> For the complete documentation index, see [llms.txt](https://dualguard.gitbook.io/dualguard/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dualguard.gitbook.io/dualguard/privacy-policies/privacy-policy-for-security-researchers.md).

# Privacy Policy for Security Researchers

DualGuard handles researcher information only as needed to operate review programs, communicate with participants, and administer outcomes.

This page explains the kinds of information DualGuard may receive from security researchers and how that information may be used, shared, retained, and protected.

For privacy and data-handling matters, DualGuard operates through Shawarmasec, a French EURL.

### Information DualGuard may collect from researchers

DualGuard may receive information such as:

* names, aliases, usernames, and contact details
* profile information, work history, or application materials
* wallet addresses, payout details, or other compensation-related information
* submissions, messages, judging records, and participation history
* leaderboard data, program activity, and reputation-related signals
* technical artifacts provided with findings, such as proofs of concept or reproduction notes

The exact data depends on the program and the participant's role.

### How researcher information is used

DualGuard may use researcher information to:

* review applications or determine eligibility for a program
* operate contests, private reviews, judging, and pre-launch bug bounties
* validate submissions and manage duplicate handling, severity assessment, and outcomes
* calculate rankings, maintain leaderboards, and evaluate performance history
* administer communications, payouts, and related operations
* investigate abuse, fraud, manipulation, conflicts, or rule violations
* comply with legal, contractual, tax, accounting, or security obligations

### Public and program-visible information

Some researcher information may be visible to others depending on the program design.

For example, a username, rank, leaderboard placement, award status, or other program-related information may be visible within the platform, in program results, or in related communications where needed to operate the program fairly.

Researchers should avoid including unnecessary personal data in submissions, chat messages, or proof materials.

### Sharing of researcher information

DualGuard may share researcher information only when reasonably necessary, including with:

* judges, lead guards, contest managers, and operators involved in the program
* protocol teams when required to validate findings, administer outcomes, or run the program
* service providers that support platform operations, communications, storage, compliance, or payments
* legal or regulatory authorities where disclosure is required by law or valid process

DualGuard does not sell researcher personal information.

### Data retention

DualGuard may retain researcher information for as long as needed to:

* operate ongoing or future programs
* maintain submission, judging, ranking, payout, and compliance records
* investigate disputes, abuse, or security incidents
* comply with legal, tax, accounting, or contractual obligations

Retention periods depend on the type of information and the participant's relationship with DualGuard.

### Security measures

DualGuard aims to use reasonable administrative and technical safeguards appropriate to the sensitivity of the information it handles.

No system is perfectly secure. Researchers should use good operational security and should share only the personal information required for the program.

### Researcher responsibilities

Researchers are responsible for ensuring that submissions are accurate and that they do not include unnecessary third-party personal data.

Researchers must also follow the applicable program rules, disclosure requirements, and confidentiality expectations.

### Rights and requests

Applicable privacy laws may grant rights to access, correct, delete, or restrict certain personal information.

Requests should be made through DualGuard's official contact channels. DualGuard may need to verify the request before acting on it.

### Changes to this policy

DualGuard may update this policy as its services and operating practices evolve.

Material updates should be reflected on this page.
