification will include: (a) a description of the nature of the breach; (b) the categories and approximate number of users affected; (c) the likely consequences of the breach; (d) the measures taken or proposed to address the breach; and (e) contact information for further inquiries.
  • Mitigation: We will take immediate steps to contain and remediate the breach, including securing affected systems, resetting compromised credentials, and preserving evidence for investigation.
  • Record-keeping: We will maintain a record of all data breaches, including those that do not meet the threshold for notification, for a minimum of three (3) years.

For data breaches affecting vulnerability reports or other data controlled by a Program Owner, 0xHunter will notify the affected Program Owner within forty-eight (48) hours of becoming aware of the breach. The Program Owner is independently responsible for notifying affected Researchers and relevant authorities in accordance with applicable data protection laws in their jurisdiction.

9. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Vulnerability reports: Retained for the duration of the associated program. Upon program termination, reports are retained for 12 months for legal and operational purposes, then permanently deleted.
  • Log and usage data: Retained for 90 days, then automatically purged.
  • Backups: Purged within 90 days of the underlying data's deletion.

Upon account deletion:

  • Your profile and credentials are permanently deleted.
  • Your submitted reports are anonymized (all personally identifiable information including username, email, and IP address is irreversibly removed) but the technical content is retained for the Program Owner's records.
  • Active sessions are immediately terminated.

10. Your Rights

Depending on your jurisdiction, you may exercise the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request limitation of processing.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent.

To exercise any of these rights, email privacy@0xhunter.io. We will respond within thirty (30) days. We may request verification of your identity before processing your request.

Note: These rights apply to data controlled by 0xHunter (account data, usage data). For data controlled by Program Owners (vulnerability reports, program communications), you must contact the relevant Program Owner directly. 0xHunter is not responsible for Program Owners' handling of data subject requests.

11. International Data Transfers

Our infrastructure is located in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States. We implement appropriate safeguards for international data transfers as required by applicable law, including standard contractual clauses where applicable. By creating an account and explicitly accepting these terms during registration, you provide your informed and express consent to the transfer of your personal data to the United States for the purpose of providing the Platform services, as permitted under Article 12 of the Argentine Personal Data Protection Act (Ley 25.326) and other applicable data protection legislation.

12. Program Owner Data Processing

0xHunter processes vulnerability reports and related data on behalf of Program Owners as a data processor. Our obligations as a data processor are governed by our Data Processing Agreement with each Program Owner. Program Owners are independently responsible for:

  • Ensuring a lawful basis for processing researcher data.
  • Responding to data subject access requests related to their program.
  • Complying with applicable data protection laws in their jurisdiction.
  • Notifying affected individuals of data breaches related to their program.

0xHunter is not responsible for Program Owners' compliance with data protection laws.

13. Children's Privacy

The Platform is not intended for individuals under 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly and suspend the associated account.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least fifteen (15) days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

15. Language

This Privacy Policy is drafted in English. A Spanish translation may be made available for convenience. In the event of a conflict between the English and Spanish versions, the English version shall prevail, except where mandatory data protection or consumer protection laws of the user's jurisdiction require the local language version to take precedence.

16. Contact

For questions about this Privacy Policy or to exercise your data rights: