Privacy Policy

Last updated: May 2026

Overview

Bastion (bastion.report) coordinates vulnerability disclosure and bug bounty programs. This policy describes what we collect and how we use it for the MVP platform.

Data we collect

• Wallet address and SIWE authentication artifacts
• Profile information you provide (username, bio, avatar, links)
• Encrypted vulnerability reports and related metadata
• Access logs for sensitive report views and attachments
• Billing identifiers when you subscribe via Stripe

How we use data

Data is used to operate disclosure workflows, reputation scoring, notifications, billing, and platform security. We do not sell personal data.

Storage and encryption

Report bodies are encrypted at rest. Database and file storage are hosted via Supabase with access controlled by application authorization and row level security policies.

Contact

Privacy questions: contact your Bastion operator or security contact listed at /.well-known/security.txt.