Last updated: March 31, 2026
Reverse Bug Bounty is operated by Willard Jansen, a sole proprietor based in the Netherlands.
| Controller | Willard Jansen |
|---|---|
| our contact form | |
| Country | The Netherlands |
We collect personal data only when you contact us or submit an assessment request through our website.
| Data | Purpose |
|---|---|
| Name, email address | To respond to your inquiry and communicate about the service |
| Company name | To understand your organization and prepare a proposal |
| Project details, target URLs | To assess the scope and feasibility of security testing |
We do not collect any data through cookies, tracking scripts, analytics, or other automated means. This website uses no cookies.
We process your data under Article 6(1)(b) GDPR — processing is necessary for taking steps at your request prior to entering into a contract. You submit your information to inquire about our services, and we need it to respond and potentially provide a quote.
Providing your data is not a statutory requirement, but it is necessary for us to respond to your inquiry.
Your data is accessible only to Willard Jansen (the controller). We use the following processor:
| Processor | Role | Location |
|---|---|---|
| TransIP B.V. | Email hosting and domain services | The Netherlands |
A Data Processing Agreement (verwerkersovereenkomst) is in place with TransIP. We do not sell, rent, or share your data with any other third parties. Your data does not leave the European Economic Area.
We retain your inquiry data for 12 months after our last contact. After this period, we delete your data from our systems. If we enter into a service agreement, data related to the engagement is retained for 7 years in accordance with Dutch tax regulations (fiscale bewaarplicht).
We protect your data with appropriate technical and organizational measures, including:
Under the GDPR, you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Access (Art. 15) | Request a copy of the data we hold about you |
| Rectification (Art. 16) | Ask us to correct inaccurate data |
| Erasure (Art. 17) | Ask us to delete your data ("right to be forgotten") |
| Restriction (Art. 18) | Ask us to stop processing while we resolve an issue |
| Portability (Art. 20) | Receive your data in a machine-readable format (JSON) |
| Objection (Art. 21) | Object to processing of your data |
To exercise any of these rights, email our contact form with the subject line "Privacy request." We will verify your identity and respond within 30 days. The first request is free of charge.
We do not use automated decision-making or profiling based on your personal data.
If you believe your data protection rights have been violated, you have the right to file a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
autoriteitpersoonsgegevens.nl
Telephone: +31 (0)88 1805 250
We may update this policy when our practices change. The "last updated" date at the top reflects the most recent revision. We will not materially reduce your rights under this policy without notifying you.